View Full Version : Zlob.DNSChanger
I've looked at a ton of forums and tried solving the problem myself following instructions, but SpyBot is still finding the Zlob.dnschanger and Zlob.dnschanger.rtk
Here is the HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:29 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matthew\Local Settings\Temp\jkos-Matthew\binaries\ScanningProcess.exe
C:\Documents and Settings\Matthew\Local Settings\Temp\jkos-Matthew\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdher.exe] C:\WINDOWS\system32\kdher.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}: NameServer = 85.255.116.27,85.255.112.70
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10715 bytes
Welcome to the Safer Networking. My name is muuli. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic. Please stay at one forum for help.
3. Please continue reading posts until I give the All Clear. It is important to note this, as a clean looking HijackThis is not always a sign your system is clean.
Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.
Thanks so much. If it helps spybot points to this file as one of the problems. But I can't find it in this location even by unhiding protected operating system files, and it just reappears if I have spybot try and delete it.
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdher.exe] C:\WINDOWS\system32\kdher.exe
Hi,
Step 1
You don't have a firewall on your computer so start windows firewall if not running yet. Press Start -> Controlpanel -> Windows Firewall, then make sure that tap is ON (recommended). Don't install any third party firewall yet.
Step 2
If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check (tick) this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.
Step 3
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin;
follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Post back the contents of the logfile C:\fixwareout\report.txt.
Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems.
Step 4
Please download random's system information tool (RSIT) (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run it. RSIT will start running.
Please read through the disclaimer and click on Continue.
RSIT will start running. When done, 2 logs will be produced. The first one, log.txt, will be maximized, the second one, info.txt, will be minimized.
Please post both logs in your next reply.
Step 5
Please post a fixwareout log and RSIT logs(log.txt and info.txt).
OK, so here is the fixwareout.exe log below.
However when I ran RSIT.exe I got an error saying : Error parsing function call, and then the program just quit. Also when I go to change the Internet Protocol (TCP/IP) item to 'Obtain DNS servers automatically', I am able to change it and click ok and close the window, and then when I go back into the settings it is unchecked and back using some random assigned DNS server addresses. I repeated the process a few times just to check and same thing each time.
fixwareout log file:
Username "Matthew" - 09/29/2008 16:19:54 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdher.exe"
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"Adobe_ID0EYTHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"nmapp"="\"C:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"basicsmssmenu"="\"C:\\Program Files\\Seagate\\Basics\\Basics Status\\MaxMenuMgrBasics.exe\""
"C:\\WINDOWS\\system32\\kdher.exe"="C:\\WINDOWS\\system32\\kdher.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Hi,
Also when I go to change the Internet Protocol (TCP/IP) item to 'Obtain DNS servers automatically', I am able to change it and click ok and close the window, and then when I go back into the settings it is unchecked and back using some random assigned DNS server addresses. I repeated the process a few times just to check and same thing each time.
Okay, we will back to this later.
Step 1
Download Gmer to your Desktop and unzip it to your Desktop.
http://www.gmer.net/gmer.zip
Disconnect from internet and close running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double click gmer.exe.
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click the rootkit tab
To the right of the program you will see a bunch of boxes that have been checked... leave everything checked. Then click the Scan button. Wait for the scan to finish.
Once done click the Copy button.
Open Notepad and hit ctrl+v to paste the log. Save the log to your desktop please.
Click the >>> tab. This will open up all available tabs for you.
Click the Autostart tab then the scan button. Once its done click the Copy button and paste it into a new notepad document. Save that document to your desktop please.
Step 2
Please download OTViewIt (http://oldtimer.geekstogo.com/OTViewIt.exe) by OldTimer and save it to your Desktop.
Close all applications and windows.
Double-click on the OTViewIt.exeto start OTViewIt.
Place a checkmark in the blue-colored "Scan All Users" checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
Step 3
Please post a fresh HijackThis log, Gmer log and OTViewIt logs.
OK so here are the log files you asked for:
GMER log:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-30 17:25:58
Windows 5.1.2600 Service Pack 3
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\Explorer.EXE[268] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
.text C:\WINDOWS\Explorer.EXE[268] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
.text C:\WINDOWS\Explorer.EXE[268] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
.text C:\WINDOWS\Explorer.EXE[268] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
.text C:\Documents and Settings\Matthew\Desktop\gmer\gmer.exe[416] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
.text C:\Documents and Settings\Matthew\Desktop\gmer\gmer.exe[416] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
.text C:\Documents and Settings\Matthew\Desktop\gmer\gmer.exe[416] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
.text C:\WINDOWS\system32\NOTEPAD.EXE[556] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 000A6992
.text C:\WINDOWS\system32\NOTEPAD.EXE[556] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6AAF
.text C:\WINDOWS\system32\NOTEPAD.EXE[556] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A6751
.text C:\WINDOWS\system32\NOTEPAD.EXE[556] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 000A6894
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[580] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[580] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[580] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[580] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
.text C:\Program Files\LClock\LClock.exe[660] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
.text C:\Program Files\LClock\LClock.exe[660] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
.text C:\Program Files\LClock\LClock.exe[660] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
.text C:\Program Files\LClock\LClock.exe[660] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
.text C:\WINDOWS\system32\RUNDLL32.EXE[704] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
.text C:\WINDOWS\system32\RUNDLL32.EXE[704] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
.text C:\WINDOWS\system32\RUNDLL32.EXE[704] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
.text C:\WINDOWS\system32\RUNDLL32.EXE[704] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[756] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[756] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[756] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[756] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
.text C:\WINDOWS\system32\winlogon.exe[848] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00D16992
.text C:\WINDOWS\system32\winlogon.exe[848] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D16AAF
.text C:\WINDOWS\system32\winlogon.exe[848] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D16751
.text C:\WINDOWS\system32\winlogon.exe[848] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00D16894
.text C:\Program Files\iTunes\iTunesHelper.exe[868] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
.text C:\Program Files\iTunes\iTunesHelper.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
.text C:\Program Files\iTunes\iTunesHelper.exe[868] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
.text C:\Program Files\iTunes\iTunesHelper.exe[868] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
.text C:\WINDOWS\system32\services.exe[896] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00F36992
.text C:\WINDOWS\system32\services.exe[896] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F36AAF
.text C:\WINDOWS\system32\services.exe[896] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F36751
.text C:\WINDOWS\system32\services.exe[896] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00F36894
.text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00F56992
.text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F56AAF
.text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F56751
.text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00F56894
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[988] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[988] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[988] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[988] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00F56992
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F56AAF
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F56751
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00F56894
.text C:\WINDOWS\system32\RunDll32.exe[1128] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
.text C:\WINDOWS\system32\RunDll32.exe[1128] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
.text C:\WINDOWS\system32\RunDll32.exe[1128] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
.text C:\WINDOWS\system32\RunDll32.exe[1128] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
.text C:\Program Files\Winamp\winampa.exe[1168] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00086992
.text C:\Program Files\Winamp\winampa.exe[1168] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00086AAF
.text C:\Program Files\Winamp\winampa.exe[1168] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00086751
.text C:\Program Files\Winamp\winampa.exe[1168] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00086894
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00F66992
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F66AAF
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F66751
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00F66894
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1816] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1816] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1816] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1816] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1860] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1860] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1860] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1860] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1888] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1888] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1888] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1888] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
.text C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[1932] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
.text C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[1932] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
.text C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[1932] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
.text C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[1932] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
.text C:\WINDOWS\system32\ctfmon.exe[1952] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 000A6992
.text C:\WINDOWS\system32\ctfmon.exe[1952] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6AAF
.text C:\WINDOWS\system32\ctfmon.exe[1952] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A6751
.text C:\WINDOWS\system32\ctfmon.exe[1952] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 000A6894
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1996] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1996] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1996] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1996] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
.text C:\Program Files\AIM\aim.exe[2164] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
.text C:\Program Files\AIM\aim.exe[2164] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
.text C:\Program Files\AIM\aim.exe[2164] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
.text C:\Program Files\AIM\aim.exe[2164] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
.text C:\WINDOWS\system32\spoolsv.exe[2388] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
.text C:\WINDOWS\system32\spoolsv.exe[2388] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
.text C:\WINDOWS\system32\spoolsv.exe[2388] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
.text C:\WINDOWS\system32\spoolsv.exe[2388] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
.text C:\WINDOWS\System32\svchost.exe[2640] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
.text C:\WINDOWS\System32\svchost.exe[2640] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
.text C:\WINDOWS\System32\svchost.exe[2640] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
.text C:\WINDOWS\System32\svchost.exe[2640] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3140] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3140] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3140] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3140] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
.text C:\Program Files\iPod\bin\iPodService.exe[3388] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
.text C:\Program Files\iPod\bin\iPodService.exe[3388] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
.text C:\Program Files\iPod\bin\iPodService.exe[3388] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
.text C:\Program Files\iPod\bin\iPodService.exe[3388] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
.text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
.text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
.text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
.text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \WINDOWS\system32\hal.dll[ntoskrnl.exe!IoReadPartitionTable] [F77199BA] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
IAT \WINDOWS\system32\hal.dll[ntoskrnl.exe!IoWritePartitionTable] [F7719B66] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
IAT ftdisk.sys[ntoskrnl.exe!IoReadPartitionTableEx] [F7719AA8] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
IAT dmio.sys[ntoskrnl.exe!IoWritePartitionTableEx] [F7719B8A] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
IAT dmio.sys[ntoskrnl.exe!IoReadPartitionTableEx] [F7719AA8] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
IAT PartMgr.sys[ntoskrnl.exe!IoReadPartitionTableEx] [F7719AA8] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
IAT disk.sys[ntoskrnl.exe!IoReadPartitionTable] [F77199BA] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
IAT disk.sys[ntoskrnl.exe!IoReadPartitionTableEx] [F7719AA8] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
IAT disk.sys[ntoskrnl.exe!IoWritePartitionTableEx] [F7719B8A] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 043CA371
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 043CA184
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 043C5BD0
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 043C67A9
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 043C8543
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 043C6F75
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 043C698E
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 043C7DBE
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 043C9A18
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 043C9A48
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 043CA58B
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 043C9772
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 043C84D3
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 043C7625
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 043C6D89
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 043C72D1
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 043CA8B7
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 043C7FBD
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 043C83CF
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 043C8B01
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 043C87F1
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 043C8AAF
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 043C90EE
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 043C8C22
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 043C6B9D
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 043C7580
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 043C9AF3
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 043C88B3
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 043C8486
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 043C81FA
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 043C85C2
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 043CA597
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 043C8788
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 043CA71C
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 043CA6EA
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 043CA83F
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 043CA89B
IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 043CA788
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
Device \FileSystem\Fastfat \FatCdrom MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fastfat \Fat MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Cdfs \Cdfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
---- Processes - GMER 1.0.14 ----
Library C:\WINDOWS\system32\dll.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [2388] 0x10000000
---- Files - GMER 1.0.14 ----
File C:\WINDOWS\system32\kdkfs.exe 52224 bytes executable
---- EOF - GMER 1.0.14 ----
GMER AUTOSTART
GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-10-30 17:29:55
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Systemkdkfs.exe = kdkfs.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Basics Service@ = "C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe"
Crypkey License@ = crypserv.exe
MacDriveService@ = "C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe"
MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
nmservice@ = "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
Pml Driver HPZ12@ = C:\WINDOWS\system32\HPZipm12.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LClockC:\Program Files\LClock\LClock.exe = C:\Program Files\LClock\LClock.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@Acrobat Assistant 8.0"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
@ /*file not found*/ = /*file not found*/
@Adobe_ID0EYTHMC:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE = C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@WinampAgent"C:\Program Files\Winamp\winampa.exe" = "C:\Program Files\Winamp\winampa.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@nmapp"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash = "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
@basicsmssmenu"C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" = "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
@C:\WINDOWS\system32\kdher.exeC:\WINDOWS\system32\kdher.exe /*file not found*/ = C:\WINDOWS\system32\kdher.exe /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@H/PC Connection Agent"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{1530f7ee-5128-43bd-9977-84a4b0fad7df} /*Photo Resizing PowerToy*/%SystemRoot%\system32\ShellExt\phototoy.dll = %SystemRoot%\system32\ShellExt\phototoy.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{afc638f0-e8a4-11ce-9ade-00aa00a42d2e} /*MST TrueType File Properties*/C:\WINDOWS\system32\ShellExt\TTFExtNT.dll = C:\WINDOWS\system32\ShellExt\TTFExtNT.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Program Files\Unlocker\UnlockerCOM.dll = C:\Program Files\Unlocker\UnlockerCOM.dll
@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} /*ContextMenuExt Extension*/C:\WINDOWS\system32\CopyToSendTo.dll = C:\WINDOWS\system32\CopyToSendTo.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{B1883831-F0D8-4453-8245-EEAAD866DD6E} /*HashTab Context Menu*/(null) =
@{8A56567E-A333-4843-B6E1-C3A262E41D8C} /*HashTab Property Page*/C:\Program Files\HashTab Shell Extension\HashTab32.dll = C:\Program Files\HashTab Shell Extension\HashTab32.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{13311DA7-1D24-40e5-AE07-7E3750F5DE3C} /*Right Click Image Converter Extension*/C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll = C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
@{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} /*Mediafour Mac file columns*/C:\Program Files\Common Files\Mediafour\MACFPROP.DLL = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
@{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0} /*Mediafour Mac file properties*/C:\Program Files\Common Files\Mediafour\MACFPROP.DLL = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
@{C55C499D-3518-44a1-998E-796AC5FC989D} /*NetworkMagic*/C:\Program Files\Pure Networks\Network Magic\nmspce2.dll = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll
@{33F85093-44BB-4587-B25B-FFD05D5B9916} /*NetworkMagic*/C:\Program Files\Pure Networks\Network Magic\nmspce2.dll = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MI3AA1~1\Wcesview.dll = C:\PROGRA~1\MI3AA1~1\Wcesview.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
Right Click Image Converter@{13311DA7-1D24-40e5-AE07-7E3750F5DE3C} = C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{E194186F-A30A-4E7E-9457-441AC354C98C} = C:\Program Files\Mediafour\MacDrive 7\MDShell.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{33F85093-44BB-4587-B25B-FFD05D5B9916} = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{33F85093-44BB-4587-B25B-FFD05D5B9916} = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{074C1DC5-9320-4A9A-947D-C042949C6216}C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll = C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
pure-go@CLSID = C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup = HP Digital Imaging Monitor.lnk
---- EOF - GMER 1.0.14 ----
OTViewIt logfile
OTViewIt logfile created on: 10/30/2008 5:33:43 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.53 Gb Free Space | 77.20% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 254.32 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2004/09/19 12:27:46 | 00,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/09 17:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/14 06:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2008/04/14 06:42:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe -- (Crypkey License [Auto | Running])
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2008/04/14 06:42:40 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services ==========
[2005/05/12 14:39:56 | 01,287,296 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/27 20:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/10/27 20:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2008/04/14 01:01:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2005/08/04 05:51:58 | 00,026,112 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
[2008/07/22 14:29:46 | 00,288,768 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT [Boot | Running])
[2007/02/28 11:15:08 | 00,019,072 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT [Boot | Running])
[2006/01/09 22:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX [System | Running])
[2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2001/08/22 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/14 05:10:50 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2008/04/13 23:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/29 17:40:56 | 00,210,472 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (si3114r5 [Boot | Running])
[2008/04/29 17:40:56 | 00,017,064 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2008/04/29 17:40:56 | 00,012,200 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil [Boot | Running])
[2008/04/14 01:15:36 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/14 05:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2005/01/06 11:18:40 | 00,310,656 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP [On_Demand | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/04/04 04:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
"C:\WINDOWS\system32\kdher.exe"=C:\WINDOWS\system32\kdher.exe File not found
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LClock"=C:\Program Files\LClock\LClock.exe ()
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite... -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: AIM -- C:\Program Files\AIM\aim.exe (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0D41B8C5-2599-4893-8183-00195EC8D5F9}: http://support.asus.com/common/asusTek_sys_ctrl.cab -- asusTek_sysctrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
========== (O17) DNS Name Servers ==========
{2758145E-4A84-4120-9748-0730EFB3919A} (Servers: 85.255.115.2,85.255.112.117 | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
{6C6AA7EE-51C8-456F-BBAB-A10A953DE278} (Servers: 85.255.115.2,85.255.112.117 | Description: ASUS 802.11b/g Wireless LAN Card)
{B94761F6-BF1A-4FCC-9595-BF86977FC8B6} (Servers: | Description: Windows Mobile-based Device)
{C7B75E5E-F00D-42C6-B592-264D9251F650} (Servers: | Description: 1394 Net Adapter)
{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0} (Servers: 85.255.115.2,85.255.112.117 | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=kdkfs.exe
>File not found --
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/07/24 19:49:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008/10/30 17:33:47 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008/10/30 17:33:47 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell]
""=Autorun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\Open\command]
""=G:\resycled\boot.com -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell]
""=Autorun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\Open\command]
""=D:\resycled\boot.com -- [2008/09/19 09:46:32 | 00,019,968 | RHS- | M] ()
========== Files/Folders - Created Within 30 Days ==========
[2008/10/30 17:07:09 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/30 17:07:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\gmer
[2008/10/30 17:03:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/30 17:33:47 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008/10/30 17:26:45 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:20 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/30 02:19:13 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< End of report >
EXTRAS
OTViewIt Extras logfile created on: 10/30/2008 5:33:43 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.53 Gb Free Space | 77.20% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 254.32 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/10 10:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
[2008/07/28 04:07:31 | 09,080,832 | ---- | M] (Final Draft Inc.) -- C:\Program Files\Final Draft 7\Final Draft.exe:*:Enabled:Final Draft
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/23 18:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/23 18:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/23 18:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/20 21:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/20 21:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/23 19:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/20 21:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/23 18:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/09/16 00:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/09/16 00:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/23 19:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 12:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2008/09/27 02:29:00 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/06/18 14:46:56 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[2008/08/03 14:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{05C56753-F144-44BC-BA67-83CC5DBF395C}"=F300
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}"=Adobe Setup
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{33F09ED5-3355-470A-AD79-6DFA8FC553E3}"=MacDrive 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}"=Apple Mobile Device Support
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{71D9B000-CD43-4DE9-9729-49434415B8F7}"=F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{78D62D17-D970-42DA-B8CF-5E5576293B33}"=Final Draft 7
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP)
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}"=HP Photosmart Essential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}"=Windows Vista Sounds Pack
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}"=F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{EC3B29CD-76FF-4689-9647-8CCE67AC1D25}"=Data LifeSaver
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}"=HP Software Update
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}"=iTunes
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"Adobe AIR"=Adobe AIR
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5ac697db6c6103f6f8b5198d25f73f7"=Add or Remove Adobe Creative Suite 3 Master Collection
"AOL Instant Messenger"=AOL Instant Messenger
"CCleaner"=CCleaner (remove only)
"C-Media Audio Driver"=C-Media High Definition Audio Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Core FTP LE 2.1"=Core FTP LE 2.1
"DamnNFOViewer"=DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
"IconPackager"=IconPackager
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
"Kristanix Right Click Image Converter"=Right Click Image Converter
"LClock"=LClock
"LimeWire"=LimeWire 4.18.3
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall"=Network Magic
"NVIDIA Drivers"=NVIDIA Drivers
"PeerGuardian_is1"=PeerGuardian 2.0
"Resource Hacker 3.4.0"=Resource Hacker 3.4.0
"Stellar Phoenix Windows Data Recovery_is1"=Stellar Phoenix Windows Data Recovery V3.0
"Unlocker"=Unlocker 1.8.5
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Xvid_is1"=Xvid 1.1.3 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/5/2008 6:24:53 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x001ac648.
Error - 8/14/2008 5:50:22 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x000fa977.
Error - 8/14/2008 5:51:02 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x0014aaf6.
Error - 8/22/2008 8:09:17 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application MSPVIEW.EXE, version 11.0.1897.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/22/2008 8:14:19 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.5510.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/9/2008 11:54:52 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/26/2008 7:27:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3180, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x0000d676.
Error - 9/27/2008 9:33:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01c04130.
[ System Events ]
Error - 9/26/2008 12:35:45 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:35:45 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.
Error - 9/26/2008 12:35:48 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:35:52 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:35:56 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:36:00 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.
Error - 10/29/2008 8:40:27 PM | Computer Name = MATT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 10/29/2008 9:33:42 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 10/30/2008 6:36:00 AM | Computer Name = MATT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.199 on
the Network Card with network address 0011D8D604D3.
Error - 10/30/2008 6:36:19 AM | Computer Name = MATT | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -2591995 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.0.199:123->207.46.232.182:123) is working
properly.
< End of report >
HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:40 PM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdher.exe] C:\WINDOWS\system32\kdher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CS2\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10876 bytes
Hi,
Step 1
Please remove via Add or Remove Programs (press Start -> Controlpanel -> Add or Remove Programs):
LimeWire 4.18.3
Step 2
Press Start -> My Computer -> Local Disk (C)
Locate the following folder using the path below. If found please delete.
C:\Program Files\LimeWire
If you can't remove that folder, please reboot the computer and try again.
Step 3
Please produce uninstall list:
Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.
Removed Limewire and here is the uninstall list:
Acrobat.com
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alky for Applications (Windows XP)
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
CCleaner (remove only)
C-Media High Definition Audio Driver
Core FTP LE 2.1
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
Data LifeSaver
Drive Manager
Drive Manager
Final Draft 7
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
IconPackager
iTunes
Java(TM) 6 Update 7
LClock
MacDrive 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
Netflix Movie Viewer
Network Magic
NVIDIA Drivers
PDF Settings
PeerGuardian 2.0
QuickTime
Resource Hacker 3.4.0
Right Click Image Converter
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Spybot - Search & Destroy
Stellar Phoenix Windows Data Recovery V3.0
Unlocker 1.8.5
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Sounds Pack
WinRAR archiver
Xvid 1.1.3 final uninstall
Hi,
Step 1
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste the file into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
C:\WINDOWS\system32\dll.dll
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
Step 2
Open HijackThis, press Do a system scan only, checkmark following entries:
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdher.exe] C:\WINDOWS\system32\kdher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CS2\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
Close all other windows including browser and press Fix checked.
Step 3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.
:Files
C:\WINDOWS\system32\kdkfs.exe
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Step 4
Please run OTViewIt
Close all applications and windows.
Double-click on the OTViewIt.exeto start OTViewIt.
Place a checkmark in the blue-colored "Scan All Users" checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
Step 5
Try this again now...
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems.
Step 6
Please post a fresh HijackThis log, OTViewIt logs, OTMoveIt3 log and virustotal or jotti's results.
I couldn't find the dll.dll file within the system32 folder. I also did a search on my entire system and couldnt find that file. All files and folders including protected operating files are being shown.
After all steps are done I tried switching the Obtain DNS again and it keeps switching back to Use the following DNS server addresses, after I close it and go back in.
Here are the log files after all other steps were ran.
OTViewIt logfile created on: 10/2/2008 9:33:33 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.32 Gb Free Space | 76.91% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 254.32 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2004/09/19 12:27:46 | 00,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/09 17:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/14 06:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/04/14 06:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2008/04/14 06:42:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe -- (Crypkey License [Auto | Running])
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2008/04/14 06:42:40 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services ==========
[2005/05/12 14:39:56 | 01,287,296 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/27 20:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/10/27 20:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2008/04/14 01:01:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2005/08/04 05:51:58 | 00,026,112 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
[2008/07/22 14:29:46 | 00,288,768 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT [Boot | Running])
[2007/02/28 11:15:08 | 00,019,072 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT [Boot | Running])
[2006/01/09 22:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX [System | Running])
[2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2001/08/22 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/14 05:10:50 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2008/04/13 23:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/29 17:40:56 | 00,210,472 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (si3114r5 [Boot | Running])
[2008/04/29 17:40:56 | 00,017,064 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2008/04/29 17:40:56 | 00,012,200 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil [Boot | Running])
[2008/04/14 01:15:36 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/14 05:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2005/01/06 11:18:40 | 00,310,656 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP [On_Demand | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/04/04 04:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
"C:\WINDOWS\system32\kdkfs.exe"=C:\WINDOWS\system32\kdkfs.exe File not found
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LClock"=C:\Program Files\LClock\LClock.exe ()
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite... -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: AIM -- C:\Program Files\AIM\aim.exe (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0D41B8C5-2599-4893-8183-00195EC8D5F9}: http://support.asus.com/common/asusTek_sys_ctrl.cab -- asusTek_sysctrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
========== (O17) DNS Name Servers ==========
{6C6AA7EE-51C8-456F-BBAB-A10A953DE278} (Servers: 85.255.115.2,85.255.112.117 | Description: ASUS 802.11b/g Wireless LAN Card)
{B94761F6-BF1A-4FCC-9595-BF86977FC8B6} (Servers: | Description: Windows Mobile-based Device)
{C7B75E5E-F00D-42C6-B592-264D9251F650} (Servers: | Description: 1394 Net Adapter)
{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0} (Servers: 85.255.115.2,85.255.112.117 | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=kdkfs.exe
>File not found --
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/07/24 19:49:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008/10/02 21:33:02 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008/10/02 21:33:02 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell]
""=Autorun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\Open\command]
""=G:\resycled\boot.com -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell]
""=Autorun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\Open\command]
""=D:\resycled\boot.com -- [2008/09/19 09:46:32 | 00,019,968 | RHS- | M] ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618107-59b4-11dd-9efe-806d6172696f}\Shell]
""=Autorun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618107-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618107-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618107-59b4-11dd-9efe-806d6172696f}\Shell\Open\command]
""=C:\resycled\boot.com -- [2008/09/19 09:46:32 | 00,019,968 | RHS- | M] ()
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/31 00:33:36 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt
[2008/10/30 17:07:09 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/30 17:07:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\gmer
[2008/10/30 17:03:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/02 21:31:54 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/02 21:28:25 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:57 | 00,322,707 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 16:28:52 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/29 16:04:15 | 00,305,323 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:34 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/27 19:03:59 | 00,486,449 | ---- | C] ( ) -- C:\Documents and Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/27 17:19:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 02:59:36 | 00,000,188 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2008/09/27 02:11:54 | 00,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2008/09/27 02:02:31 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar Phoenix Windows Data Recovery.lnk
[2008/09/27 02:02:24 | 00,260,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDATGRD.OCX
[2008/09/27 02:02:24 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2008/09/27 02:00:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2008/09/27 01:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\Stellar_Phoneix_Windows_Data_Recovery_v_3.0.0.1_adi231189__CW
[2008/09/27 01:45:37 | 14,277,293 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar_Phoneix_Windows_Data_Recovery_v_3.0.0.1_adi231189__CW.rar
[2008/09/27 01:41:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ˆ
** - C:\WINDOWS\System32\?
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:59:53 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/25 23:59:53 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/25 23:59:53 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/25 23:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1
[2008/09/25 23:52:23 | 00,651,492 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar_Phoenix_FAT_and_NTFS_v2.1_by_SND.zip
[2008/09/25 23:49:34 | 00,652,169 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:40:12 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
[2008/09/25 23:40:12 | 00,000,000 | RHSD | C] -- C:\resycled
[2008/09/25 23:19:30 | 00,003,360 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/25 23:19:30 | 00,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/25 23:19:30 | 00,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/09/25 23:18:57 | 00,000,130 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/09/25 23:18:54 | 00,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2008/09/25 23:18:54 | 00,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
[2008/09/25 23:18:54 | 00,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/09/25 23:18:54 | 00,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/09/25 23:18:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/09/25 23:18:54 | 00,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/25 23:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix NTFS Data Recovery
[2008/09/25 21:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\EASIS
[2008/09/25 18:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/09/25 18:37:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/09/24 09:58:50 | 12,639,7177 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 00:47:34 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/24 00:47:34 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/18 18:52:38 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/18 18:52:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2008/09/18 18:50:30 | 00,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2008/09/18 18:50:26 | 00,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2008/09/18 18:50:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2008/09/18 18:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/09/15 22:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\retouching
[2008/09/15 22:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme
[2008/09/15 21:21:31 | 00,027,589 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/14 17:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2008/09/14 17:16:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2008/09/14 17:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2008/09/08 03:13:48 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/08 03:13:48 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 03:13:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2008/09/08 03:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2008/09/07 02:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Netflix
[2008/09/05 04:33:40 | 18,630,864 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NSMB 2.mov
[2008/09/05 04:32:01 | 21,353,142 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NSMB 1.mov
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/31 00:33:36 | 00,000,014 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt
[2008/10/31 00:33:07 | 00,065,627 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Tickets.WildWestJamboree.2008.jpg
[2008/10/30 17:26:45 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:20 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/30 02:19:13 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 21:33:02 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008/10/02 21:28:26 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:58 | 00,322,707 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 18:37:11 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/29 18:35:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/29 18:34:58 | 00,182,441 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/29 18:34:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/29 18:34:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/29 16:19:05 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Spybot - Search & Destroy.lnk
[2008/09/29 16:04:15 | 00,305,323 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:00 | 00,486,449 | ---- | M] ( ) -- C:\Documents and Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:19:15 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 09:30:34 | 00,000,188 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:11:54 | 00,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:03:11 | 00,003,360 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/27 02:03:11 | 00,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
[2008/09/27 02:02:32 | 00,000,130 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2008/09/26 23:54:33 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/26 23:54:33 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/26 23:49:59 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/26 23:49:59 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:52:23 | 00,651,492 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Stellar_Phoenix_FAT_and_NTFS_v2.1_by_SND.zip
[2008/09/25 23:49:35 | 00,652,169 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:19:30 | 00,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/24 09:58:50 | 12,639,7177 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 01:49:43 | 00,381,228 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/24 01:49:43 | 00,328,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/24 01:49:43 | 00,045,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/22 22:00:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/18 18:52:38 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/15 21:21:32 | 00,027,589 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/11 21:40:37 | 00,070,656 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\EmilySwansonResume-1.doc
[2008/09/10 04:01:22 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/09/10 03:00:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >
EXTRAS
OTViewIt Extras logfile created on: 10/2/2008 9:33:33 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.32 Gb Free Space | 76.91% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 254.32 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/10 10:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
[2008/07/28 04:07:31 | 09,080,832 | ---- | M] (Final Draft Inc.) -- C:\Program Files\Final Draft 7\Final Draft.exe:*:Enabled:Final Draft
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/23 18:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/23 18:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/23 18:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/20 21:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/20 21:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/23 19:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/20 21:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/23 18:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/09/16 00:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/09/16 00:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/23 19:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 12:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2008/09/27 02:29:00 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[2008/08/03 14:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{05C56753-F144-44BC-BA67-83CC5DBF395C}"=F300
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}"=Adobe Setup
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{33F09ED5-3355-470A-AD79-6DFA8FC553E3}"=MacDrive 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}"=Apple Mobile Device Support
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{71D9B000-CD43-4DE9-9729-49434415B8F7}"=F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{78D62D17-D970-42DA-B8CF-5E5576293B33}"=Final Draft 7
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP)
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}"=HP Photosmart Essential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}"=Windows Vista Sounds Pack
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}"=F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{EC3B29CD-76FF-4689-9647-8CCE67AC1D25}"=Data LifeSaver
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}"=HP Software Update
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}"=iTunes
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8.1.2 Professional
"Adobe AIR"=Adobe AIR
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5ac697db6c6103f6f8b5198d25f73f7"=Add or Remove Adobe Creative Suite 3 Master Collection
"AOL Instant Messenger"=AOL Instant Messenger
"BitLord"=BitLord 1.1
"CCleaner"=CCleaner (remove only)
"C-Media Audio Driver"=C-Media High Definition Audio Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Core FTP LE 2.1"=Core FTP LE 2.1
"DamnNFOViewer"=DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
"IconPackager"=IconPackager
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
"Kristanix Right Click Image Converter"=Right Click Image Converter
"LClock"=LClock
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall"=Network Magic
"NVIDIA Drivers"=NVIDIA Drivers
"PeerGuardian_is1"=PeerGuardian 2.0
"Resource Hacker 3.4.0"=Resource Hacker 3.4.0
"Stellar Phoenix Windows Data Recovery_is1"=Stellar Phoenix Windows Data Recovery V3.0
"Unlocker"=Unlocker 1.8.5
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Xvid_is1"=Xvid 1.1.3 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/14/2008 5:50:22 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x000fa977.
Error - 8/14/2008 5:51:02 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x0014aaf6.
Error - 8/22/2008 8:09:17 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application MSPVIEW.EXE, version 11.0.1897.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/22/2008 8:14:19 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.5510.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/9/2008 11:54:52 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/26/2008 7:27:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3180, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x0000d676.
Error - 9/27/2008 9:33:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01c04130.
Error - 10/29/2008 9:33:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application Fireworks.exe, version 9.0.0.1188, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 9/26/2008 12:35:45 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:35:45 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.
Error - 9/26/2008 12:35:48 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:35:52 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:35:56 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:36:00 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.
Error - 10/29/2008 8:40:27 PM | Computer Name = MATT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 10/29/2008 9:33:42 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 10/30/2008 6:36:00 AM | Computer Name = MATT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.199 on
the Network Card with network address 0011D8D604D3.
Error - 10/30/2008 6:36:19 AM | Computer Name = MATT | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -2591995 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.0.199:123->207.46.232.182:123) is working
properly.
< End of report >
OTMoveit3
========== FILES ==========
File/Folder C:\WINDOWS\system32\kdkfs.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\System deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10022008_234700
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:09 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkfs.exe] C:\WINDOWS\system32\kdkfs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}: NameServer = 85.255.115.2,85.255.112.117
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10598 bytes
Hi,
Don't install any P2P softwares! Otherwise all help will be refused. Please read this, http://forums.spybot.info/showthread.php?t=282
Which router you have (model/brand)?
Step 1
Please remove via Add or Remove Programs (press Start -> Controlpanel -> Add or Remove Programs):
BitLord 1.1
Step 2
Please produce uninstall list:
Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.
I have a D-Link DIR-615 N-Router
Acrobat.com
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alky for Applications (Windows XP)
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
CCleaner (remove only)
C-Media High Definition Audio Driver
Core FTP LE 2.1
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
Data LifeSaver
Drive Manager
Drive Manager
Final Draft 7
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
IconPackager
iTunes
Java(TM) 6 Update 7
LClock
MacDrive 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
Netflix Movie Viewer
Network Magic
NVIDIA Drivers
PDF Settings
PeerGuardian 2.0
QuickTime
Resource Hacker 3.4.0
Right Click Image Converter
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Spybot - Search & Destroy
Stellar Phoenix Windows Data Recovery V3.0
Unlocker 1.8.5
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Sounds Pack
WinRAR archiver
Xvid 1.1.3 final uninstall
Hi,
Step 1
1) Download router manual here (http://www.dlink.com/products/support.asp?pid=565&sec=1)
2) Reset your router according to that manual.
3) Change router default password.
4) Ensure that DHCP settings are the ones your ISP uses.
Step 2
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Run Fixwareout again, you will find it on your desktop. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin;
follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Post back the contents of the logfile C:\fixwareout\report.txt.
Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems.
Step 3
Please post a fresh HijackThis log and Fixwareout log.
Ok, so I was able to reset the modem and put a password. And I was able to change the DNS setting to automatic. So far, everything seems back to normal. Here are the logs.
Username "Matthew" - 10/05/2008 23:07:25 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdhxn.exe"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}
"nameserver"="85.255.115.76,85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}
"nameserver"="85.255.115.76,85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}
"DhcpNameServer"="85.255.115.76,85.255.112.167" <Value cleared.
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdhxn.ren 52224 04/14/2008
C:\WINDOWS\Temp\kdkfs.ren 52224 04/14/2008
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"Adobe_ID0EYTHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"nmapp"="\"C:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"basicsmssmenu"="\"C:\\Program Files\\Seagate\\Basics\\Basics Status\\MaxMenuMgrBasics.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
HijJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:37 AM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10089 bytes
Hi,
Step 1
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.
:files
C:\WINDOWS\SxsCaPendDel
C:\WINDOWS\System32\ˆ
:commands
[EmptyTemp]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Step 2
Please open Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as Search.bat on your Desktop
@echo off
cd\
cd %windir%\system32\?
dir /a:-d /o:-d > %systemdrive%\look32.txt
start %systemdrive%\look32.txt
cls
exit
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG
Double click on Search.bat.
look32.txt file will open, please post the contents of it in your next reply.
Step 3
Please run OTViewIt
Close all applications and windows.
Double-click on the OTViewIt.exeto start OTViewIt.
Place a checkmark in the blue-colored "Scan All Users" checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
Step 4
Please post a fresh HijackThis log, OTViewIt logs, OTMoveIt3 log and contents of look32.txt.
HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:21 PM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10340 bytes
[B]OtViewIt Log
OTViewIt logfile created on: 10/6/2008 4:49:29 PM - Run 4
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.18 Gb Free Space | 76.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 239.82 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program
Files\Seagate\Basics\Service\SyncServicesBasics.exe
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive
7\MacDriveService.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks
Shared\Platform\nmsrvc.exe
[2008/04/14 06:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2004/09/19 12:27:46 | 00,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/09 17:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader
9.0\Reader\reader_sl.exe
[2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software
Update\hpwuSchd2.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics
Status\MaxMenuMgrBasics.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqste08.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version
Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program
Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service
[Disabled | Stopped])
[2008/04/14 06:42:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand |
Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) --
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe -- (Crypkey License
[Auto | Running])
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) --
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service
[On_Demand | Running])
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive
7\MacDriveService.exe -- (MacDriveService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network
Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks
Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source
Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2008/04/14 06:42:40 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled |
Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe --
(WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services ==========
[2005/05/12 14:39:56 | 01,287,296 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand |
Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM
[On_Demand | Running])
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
-- (HDAudBus [On_Demand | Running])
[2005/10/27 20:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand |
Stopped])
[2005/10/27 20:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand |
Stopped])
[2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand |
Stopped])
[2008/04/14 01:01:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm
[System | Running])
[2005/08/04 05:51:58 | 00,026,112 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\drivers\iteraid.sys --
(iteraid [Boot | Running])
[2008/07/22 14:29:46 | 00,288,768 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT
[Boot | Running])
[2007/02/28 11:15:08 | 00,019,072 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT
[Boot | Running])
[2006/01/09 22:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX [System | Running])
[2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand
| Running])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot
| Running])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto |
Running])
[2001/08/22 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys --
(Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis
[Auto | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot |
Running])
[2008/04/14 05:10:50 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port
[Boot | Running])
[2008/04/13 23:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and
Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/29 17:40:56 | 00,210,472 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (si3114r5 [Boot
| Running])
[2008/04/29 17:40:56 | 00,017,064 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter
[Boot | Running])
[2008/04/29 17:40:56 | 00,012,200 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil
[Boot | Running])
[2008/04/14 01:15:36 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci
[On_Demand | Running])
[2008/04/14 05:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx
[On_Demand | Stopped])
[2005/01/06 11:18:40 | 00,310,656 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\mrv8ka51.sys --
(W8100XP [On_Demand | Stopped])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf
[On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd
[On_Demand | Stopped])
[2008/04/04 04:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand |
Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe
Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe
Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking
Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LClock"=C:\Program Files\LClock\LClock.exe ()
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- |
M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120
| ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- |
M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M]
(Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun
Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft
Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite... -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll
(Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft
Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: AIM -- C:\Program Files\AIM\aim.exe (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft
Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0D41B8C5-2599-4893-8183-00195EC8D5F9}: http://support.asus.com/common/asusTek_sys_ctrl.cab -- asusTek_sysctrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in
1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in
1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in
1.6.0_07
========== (O17) DNS Name Servers ==========
{2758145E-4A84-4120-9748-0730EFB3919A} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
{6C6AA7EE-51C8-456F-BBAB-A10A953DE278} (Servers: | Description: ASUS 802.11b/g Wireless LAN Card)
{B94761F6-BF1A-4FCC-9595-BF86977FC8B6} (Servers: | Description: Windows Mobile-based Device)
{C7B75E5E-F00D-42C6-B592-264D9251F650} (Servers: | Description: 1394 Net Adapter)
{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft
Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/07/24 19:49:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell]
""=Autorun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\A
utoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\A
utoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\O
pen\command]
""=G:\resycled\boot.com -- File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/30 17:07:09 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/30 17:07:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\gmer
[2008/10/30 17:03:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/06 16:47:27 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\search.bat
[2008/10/05 21:37:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240
[2008/10/05 21:31:04 | 07,474,870 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240.zip
[2008/10/05 00:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2008/10/05 00:25:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Publish Providers
[2008/10/05 00:24:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
[2008/10/04 00:47:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\My Documents\Adobe
[2008/10/02 21:31:54 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/02 21:28:25 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:57 | 00,322,707 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 16:28:52 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/29 16:04:15 | 00,305,323 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:34 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/27 19:03:59 | 00,486,449 | ---- | C] ( ) -- C:\Documents and
Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/27 17:19:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 02:59:36 | 00,000,188 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2008/09/27 02:11:54 | 00,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2008/09/27 02:02:31 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar Phoenix Windows Data
Recovery.lnk
[2008/09/27 02:02:24 | 00,260,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDATGRD.OCX
[2008/09/27 02:02:24 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2008/09/27 01:48:19 | 00,000,000 | ---D | C] -- C:\Documents and
Settings\Matthew\Desktop\Stellar_Phoneix_Windows_Data_Recovery_v_3.0.0.1_adi231189__CW
[2008/09/27 01:41:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ˆ
** - C:\WINDOWS\System32\?
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:59:53 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/25 23:59:53 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/25 23:59:53 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/25 23:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1
[2008/09/25 23:49:34 | 00,652,169 | ---- | C] () -- C:\Documents and
Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:40:12 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
[2008/09/25 23:40:12 | 00,000,000 | RHSD | C] -- C:\resycled
[2008/09/25 23:19:30 | 00,003,360 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/25 23:19:30 | 00,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/25 23:19:30 | 00,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/09/25 23:18:57 | 00,000,130 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/09/25 23:18:54 | 00,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2008/09/25 23:18:54 | 00,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
[2008/09/25 23:18:54 | 00,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/09/25 23:18:54 | 00,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/09/25 23:18:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/09/25 23:18:54 | 00,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/25 23:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix NTFS Data Recovery
[2008/09/25 21:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\EASIS
[2008/09/25 18:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/09/25 18:37:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/09/24 09:58:50 | 12,639,7177 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 00:47:34 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/24 00:47:34 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/18 18:52:38 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/18 18:52:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2008/09/18 18:50:30 | 00,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2008/09/18 18:50:26 | 00,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2008/09/18 18:50:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2008/09/18 18:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/09/15 22:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\retouching
[2008/09/15 22:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme
[2008/09/15 21:21:31 | 00,027,589 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/14 17:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2008/09/14 17:16:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2008/09/14 17:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2008/09/08 03:13:48 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/08 03:13:48 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 03:13:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2008/09/08 03:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2008/09/07 02:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Netflix
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/30 17:26:45 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:20 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/06 16:47:27 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\search.bat
[2008/10/06 16:46:55 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/06 16:45:22 | 00,182,441 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/06 16:44:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/06 16:44:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/06 16:44:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008/10/05 21:35:32 | 07,474,870 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240.zip
[2008/10/05 21:06:43 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/10/05 03:37:02 | 00,121,856 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 21:28:26 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:58 | 00,322,707 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 16:19:05 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Spybot - Search & Destroy.lnk
[2008/09/29 16:04:15 | 00,305,323 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:00 | 00,486,449 | ---- | M] ( ) -- C:\Documents and
Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:19:15 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 09:30:34 | 00,000,188 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:11:54 | 00,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:03:11 | 00,003,360 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/27 02:03:11 | 00,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
[2008/09/27 02:02:32 | 00,000,130 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2008/09/27 02:02:31 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Stellar Phoenix Windows Data
Recovery.lnk
[2008/09/26 23:54:33 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/26 23:54:33 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/26 23:49:59 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/26 23:49:59 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:49:35 | 00,652,169 | ---- | M] () -- C:\Documents and
Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:19:30 | 00,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/24 09:58:50 | 12,639,7177 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 01:49:43 | 00,381,228 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/24 01:49:43 | 00,328,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/24 01:49:43 | 00,045,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/22 22:00:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/18 18:52:38 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/15 21:21:32 | 00,027,589 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/10 03:00:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >
HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:21 PM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10340 bytes
[B]OtMoveIt Log
Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== FILES ==========
C:\WINDOWS\SxsCaPendDel moved successfully.
File/Folder C:\WINDOWS\System32\ˆ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Matthew\LOCALS~1\Temp\etilqs_aZAq2OOaIerQDpBGbcAK scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Matthew\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Matthew\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Error: Unable to interpret <---------> in the current context!
OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10062008_164233
Files moved on Reboot...
File C:\DOCUME~1\Matthew\LOCALS~1\Temp\etilqs_aZAq2OOaIerQDpBGbcAK not found!
C:\DOCUME~1\Matthew\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\Matthew\LOCALS~1\Temp\WCESLog.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pk9h4yn.default\XUL.mfl moved successfully.
OTViewIt logfile
OTViewIt logfile created on: 10/6/2008 4:49:29 PM - Run 4
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.18 Gb Free Space | 76.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 239.82 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program
Files\Seagate\Basics\Service\SyncServicesBasics.exe
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive
7\MacDriveService.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks
Shared\Platform\nmsrvc.exe
[2008/04/14 06:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2004/09/19 12:27:46 | 00,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/09 17:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader
9.0\Reader\reader_sl.exe
[2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software
Update\hpwuSchd2.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics
Status\MaxMenuMgrBasics.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqste08.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version
Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program
Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service
[Disabled | Stopped])
[2008/04/14 06:42:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand |
Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) --
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe -- (Crypkey License
[Auto | Running])
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) --
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service
[On_Demand | Running])
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive
7\MacDriveService.exe -- (MacDriveService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network
Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks
Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source
Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2008/04/14 06:42:40 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled |
Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe --
(WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services ==========
[2005/05/12 14:39:56 | 01,287,296 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand |
Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM
[On_Demand | Running])
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
-- (HDAudBus [On_Demand | Running])
[2005/10/27 20:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand |
Stopped])
[2005/10/27 20:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand |
Stopped])
[2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand |
Stopped])
[2008/04/14 01:01:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm
[System | Running])
[2005/08/04 05:51:58 | 00,026,112 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\drivers\iteraid.sys --
(iteraid [Boot | Running])
[2008/07/22 14:29:46 | 00,288,768 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT
[Boot | Running])
[2007/02/28 11:15:08 | 00,019,072 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT
[Boot | Running])
[2006/01/09 22:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX [System | Running])
[2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand
| Running])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot
| Running])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto |
Running])
[2001/08/22 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys --
(Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis
[Auto | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot |
Running])
[2008/04/14 05:10:50 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port
[Boot | Running])
[2008/04/13 23:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and
Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/29 17:40:56 | 00,210,472 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (si3114r5 [Boot
| Running])
[2008/04/29 17:40:56 | 00,017,064 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter
[Boot | Running])
[2008/04/29 17:40:56 | 00,012,200 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil
[Boot | Running])
[2008/04/14 01:15:36 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci
[On_Demand | Running])
[2008/04/14 05:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx
[On_Demand | Stopped])
[2005/01/06 11:18:40 | 00,310,656 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\mrv8ka51.sys --
(W8100XP [On_Demand | Stopped])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf
[On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd
[On_Demand | Stopped])
[2008/04/04 04:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand |
Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe
Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe
Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking
Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LClock"=C:\Program Files\LClock\LClock.exe ()
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- |
M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120
| ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- |
M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M]
(Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun
Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft
Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite... -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll
(Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft
Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: AIM -- C:\Program Files\AIM\aim.exe (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft
Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0D41B8C5-2599-4893-8183-00195EC8D5F9}: http://support.asus.com/common/asusTek_sys_ctrl.cab -- asusTek_sysctrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in
1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in
1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in
1.6.0_07
========== (O17) DNS Name Servers ==========
{2758145E-4A84-4120-9748-0730EFB3919A} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
{6C6AA7EE-51C8-456F-BBAB-A10A953DE278} (Servers: | Description: ASUS 802.11b/g Wireless LAN Card)
{B94761F6-BF1A-4FCC-9595-BF86977FC8B6} (Servers: | Description: Windows Mobile-based Device)
{C7B75E5E-F00D-42C6-B592-264D9251F650} (Servers: | Description: 1394 Net Adapter)
{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft
Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/07/24 19:49:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell]
""=Autorun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\A
utoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\A
utoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\O
pen\command]
""=G:\resycled\boot.com -- File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/30 17:07:09 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/30 17:07:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\gmer
[2008/10/30 17:03:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/06 16:47:27 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\search.bat
[2008/10/05 21:37:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240
[2008/10/05 21:31:04 | 07,474,870 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240.zip
[2008/10/05 00:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2008/10/05 00:25:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Publish Providers
[2008/10/05 00:24:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
[2008/10/04 00:47:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\My Documents\Adobe
[2008/10/02 21:31:54 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/02 21:28:25 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:57 | 00,322,707 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 16:28:52 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/29 16:04:15 | 00,305,323 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:34 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/27 19:03:59 | 00,486,449 | ---- | C] ( ) -- C:\Documents and
Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/27 17:19:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 02:59:36 | 00,000,188 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2008/09/27 02:11:54 | 00,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2008/09/27 02:02:31 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar Phoenix Windows Data
Recovery.lnk
[2008/09/27 02:02:24 | 00,260,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDATGRD.OCX
[2008/09/27 02:02:24 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2008/09/27 01:48:19 | 00,000,000 | ---D | C] -- C:\Documents and
Settings\Matthew\Desktop\Stellar_Phoneix_Windows_Data_Recovery_v_3.0.0.1_adi231189__CW
[2008/09/27 01:41:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ˆ
** - C:\WINDOWS\System32\?
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:59:53 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/25 23:59:53 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/25 23:59:53 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/25 23:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1
[2008/09/25 23:49:34 | 00,652,169 | ---- | C] () -- C:\Documents and
Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:40:12 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
[2008/09/25 23:40:12 | 00,000,000 | RHSD | C] -- C:\resycled
[2008/09/25 23:19:30 | 00,003,360 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/25 23:19:30 | 00,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/25 23:19:30 | 00,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/09/25 23:18:57 | 00,000,130 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/09/25 23:18:54 | 00,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2008/09/25 23:18:54 | 00,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
[2008/09/25 23:18:54 | 00,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/09/25 23:18:54 | 00,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/09/25 23:18:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/09/25 23:18:54 | 00,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/25 23:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix NTFS Data Recovery
[2008/09/25 21:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\EASIS
[2008/09/25 18:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/09/25 18:37:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/09/24 09:58:50 | 12,639,7177 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 00:47:34 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/24 00:47:34 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/18 18:52:38 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/18 18:52:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2008/09/18 18:50:30 | 00,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2008/09/18 18:50:26 | 00,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2008/09/18 18:50:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2008/09/18 18:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/09/15 22:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\retouching
[2008/09/15 22:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme
[2008/09/15 21:21:31 | 00,027,589 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/14 17:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2008/09/14 17:16:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2008/09/14 17:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2008/09/08 03:13:48 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/08 03:13:48 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 03:13:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2008/09/08 03:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2008/09/07 02:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Netflix
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/30 17:26:45 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:20 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/06 16:47:27 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\search.bat
[2008/10/06 16:46:55 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/06 16:45:22 | 00,182,441 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/06 16:44:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/06 16:44:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/06 16:44:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008/10/05 21:35:32 | 07,474,870 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240.zip
[2008/10/05 21:06:43 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/10/05 03:37:02 | 00,121,856 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 21:28:26 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:58 | 00,322,707 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 16:19:05 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Spybot - Search & Destroy.lnk
[2008/09/29 16:04:15 | 00,305,323 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:00 | 00,486,449 | ---- | M] ( ) -- C:\Documents and
Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:19:15 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 09:30:34 | 00,000,188 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:11:54 | 00,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:03:11 | 00,003,360 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/27 02:03:11 | 00,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
[2008/09/27 02:02:32 | 00,000,130 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2008/09/27 02:02:31 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Stellar Phoenix Windows Data
Recovery.lnk
[2008/09/26 23:54:33 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/26 23:54:33 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/26 23:49:59 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/26 23:49:59 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:49:35 | 00,652,169 | ---- | M] () -- C:\Documents and
Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:19:30 | 00,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/24 09:58:50 | 12,639,7177 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 01:49:43 | 00,381,228 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/24 01:49:43 | 00,328,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/24 01:49:43 | 00,045,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/22 22:00:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/18 18:52:38 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/15 21:21:32 | 00,027,589 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/10 03:00:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >
Extras
OTViewIt Extras logfile created on: 10/6/2008 4:49:29 PM - Run 4
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.18 Gb Free Space | 76.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 239.82 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
\List]
[2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) --
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant
Messenger
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft
ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft
ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft
ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplicatio
ns\List]
[2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) --
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/10 10:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version
Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
[2008/07/28 04:07:31 | 09,080,832 | ---- | M] (Final Draft Inc.) -- C:\Program Files\Final Draft 7\Final
Draft.exe:*:Enabled:Final Draft
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant
Messenger
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/23 18:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital
Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/23 18:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital
Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/23 18:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital
Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/20 21:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/20 21:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital
Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/23 19:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/20 21:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital
Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/23 18:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital
Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/09/16 00:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital
Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/09/16 00:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/23 19:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital
Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 12:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2008/09/27 02:29:00 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla
Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft
ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft
ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft
ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks
Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information
Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web
Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap
Handler])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web
Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11
Handler])
[2008/08/03 14:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks
Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft
Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could
not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{05C56753-F144-44BC-BA67-83CC5DBF395C}"=F300
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}"=Adobe Setup
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{33F09ED5-3355-470A-AD79-6DFA8FC553E3}"=MacDrive 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}"=Apple Mobile Device Support
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{71D9B000-CD43-4DE9-9729-49434415B8F7}"=F300Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{78D62D17-D970-42DA-B8CF-5E5576293B33}"=Final Draft 7
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}"=Sony Vegas Pro 8.0
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP)
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}"=HP Photosmart Essential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}"=Windows Vista Sounds Pack
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}"=F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{EC3B29CD-76FF-4689-9647-8CCE67AC1D25}"=Data LifeSaver
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}"=HP Software Update
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}"=iTunes
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8.1.2 Professional
"Adobe AIR"=Adobe AIR
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5ac697db6c6103f6f8b5198d25f73f7"=Add or Remove Adobe Creative Suite 3 Master Collection
"AOL Instant Messenger"=AOL Instant Messenger
"CCleaner"=CCleaner (remove only)
"C-Media Audio Driver"=C-Media High Definition Audio Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Core FTP LE 2.1"=Core FTP LE 2.1
"DamnNFOViewer"=DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
"IconPackager"=IconPackager
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
"Kristanix Right Click Image Converter"=Right Click Image Converter
"LClock"=LClock
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall"=Network Magic
"NVIDIA Drivers"=NVIDIA Drivers
"PeerGuardian_is1"=PeerGuardian 2.0
"Resource Hacker 3.4.0"=Resource Hacker 3.4.0
"Stellar Phoenix Windows Data Recovery_is1"=Stellar Phoenix Windows Data Recovery V3.0
"Unlocker"=Unlocker 1.8.5
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Xvid_is1"=Xvid 1.1.3 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/22/2008 8:14:19 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.5510.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/9/2008 11:54:52 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/26/2008 7:27:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3180, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x0000d676.
Error - 9/27/2008 9:33:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01c04130.
Error - 10/29/2008 9:33:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application Fireworks.exe, version 9.0.0.1188, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/5/2008 3:17:01 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application adobe premiere pro.exe, version 3.0.0.0, faulting
module unknown, version 0.0.0.0, fault address 0xcccccccc.
Error - 10/5/2008 3:41:49 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application adobe premiere pro.exe, version 3.0.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x00000006.
Error - 10/5/2008 4:12:06 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01ad4130.
[ System Events ]
Error - 9/26/2008 12:35:56 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 9/26/2008 12:36:00 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.
Error - 10/29/2008 8:40:27 PM | Computer Name = MATT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 10/29/2008 9:33:42 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 10/30/2008 6:36:00 AM | Computer Name = MATT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.199 on
the Network Card with network address 0011D8D604D3.
Error - 10/30/2008 6:36:19 AM | Computer Name = MATT | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -2591995 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.0.199:123->207.46.232.182:123) is working
properly.
Error - 10/3/2008 5:01:24 AM | Computer Name = MATT | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 10/5/2008 4:11:56 AM | Computer Name = MATT | Source = Service Control Manager | ID = 7034
Description = The MacDrive service service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/5/2008 12:37:35 PM | Computer Name = MATT | Source = PlugPlayManager | ID = 12
Description = The device 'WDC WD5000KS-00MNB0' (IDE\DiskWDC_WD5000KS-00MNB0_____________________07.02E07\5&3a08c9d0&0&0.1.0)
disappeared from the system without first being prepared for removal.
Error - 10/5/2008 4:58:40 PM | Computer Name = MATT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
< End of report >
Look32
Volume in drive C has no label.
Volume Serial Number is 70D4-A8BA
Directory of C:\WINDOWS\system32
10/06/2008 04:45 PM 182,441 nvapps.xml
10/06/2008 04:44 PM 2,206 wpa.dbl
10/05/2008 09:06 PM 8 nvModes.dat
09/27/2008 02:03 AM 3,360 esnecil.ind
09/26/2008 11:54 PM 87 ssprs.tgz
09/26/2008 11:54 PM 73 ssprs.dll
09/26/2008 11:49 PM 205 lsprst7.dll
09/26/2008 11:49 PM 219 lsprst7.tgz
09/25/2008 11:59 PM 1,025 clauth2.dll
09/25/2008 11:59 PM 1,025 sysprs7.tgz
09/25/2008 11:59 PM 1,025 clauth1.dll
09/25/2008 11:59 PM 1,025 sysprs7.dll
09/25/2008 11:19 PM 1,680 esnecil.nlp
09/24/2008 01:49 AM 328,322 perfh009.dat
09/24/2008 01:49 AM 45,260 perfc009.dat
09/24/2008 01:49 AM 381,228 PerfStringBackup.INI
09/11/2008 08:37 PM 6,587 jupdate-1.6.0_07-b06.log
08/26/2008 04:28 PM 16,208,504 MRT.exe
08/14/2008 03:01 AM 359,790 TZLog.log
08/06/2008 03:47 PM 1,545,320 FNTCACHE.DAT
07/24/2008 08:04 PM 849 $winnt$.inf
07/24/2008 08:03 PM 23,392 nscompat.tlb
07/24/2008 08:03 PM 16,832 amcompat.tlb
07/24/2008 08:00 PM 6,341 jupdate-1.6.0_06-b02.log
07/24/2008 07:49 PM 2,577 CONFIG.NT
07/24/2008 07:48 PM 488 logonui.exe.manifest
07/24/2008 07:48 PM 488 WindowsLogon.manifest
07/24/2008 07:48 PM 749 cdplayer.exe.manifest
07/24/2008 07:48 PM 749 nwc.cpl.manifest
07/24/2008 07:48 PM 749 sapi.cpl.manifest
07/24/2008 07:48 PM 749 wuaucpl.cpl.manifest
07/24/2008 07:48 PM 749 ncpa.cpl.manifest
07/24/2008 07:46 PM 21,640 emptyregdb.dat
07/24/2008 03:38 PM 0 h323log.txt
07/24/2008 03:28 PM 4,444 pid.PNF
07/18/2008 10:10 PM 94,920 cdm.dll
07/18/2008 10:10 PM 53,448 wuauclt.exe
07/18/2008 10:10 PM 45,768 wups2.dll
07/18/2008 10:10 PM 33,992 wucltui.dll.mui
07/18/2008 10:10 PM 36,552 wups.dll
07/18/2008 10:09 PM 325,832 wucltui.dll
07/18/2008 10:09 PM 215,752 wuaucpl.cpl
07/18/2008 10:09 PM 205,000 wuweb.dll
07/18/2008 10:09 PM 563,912 wuapi.dll
07/18/2008 10:09 PM 25,800 wuapi.dll.mui
07/18/2008 10:09 PM 1,811,656 wuaueng.dll
07/18/2008 10:09 PM 25,800 wuaucpl.cpl.mui
07/18/2008 10:08 PM 20,680 wuaueng.dll.mui
07/11/2008 08:42 AM 62,976 tzchange.exe
07/07/2008 04:26 PM 253,952 es.dll
06/24/2008 06:12 PM 295,936 wmpeffects.dll
06/24/2008 12:43 PM 74,240 mscms.dll
06/23/2008 12:01 PM 1,162,752 urlmon.dll
06/23/2008 12:01 PM 827,904 wininet.dll
06/23/2008 12:01 PM 233,472 webcheck.dll
06/23/2008 12:01 PM 105,984 url.dll
06/23/2008 12:01 PM 102,912 occache.dll
06/23/2008 12:01 PM 44,544 pngfilt.dll
06/23/2008 12:01 PM 671,232 mstime.dll
06/23/2008 12:01 PM 193,024 msrating.dll
06/23/2008 12:01 PM 477,696 mshtmled.dll
06/23/2008 12:01 PM 3,594,240 mshtml.dll
06/23/2008 12:01 PM 1,831,424 inetcpl.cpl
06/23/2008 12:01 PM 459,264 msfeeds.dll
06/23/2008 12:01 PM 27,648 jsproxy.dll
06/23/2008 12:01 PM 52,224 msfeedsbs.dll
06/23/2008 12:01 PM 267,776 iertutil.dll
06/23/2008 12:01 PM 44,544 iernonce.dll
06/23/2008 12:01 PM 6,068,736 ieframe.dll
06/23/2008 12:01 PM 383,488 ieapfltr.dll
06/23/2008 12:01 PM 388,608 iedkcs32.dll
06/23/2008 12:01 PM 214,528 dxtrans.dll
06/23/2008 12:01 PM 230,400 ieaksie.dll
06/23/2008 12:01 PM 63,488 icardie.dll
06/23/2008 12:01 PM 153,088 ieakeng.dll
06/23/2008 12:01 PM 132,608 extmgr.dll
06/23/2008 12:01 PM 124,928 advpack.dll
06/23/2008 12:01 PM 347,136 dxtmsft.dll
06/23/2008 04:23 AM 70,656 ie4uinit.exe
06/23/2008 04:23 AM 13,824 ieudinit.exe
06/21/2008 01:23 AM 161,792 ieakui.dll
06/20/2008 01:46 PM 245,248 mswsock.dll
06/20/2008 01:46 PM 147,968 dnsapi.dll
06/10/2008 02:32 AM 73,728 javacpl.cpl
06/10/2008 02:32 AM 139,264 javaws.exe
06/10/2008 01:21 AM 135,168 javaw.exe
06/10/2008 01:21 AM 135,168 java.exe
05/27/2008 10:50 AM 90,112 QuickTimeVR.qtx
05/27/2008 10:50 AM 57,344 QuickTime.qts
05/21/2008 05:29 PM 487,424 msvcp70.dll
05/21/2008 05:29 PM 344,064 msvcr70.dll
05/09/2008 07:23 PM 135,168 wshom.ocx
05/09/2008 06:53 AM 90,112 wshext.dll
05/09/2008 06:53 AM 172,032 scrrun.dll
05/09/2008 06:53 AM 430,080 vbscript.dll
05/09/2008 06:53 AM 512,000 jscript.dll
05/09/2008 06:53 AM 180,224 scrobj.dll
05/08/2008 07:24 AM 155,648 wscript.exe
05/07/2008 05:07 AM 135,168 cscript.exe
05/07/2008 01:12 AM 1,288,192 quartz.dll
05/02/2008 10:46 PM 1,486,848 nview.dll
05/02/2008 10:46 PM 3,391,488 nvgames.dll
05/02/2008 10:46 PM 313,888 nvexpbar.dll
05/02/2008 10:46 PM 1,339,392 nvdspsch.exe
05/02/2008 10:46 PM 181,895 nvdsp.chm
05/02/2008 10:46 PM 6,582,272 nvdisps.dll
05/02/2008 10:46 PM 18,070 nvdisp.nvu
05/02/2008 10:46 PM 1,241,088 nvcuda.dll
05/02/2008 10:46 PM 768,544 nvcplui.exe
05/02/2008 10:46 PM 13,529,088 nvcpl.dll
05/02/2008 10:46 PM 420,384 nvcpl.cpl
05/02/2008 10:46 PM 121,529 nvcpl.chm
05/02/2008 10:46 PM 147,456 nvcolor.exe
05/02/2008 10:46 PM 41,984 nvcodins.dll
05/02/2008 10:46 PM 41,984 nvcod.dll
05/02/2008 10:46 PM 45,056 nvmccsrs.dll
05/02/2008 10:46 PM 442,368 nvappbar.exe
05/02/2008 10:46 PM 425,984 nvapi.dll
05/02/2008 10:46 PM 6,108,160 nv4_disp.dll
05/02/2008 10:46 PM 116,384 nv3d.chm
05/02/2008 10:46 PM 8,769,536 nvoglnt.dll
05/02/2008 10:46 PM 466,944 nvshell.dll
05/02/2008 10:46 PM 159,812 nvsvc32.exe
05/02/2008 10:46 PM 73,728 nvtuicpl.cpl
05/02/2008 10:46 PM 442,368 nvudisp.exe
05/02/2008 10:46 PM 3,776,512 nvvitvs.dll
05/02/2008 10:46 PM 81,920 nvwddi.dll
05/02/2008 10:46 PM 1,703,936 nvwdmcpl.dll
05/02/2008 10:46 PM 1,019,904 nvwimg.dll
05/02/2008 10:46 PM 1,630,208 nwiz.exe
05/02/2008 10:46 PM 425,984 keystone.exe
05/02/2008 10:46 PM 229,376 nvmccs.dll
05/02/2008 10:46 PM 1,257,472 nvmobls.dll
05/02/2008 10:46 PM 86,016 nvmctray.dll
05/02/2008 10:46 PM 286,720 nvnt4cpl.dll
05/02/2008 10:46 PM 54,988 nvmob.chm
05/02/2008 10:46 PM 2,629,632 nvwss.dll
05/02/2008 10:46 PM 188,416 nvmccss.dll
04/30/2008 05:27 PM 442,368 NVUNINST.EXE
04/29/2008 05:40 PM 83,496 SilSupp.cpl
04/23/2008 10:45 AM 28,672 setupold.exe
04/23/2008 10:45 AM 3,038 presetup.cmd
04/23/2008 10:36 AM 52,224 dmutil.dll
04/23/2008 10:36 AM 47,616 iyuv_32.dll
04/23/2008 10:36 AM 16,896 msyuv.dll
04/23/2008 10:36 AM 20,992 hid.dll
04/23/2008 10:36 AM 52,736 wzcsapi.dll
04/23/2008 10:36 AM 483,840 wzcsvc.dll
04/23/2008 10:36 AM 35,328 pid.dll
04/23/2008 10:36 AM 294,912 msh263.drv
04/23/2008 10:36 AM 2,023,936 ntkrnlpa.exe
04/23/2008 10:35 AM 8,192 tsbyuv.dll
04/23/2008 10:35 AM 157,696 paqsp.dll
04/23/2008 10:35 AM 147,968 mdwmdmsp.dll
04/23/2008 10:35 AM 41,019 usrsvpia.dll
04/23/2008 10:35 AM 49,211 usrsdpia.dll
04/23/2008 10:35 AM 77,883 usrrtosa.dll
04/23/2008 10:35 AM 49,211 usrvpa.dll
04/23/2008 10:35 AM 45,116 usrvoica.dll
04/23/2008 10:35 AM 102,457 usrv42a.dll
04/23/2008 10:35 AM 69,632 spnike.dll
04/23/2008 10:35 AM 70,656 sprio600.dll
04/23/2008 10:35 AM 72,192 sprio800.dll
04/23/2008 10:35 AM 61,508 usrprbda.exe
04/23/2008 10:35 AM 8,192 streamci.dll
04/23/2008 10:35 AM 49,209 usrv80a.dll
04/23/2008 10:35 AM 77,891 usrmlnka.exe
04/23/2008 10:35 AM 55,296 dvdplay.exe
04/23/2008 10:35 AM 69,700 usrshuta.exe
04/23/2008 10:35 AM 61,500 usrcntra.dll
04/23/2008 10:35 AM 69,699 usrcoina.dll
04/23/2008 10:35 AM 77,890 usrdpa.dll
04/23/2008 10:35 AM 53,305 usrlbva.dll
04/23/2008 10:35 AM 323,641 usrdtea.dll
04/23/2008 10:35 AM 86,073 usrfaxa.dll
04/23/2008 10:32 AM 140,288 sfc_os.dll
04/23/2008 10:32 AM 990,208 syssetup.dll
04/23/2008 10:32 AM 66,384 normnfkc.nls
04/23/2008 10:32 AM 39,284 normnfd.nls
04/23/2008 10:32 AM 45,794 normnfc.nls
04/23/2008 10:32 AM 60,294 normnfkd.nls
04/23/2008 10:32 AM 59,342 normidna.nls
04/23/2008 10:32 AM 23,552 normaliz.dll
04/23/2008 10:32 AM 180,736 ieui.dll
04/23/2008 10:32 AM 24,576 nlsdl.dll
04/23/2008 10:32 AM 2,455,488 ieapfltr.dat
04/23/2008 10:32 AM 26,112 idndl.dll
04/23/2008 10:32 AM 121,856 xmllite.dll
04/23/2008 10:31 AM 1,497,088 shdocvw.dll
04/23/2008 10:31 AM 474,112 shlwapi.dll
04/23/2008 10:31 AM 66,560 tdc.ocx
04/23/2008 10:31 AM 156,160 msls31.dll
04/23/2008 10:31 AM 48,128 mshtmler.dll
04/23/2008 10:31 AM 1,383,424 mshtml.tlb
04/23/2008 10:31 AM 40,960 licmgr10.dll
04/23/2008 10:31 AM 45,568 mshta.exe
04/23/2008 10:31 AM 56,695 ieuinit.inf
04/23/2008 10:31 AM 78,336 ieencode.dll
04/23/2008 10:31 AM 55,296 iesetup.dll
04/23/2008 10:31 AM 191,488 iepeers.dll
04/23/2008 10:31 AM 443,904 html.iec
04/23/2008 10:31 AM 17,408 corpol.dll
04/23/2008 10:31 AM 1,022,976 browseui.dll
04/23/2008 10:31 AM 71,680 admparse.dll
04/23/2008 10:31 AM 16,384 lcid.exe
04/23/2008 10:31 AM 176,640 taskmgr.exe
04/23/2008 10:30 AM 81,768 xinput1_3.dll
04/23/2008 10:30 AM 62,744 xinput1_2.dll
04/23/2008 10:30 AM 62,672 xinput1_1.dll
04/23/2008 10:30 AM 267,272 xactengine2_10.dll
04/23/2008 10:30 AM 267,112 xactengine2_9.dll
04/23/2008 10:30 AM 61,136 xinput9_1_0.dll
04/23/2008 10:30 AM 238,088 xactengine3_0.dll
04/23/2008 10:30 AM 261,480 xactengine2_7.dll
04/23/2008 10:30 AM 255,848 xactengine2_6.dll
04/23/2008 10:30 AM 251,672 xactengine2_5.dll
04/23/2008 10:30 AM 266,088 xactengine2_8.dll
04/23/2008 10:30 AM 229,584 xactengine2_1.dll
04/23/2008 10:30 AM 230,168 xactengine2_2.dll
04/23/2008 10:30 AM 236,824 xactengine2_3.dll
04/23/2008 10:30 AM 237,848 xactengine2_4.dll
04/23/2008 10:30 AM 479,752 XAudio2_0.dll
04/23/2008 10:30 AM 230,096 xactengine2_0.dll
04/23/2008 10:30 AM 25,608 X3DAudio1_3.dll
04/23/2008 10:30 AM 15,128 x3daudio1_1.dll
04/23/2008 10:30 AM 17,928 X3DAudio1_2.dll
04/23/2008 10:30 AM 1,420,824 D3DCompiler_37.dll
04/23/2008 10:30 AM 14,032 x3daudio1_0.dll
04/23/2008 10:30 AM 1,374,232 D3DCompiler_36.dll
04/23/2008 10:30 AM 1,358,192 D3DCompiler_35.dll
04/23/2008 10:30 AM 1,124,720 D3DCompiler_34.dll
04/23/2008 10:30 AM 1,123,696 D3DCompiler_33.dll
04/23/2008 10:30 AM 462,864 d3dx10_37.dll
04/23/2008 10:30 AM 444,776 d3dx10_35.dll
04/23/2008 10:30 AM 444,776 d3dx10_36.dll
04/23/2008 10:30 AM 443,752 d3dx10_33.dll
04/23/2008 10:30 AM 443,752 d3dx10_34.dll
04/23/2008 10:30 AM 3,786,760 D3DX9_37.dll
04/23/2008 10:30 AM 3,734,536 d3dx9_36.dll
04/23/2008 10:30 AM 3,727,720 d3dx9_35.dll
04/23/2008 10:30 AM 3,497,832 d3dx9_34.dll
04/23/2008 10:30 AM 3,495,784 d3dx9_33.dll
04/23/2008 10:30 AM 3,426,072 d3dx9_32.dll
04/23/2008 10:29 AM 2,414,360 d3dx9_31.dll
04/23/2008 10:29 AM 2,388,176 d3dx9_30.dll
04/23/2008 10:29 AM 2,332,368 d3dx9_29.dll
04/23/2008 10:29 AM 2,323,664 d3dx9_28.dll
04/23/2008 10:29 AM 2,319,568 d3dx9_27.dll
04/23/2008 10:29 AM 2,297,552 d3dx9_26.dll
04/23/2008 10:29 AM 2,337,488 d3dx9_25.dll
04/23/2008 10:29 AM 2,222,800 d3dx9_24.dll
04/23/2008 10:29 AM 336,768 WgaTray.exe
04/23/2008 10:29 AM 236,928 WgaLogon.dll
04/23/2008 10:29 AM 394,240 HMTCD.dll
04/23/2008 10:29 AM 114,688 cabarc.exe
04/23/2008 10:29 AM 61,440 CopyToSendTo.dll
04/23/2008 10:26 AM 200 nlite.cmd
04/23/2008 01:58 AM 2,306,560 ntoskrnl.exe
04/22/2008 03:03 PM 10,307,584 winntbbu.dll
04/20/2008 05:31 PM 714,752 sysdm.cpl
04/20/2008 02:47 PM 12,171,776 shell32.dll
04/19/2008 01:28 PM 6,147,584 logonui.exe
04/14/2008 10:42 AM 23,552 wdmaud.drv
04/14/2008 10:42 AM 129,536 ksproxy.ax
04/14/2008 10:42 AM 159,232 ptpusd.dll
04/14/2008 10:41 AM 4,096 ksuser.dll
04/14/2008 06:55 AM 1,804 Dcache.bin
04/14/2008 06:46 AM 329,728 netsetup.exe
04/14/2008 06:43 AM 92,424 rdpdd.dll
04/14/2008 06:43 AM 87,176 rdpwsx.dll
04/14/2008 06:43 AM 12,168 tsddd.dll
04/14/2008 06:43 AM 299,520 drmclien.dll
04/14/2008 06:42 AM 146,432 winspool.drv
04/14/2008 06:42 AM 33,280 kmddsp.tsp
04/14/2008 06:42 AM 17,408 ipconf.tsp
04/14/2008 06:42 AM 206,848 unimdm.tsp
04/14/2008 06:42 AM 76,800 remotesp.tsp
04/14/2008 06:42 AM 265,728 h323.tsp
04/14/2008 06:42 AM 56,832 ndptsp.tsp
04/14/2008 06:42 AM 29,696 hidphone.tsp
04/14/2008 06:42 AM 278,559 wmv8ds32.ax
04/14/2008 06:42 AM 69,632 msscds32.ax
04/14/2008 06:42 AM 258,048 wmvds32.ax
04/14/2008 06:42 AM 221,184 msadds32.ax
04/14/2008 06:42 AM 29,696 format.com
04/14/2008 06:42 AM 262,144 mpg4ds32.ax
04/14/2008 06:42 AM 154,624 ivfsrc.ax
04/14/2008 06:42 AM 12,800 tree.com
04/14/2008 06:42 AM 9,216 scrnsave.scr
04/14/2008 06:42 AM 239,616 wstrenderer.ax
04/14/2008 06:42 AM 148,992 mpg2splt.ax
04/14/2008 06:42 AM 118,272 mpeg2data.ax
04/14/2008 06:42 AM 164,352 wstpager.ax
04/14/2008 06:42 AM 16,896 more.com
04/14/2008 06:42 AM 30,208 vbisurf.ax
04/14/2008 06:42 AM 848,384 ir41_32.ax
04/14/2008 06:42 AM 199,680 iac25_32.ax
04/14/2008 06:42 AM 53,248 vbicodec.ax
04/14/2008 06:42 AM 5,632 winver.exe
04/14/2008 06:42 AM 155,136 hdwwiz.cpl
04/14/2008 06:42 AM 114,688 powercfg.cpl
04/14/2008 06:42 AM 380,416 irprops.cpl
04/14/2008 06:42 AM 135,168 desk.cpl
04/14/2008 06:42 AM 129,536 intl.cpl
04/14/2008 06:42 AM 110,592 bthprops.cpl
04/14/2008 06:42 AM 30,720 xcopy.exe
04/14/2008 06:42 AM 257,024 nusrmgr.cpl
04/14/2008 06:42 AM 80,896 firewall.cpl
04/14/2008 06:42 AM 32,256 wpabaln.exe
04/14/2008 06:42 AM 11,264 wpnpinst.exe
04/14/2008 06:42 AM 148,480 wscui.cpl
04/14/2008 06:42 AM 25,600 netsetup.cpl
04/14/2008 06:42 AM 68,608 access.cpl
04/14/2008 06:42 AM 68,608 joy.cpl
04/14/2008 06:42 AM 618,496 mmsys.cpl
04/14/2008 06:42 AM 111,104 wuauclt.exe.wusetup.238656.bak
04/14/2008 06:42 AM 165,888 wuauclt1.exe
04/14/2008 06:42 AM 162,304 wuaucpl.cpl.wusetup.238796.bak
04/14/2008 06:42 AM 549,888 appwiz.cpl
04/14/2008 06:42 AM 94,208 timedate.cpl
04/14/2008 06:42 AM 32,768 odbccp32.cpl
04/14/2008 06:42 AM 13,824 wscntfy.exe
04/14/2008 06:42 AM 26,112 userinit.exe
04/14/2008 06:42 AM 50,176 utilman.exe
04/14/2008 06:42 AM 433,664 wiaacmgr.exe
04/14/2008 06:42 AM 28,672 verclsid.exe
04/14/2008 06:42 AM 507,904 winlogon.exe
04/14/2008 06:42 AM 12,288 tracert.exe
04/14/2008 06:42 AM 289,792 vssvc.exe
04/14/2008 06:42 AM 18,432 ups.exe
04/14/2008 06:42 AM 259,584 tracerpt.exe
04/14/2008 06:42 AM 73,216 tlntsvr.exe
04/14/2008 06:42 AM 16,896 upnpcont.exe
04/14/2008 06:42 AM 65,024 wextract.exe
04/14/2008 06:42 AM 75,776 telnet.exe
04/14/2008 06:42 AM 57,856 spoolsv.exe
04/14/2008 06:42 AM 78,336 tlntsess.exe
04/14/2008 06:42 AM 71,680 systeminfo.exe
04/14/2008 06:42 AM 24,576 sort.exe
04/14/2008 06:42 AM 50,688 smss.exe
04/14/2008 06:42 AM 14,336 svchost.exe
04/14/2008 06:42 AM 61,440 tlntadmn.exe
04/14/2008 06:42 AM 76,288 taskkill.exe
04/14/2008 06:42 AM 77,824 tasklist.exe
04/14/2008 06:42 AM 14,848 stimon.exe
04/14/2008 06:42 AM 106,496 sysocmgr.exe
04/14/2008 06:42 AM 11,264 spnpinst.exe
04/14/2008 06:42 AM 8,192 smbinst.exe
04/14/2008 06:42 AM 26,112 skeys.exe
04/14/2008 06:42 AM 121,856 schtasks.exe
04/14/2008 06:42 AM 70,144 sigverif.exe
04/14/2008 06:42 AM 32,768 setupn.exe
04/14/2008 06:42 AM 23,040 setup.exe
04/14/2008 06:42 AM 45,056 shmgrate.exe
04/14/2008 06:42 AM 77,312 sdbinst.exe
04/14/2008 06:42 AM 18,944 secedit.exe
04/14/2008 06:42 AM 19,456 shutdown.exe
04/14/2008 06:42 AM 31,232 sethc.exe
04/14/2008 06:42 AM 77,824 shrpubw.exe
04/14/2008 06:42 AM 108,544 services.exe
04/14/2008 06:42 AM 141,312 sessmgr.exe
04/14/2008 06:42 AM 89,600 smlogsvc.exe
04/14/2008 06:42 AM 67,072 rdshost.exe
04/14/2008 06:42 AM 13,824 rdsaddin.exe
04/14/2008 06:42 AM 9,216 proxycfg.exe
04/14/2008 06:42 AM 14,336 runonce.exe
04/14/2008 06:42 AM 62,976 rdpclip.exe
04/14/2008 06:42 AM 95,744 scardsvr.exe
04/14/2008 06:42 AM 21,504 rcp.exe
04/14/2008 06:42 AM 50,176 proquota.exe
04/14/2008 06:42 AM 33,280 rundll32.exe
04/14/2008 06:42 AM 35,840 rcimlby.exe
04/14/2008 06:42 AM 56,832 rasphone.exe
04/14/2008 06:42 AM 19,968 qprocess.exe
04/14/2008 06:42 AM 50,176 reg.exe
04/14/2008 06:42 AM 13,312 savedump.exe
04/14/2008 06:42 AM 11,776 regsvr32.exe
04/14/2008 06:42 AM 13,824 rexec.exe
04/14/2008 06:42 AM 14,848 rsh.exe
04/14/2008 06:42 AM 107,520 rsnotify.exe
04/14/2008 06:42 AM 15,872 perfmon.exe
04/14/2008 06:42 AM 49,152 powercfg.exe
04/14/2008 06:42 AM 67,584 openfiles.exe
04/14/2008 06:42 AM 32,768 odbcad32.exe
04/14/2008 06:42 AM 58,368 packager.exe
04/14/2008 06:42 AM 215,552 osk.exe
04/14/2008 06:42 AM 420,864 ntvdm.exe
04/14/2008 06:42 AM 17,920 ping.exe
04/14/2008 06:42 AM 69,632 odbcconf.exe
04/14/2008 06:42 AM 109,568 progman.exe
04/14/2008 06:42 AM 1,200,640 ntbackup.exe
04/14/2008 06:42 AM 111,104 netdde.exe
04/14/2008 06:42 AM 12,288 mstinit.exe
04/14/2008 06:42 AM 124,928 net1.exe
04/14/2008 06:42 AM 176,640 napstat.exe
04/14/2008 06:42 AM 42,496 net.exe
04/14/2008 06:42 AM 343,040 mspaint.exe
04/14/2008 06:42 AM 78,848 msiexec.exe
04/14/2008 06:42 AM 76,800 nslookup.exe
04/14/2008 06:42 AM 4,096 nddeapir.exe
04/14/2008 06:42 AM 69,120 notepad.exe
04/14/2008 06:42 AM 53,760 narrator.exe
04/14/2008 06:42 AM 36,864 netstat.exe
04/14/2008 06:42 AM 86,016 netsh.exe
04/14/2008 06:42 AM 4,608 mqsvc.exe
04/14/2008 06:42 AM 143,360 mobsync.exe
04/14/2008 06:42 AM 19,968 mqbkup.exe
04/14/2008 06:42 AM 123,392 mplay32.exe
04/14/2008 06:42 AM 6,144 msdtc.exe
04/14/2008 06:42 AM 117,248 mqtgsvc.exe
04/14/2008 06:42 AM 33,792 mmcperf.exe
04/14/2008 06:42 AM 59,392 logman.exe
04/14/2008 06:42 AM 1,414,656 mmc.exe
04/14/2008 06:42 AM 57,344 makecab.exe
04/14/2008 06:42 AM 75,264 locator.exe
04/14/2008 06:42 AM 72,704 magnify.exe
04/14/2008 06:42 AM 13,312 lsass.exe
04/14/2008 06:42 AM 55,808 ipconfig.exe
04/14/2008 06:42 AM 23,552 ipxroute.exe
04/14/2008 06:42 AM 150,528 imapi.exe
04/14/2008 06:42 AM 53,248 ipv6.exe
04/14/2008 06:42 AM 114,688 iexpress.exe
04/14/2008 06:42 AM 677,888 mstsc.exe
04/14/2008 06:42 AM 39,424 grpconv.exe
04/14/2008 06:42 AM 42,496 ftp.exe
04/14/2008 06:42 AM 7,680 forcedos.exe
04/14/2008 06:42 AM 193,024 fsquirt.exe
04/14/2008 06:42 AM 59,904 getmac.exe
04/14/2008 06:42 AM 27,136 findstr.exe
04/14/2008 06:42 AM 23,040 fltMc.exe
04/14/2008 06:42 AM 15,872 help.exe
04/14/2008 06:42 AM 120,832 gpresult.exe
04/14/2008 06:42 AM 20,992 fontview.exe
04/14/2008 06:42 AM 82,944 eventtriggers.exe
04/14/2008 06:42 AM 10,752 dumprep.exe
04/14/2008 06:42 AM 193,024 eudcedit.exe
04/14/2008 06:42 AM 1,298,432 dxdiag.exe
04/14/2008 06:42 AM 24,064 extrac32.exe
04/14/2008 06:42 AM 50,688 eventcreate.exe
04/14/2008 06:42 AM 83,456 dpvsetup.exe
04/14/2008 06:42 AM 62,976 driverquery.exe
04/14/2008 06:42 AM 180,224 dwwin.exe
04/14/2008 06:42 AM 17,920 dvdupgrd.exe
04/14/2008 06:42 AM 163,840 diskpart.exe
04/14/2008 06:42 AM 6,144 dcomcnfg.exe
04/14/2008 06:42 AM 25,088 defrag.exe
04/14/2008 06:42 AM 29,696 dplaysvr.exe
04/14/2008 06:42 AM 17,920 dpnsvr.exe
04/14/2008 06:42 AM 224,768 dmadmin.exe
04/14/2008 06:42 AM 87,040 diantz.exe
04/14/2008 06:42 AM 30,208 ddeshare.exe
04/14/2008 06:42 AM 15,872 dmremote.exe
04/14/2008 06:42 AM 5,120 dllhost.exe
04/14/2008 06:42 AM 105,472 dfrgntfs.exe
04/14/2008 06:42 AM 15,360 ctfmon.exe
04/14/2008 06:42 AM 82,944 dfrgfat.exe
04/14/2008 06:42 AM 64,000 cleanmgr.exe
04/14/2008 06:42 AM 25,600 cmdl32.exe
04/14/2008 06:42 AM 6,144 csrss.exe
04/14/2008 06:42 AM 39,936 cmmon32.exe
04/14/2008 06:42 AM 20,480 cliconfg.exe
04/14/2008 06:42 AM 33,280 clipsrv.exe
04/14/2008 06:42 AM 389,120 cmd.exe
04/14/2008 06:42 AM 56,832 cipher.exe
04/14/2008 06:42 AM 63,488 cmstp.exe
04/14/2008 06:42 AM 5,632 cisvc.exe
04/14/2008 06:42 AM 102,912 clipbrd.exe
04/14/2008 06:42 AM 27,648 conime.exe
04/14/2008 06:42 AM 98,304 ahui.exe
04/14/2008 06:42 AM 4,096 actmovie.exe
04/14/2008 06:42 AM 44,544 alg.exe
04/14/2008 06:42 AM 32,768 asr_pfu.exe
04/14/2008 06:42 AM 14,336 auditusr.exe
04/14/2008 06:42 AM 12,288 attrib.exe
04/14/2008 06:42 AM 19,968 cacls.exe
04/14/2008 06:42 AM 588,800 autochk.exe
04/14/2008 06:42 AM 580,608 autofmt.exe
04/14/2008 06:42 AM 602,624 autoconv.exe
04/14/2008 06:42 AM 142,848 bootcfg.exe
04/14/2008 06:42 AM 71,680 blastcln.exe
04/14/2008 06:42 AM 30,208 asr_fmt.exe
04/14/2008 06:42 AM 11,264 autolfn.exe
04/14/2008 06:42 AM 11,264 atmadm.exe
04/14/2008 06:42 AM 25,088 at.exe
04/14/2008 06:42 AM 91,648 xactsrv.dll
04/14/2008 06:42 AM 383,488 wzcdlg.dll
04/14/2008 06:42 AM 6,656 wuauserv.dll
04/14/2008 06:42 AM 183,296 wuaueng1.dll
04/14/2008 06:42 AM 338,432 zipfldr.dll
04/14/2008 06:42 AM 50,176 xmlprovi.dll
04/14/2008 06:42 AM 11,776 xolehlp.dll
04/14/2008 06:42 AM 1,135,616 wuaueng.dll.wusetup.238859.bak
04/14/2008 06:42 AM 184,320 accwiz.exe
04/14/2008 06:42 AM 430,592 wuapi.dll.wusetup.238593.bak
04/14/2008 06:42 AM 18,432 wtsapi32.dll
04/14/2008 06:42 AM 50,688 wstdecod.dll
04/14/2008 06:42 AM 22,528 wsock32.dll
04/14/2008 06:42 AM 41,984 wsnmp32.dll
04/14/2008 06:42 AM 19,456 wshtcpip.dll
04/14/2008 06:42 AM 303,616 wmstream.dll
04/14/2008 06:42 AM 264,192 wow32.dll
04/14/2008 06:42 AM 11,264 WshRm.dll
04/14/2008 06:42 AM 14,336 wship6.dll
04/14/2008 06:42 AM 36,864 wshcon.dll
04/14/2008 06:42 AM 108,032 wshbth.dll
04/14/2008 06:42 AM 604,160 wsecedit.dll
04/14/2008 06:42 AM 80,896 wscsvc.dll
04/14/2008 06:42 AM 82,432 ws2_32.dll
04/14/2008 06:42 AM 129,024 xmlprov.dll
04/14/2008 06:42 AM 19,968 ws2help.dll
04/14/2008 06:42 AM 589,312 wiashext.dll
04/14/2008 06:42 AM 115,200 wmsdmoe.dll
04/14/2008 06:42 AM 20,480 wmpui.dll
04/14/2008 06:42 AM 221,184 wmpns.dll
04/14/2008 06:42 AM 276,992 wmphoto.dll
04/14/2008 06:42 AM 20,480 wmpcore.dll
04/14/2008 06:42 AM 20,480 wmpcd.dll
04/14/2008 06:42 AM 92,672 wlnotify.dll
04/14/2008 06:42 AM 172,032 wldap32.dll
04/14/2008 06:42 AM 69,120 wlanapi.dll
04/14/2008 06:42 AM 132,096 wkssvc.dll
04/14/2008 06:42 AM 176,640 wintrust.dll
04/14/2008 06:42 AM 53,760 winsta.dll
04/14/2008 06:42 AM 293,376 winsrv.dll
04/14/2008 06:42 AM 133,632 upnp.dll
04/14/2008 06:42 AM 185,856 upnphost.dll
04/14/2008 06:42 AM 239,616 upnpui.dll
04/14/2008 06:42 AM 16,896 usbmon.dll
04/14/2008 06:42 AM 74,240 usbui.dll
04/14/2008 06:42 AM 578,560 user32.dll
04/14/2008 06:42 AM 727,040 userenv.dll
04/14/2008 06:42 AM 406,016 usp10.dll
04/14/2008 06:42 AM 17,408 winshfhc.dll
04/14/2008 06:42 AM 99,328 winscard.dll
04/14/2008 06:42 AM 16,896 winrnr.dll
04/14/2008 06:42 AM 30,749 vbajet32.dll
04/14/2008 06:42 AM 26,112 vdmdbg.dll
04/14/2008 06:42 AM 51,712 vdmredir.dll
04/14/2008 06:42 AM 26,624 verifier.dll
04/14/2008 06:42 AM 18,944 version.dll
04/14/2008 06:42 AM 430,592 vssapi.dll
04/14/2008 06:42 AM 175,104 w32time.dll
04/14/2008 06:42 AM 176,128 winmm.dll
04/14/2008 06:42 AM 215,552 wavemsp.dll
04/14/2008 06:42 AM 32,256 winipsec.dll
04/14/2008 06:42 AM 354,304 winhttp.dll
04/14/2008 06:42 AM 49,152 wdigest.dll
04/14/2008 06:42 AM 68,096 webclnt.dll
04/14/2008 06:42 AM 135,680 webvw.dll
04/14/2008 06:42 AM 463,360 wiadefui.dll
04/14/2008 06:42 AM 124,416 wiadss.dll
04/14/2008 06:42 AM 346,112 windowscodecsext.dll
04/14/2008 06:42 AM 712,704 windowscodecs.dll
04/14/2008 06:42 AM 75,776 wiascr.dll
04/14/2008 06:42 AM 102,400 win32spl.dll
04/14/2008 06:42 AM 111,104 wiavideo.dll
04/14/2008 06:42 AM 333,824 wiaservc.dll
04/14/2008 06:42 AM 15,872 w3ssl.dll
04/14/2008 06:42 AM 117,760 t2embed.dll
04/14/2008 06:42 AM 858,624 tapi3.dll
04/14/2008 06:42 AM 181,760 tapi32.dll
04/14/2008 06:42 AM 249,856 tapisrv.dll
04/14/2008 06:42 AM 14,848 tcpmib.dll
04/14/2008 06:42 AM 191,488 syncui.dll
04/14/2008 06:42 AM 45,568 tcpmon.dll
04/14/2008 06:42 AM 45,568 tcpmonui.dll
04/14/2008 06:42 AM 57,856 synceng.dll
04/14/2008 06:42 AM 713,216 sxs.dll
04/14/2008 06:42 AM 358,400 termmgr.dll
04/14/2008 06:42 AM 75,776 strmfilt.dll
04/14/2008 06:42 AM 295,424 termsrv.dll
04/14/2008 06:42 AM 385,536 themeui.dll
04/14/2008 06:42 AM 246,814 strmdll.dll
04/14/2008 06:42 AM 316,416 untfs.dll
04/14/2008 06:42 AM 74,752 storprop.dll
04/14/2008 06:42 AM 13,824 uniplat.dll
04/14/2008 06:42 AM 74,240 unimdmat.dll
04/14/2008 06:42 AM 123,392 umpnpmgr.dll
04/14/2008 06:42 AM 121,856 stobject.dll
04/14/2008 06:42 AM 25,088 slayerxp.dll
04/14/2008 06:42 AM 136,704 sti_ci.dll
04/14/2008 06:42 AM 35,840 umandlg.dll
04/14/2008 06:42 AM 275,456 ulib.dll
04/14/2008 06:42 AM 98,304 slbiop.dll
04/14/2008 06:42 AM 7,168 tlntsvrp.dll
04/14/2008 06:42 AM 26,624 udhisapi.dll
04/14/2008 06:42 AM 68,096 sti.dll
04/14/2008 06:42 AM 362,496 smlogcfg.dll
04/14/2008 06:42 AM 59,392 stclient.dll
04/14/2008 06:42 AM 101,376 txflog.dll
04/14/2008 06:42 AM 57,856 twext.dll
04/14/2008 06:42 AM 71,680 ssdpsrv.dll
04/14/2008 06:42 AM 34,816 ssdpapi.dll
04/14/2008 06:42 AM 96,768 srvsvc.dll
04/14/2008 06:42 AM 171,008 srsvc.dll
04/14/2008 06:42 AM 239,104 srrstr.dll
04/14/2008 06:42 AM 67,584 srclient.dll
04/14/2008 06:42 AM 180,800 sqlunirl.dll
04/14/2008 06:42 AM 442,368 sqlsrv32.dll
04/14/2008 06:42 AM 50,688 tspkg.dll
04/14/2008 06:42 AM 53,248 tsgqec.dll
04/14/2008 06:42 AM 75,264 spoolss.dll
04/14/2008 06:42 AM 93,696 tscfgwmi.dll
04/14/2008 06:42 AM 90,112 trkwks.dll
04/14/2008 06:42 AM 182,272 snmpsnap.dll
04/14/2008 06:42 AM 18,944 snmpapi.dll
04/14/2008 06:42 AM 399,360 rpcss.dll
04/14/2008 06:42 AM 18,944 rsmps.dll
04/14/2008 06:42 AM 584,704 rpcrt4.dll
04/14/2008 06:42 AM 92,672 rsvpsp.dll
04/14/2008 06:42 AM 31,744 rtipxmib.dll
04/14/2008 06:42 AM 433,664 riched20.dll
04/14/2008 06:42 AM 44,032 rtutils.dll
04/14/2008 06:42 AM 290,304 rhttpaa.dll
04/14/2008 06:42 AM 58,880 resutils.dll
04/14/2008 06:42 AM 60,416 remotepg.dll
04/14/2008 06:42 AM 397,824 regwizc.dll
04/14/2008 06:42 AM 43,520 safrcdlg.dll
04/14/2008 06:42 AM 29,696 safrdm.dll
04/14/2008 06:42 AM 13,312 sigtab.dll
04/14/2008 06:42 AM 45,568 safrslv.dll
04/14/2008 06:42 AM 135,168 shsvcs.dll
04/14/2008 06:42 AM 27,648 shscrap.dll
04/14/2008 06:42 AM 64,000 samlib.dll
04/14/2008 06:42 AM 415,744 samsrv.dll
04/14/2008 06:42 AM 59,904 regsvc.dll
04/14/2008 06:42 AM 152,064 shmedia.dll
04/14/2008 06:42 AM 49,664 regapi.dll
04/14/2008 06:42 AM 19,968 rdpsnd.dll
04/14/2008 06:42 AM 438,272 shimgvw.dll
04/14/2008 06:42 AM 270,848 sbe.dll
04/14/2008 06:42 AM 65,024 shimeng.dll
04/14/2008 06:42 AM 68,096 shgina.dll
04/14/2008 06:42 AM 159,232 sbeio.dll
04/14/2008 06:42 AM 25,088 shfolder.dll
04/14/2008 06:42 AM 69,632 scarddlg.dll
04/14/2008 06:42 AM 171,008 sccsccp.dll
04/14/2008 06:42 AM 181,248 scecli.dll
04/14/2008 06:42 AM 1,614,848 sfcfiles.dll
04/14/2008 06:42 AM 314,880 scesrv.dll
04/14/2008 06:42 AM 144,384 schannel.dll
04/14/2008 06:42 AM 5,120 sfc.dll
04/14/2008 06:42 AM 192,512 schedsvc.dll
04/14/2008 06:42 AM 20,480 sclgntfy.dll
04/14/2008 06:42 AM 29,184 sdhcinst.dll
04/14/2008 06:42 AM 39,936 rshx32.dll
04/14/2008 06:42 AM 18,944 seclogon.dll
04/14/2008 06:42 AM 56,320 secur32.dll
04/14/2008 06:42 AM 985,088 setupapi.dll
04/14/2008 06:42 AM 5,632 security.dll
04/14/2008 06:42 AM 29,184 sendcmsg.dll
04/14/2008 06:42 AM 54,784 sendmail.dll
04/14/2008 06:42 AM 39,424 sens.dll
04/14/2008 06:42 AM 7,168 sensapi.dll
04/14/2008 06:42 AM 56,320 servdeps.dll
04/14/2008 06:42 AM 488,448 ntmsmgr.dll
04/14/2008 06:42 AM 435,200 ntmssvc.dll
04/14/2008 06:42 AM 91,136 ntprint.dll
04/14/2008 06:42 AM 179,200 ntmsdba.dll
04/14/2008 06:42 AM 40,960 ntmsapi.dll
04/14/2008 06:42 AM 313,856 p2pgraph.dll
04/14/2008 06:42 AM 118,784 ntmarta.dll
04/14/2008 06:42 AM 8,192 ntlsapi.dll
04/14/2008 06:42 AM 115,712 p2pnetsh.dll
04/14/2008 06:42 AM 143,360 ntshrui.dll
04/14/2008 06:42 AM 554,496 p2psvc.dll
04/14/2008 06:42 AM 15,360 ntvdmd.dll
04/14/2008 06:42 AM 64,000 nwapi32.dll
04/14/2008 06:42 AM 44,032 ntlanman.dll
04/14/2008 06:42 AM 67,072 ntdsapi.dll
04/14/2008 06:42 AM 67,584 pautoenr.dll
04/14/2008 06:42 AM 142,336 nwprovau.dll
04/14/2008 06:42 AM 284,160 pdh.dll
04/14/2008 06:42 AM 39,936 perfctrs.dll
04/14/2008 06:42 AM 18,944 qmgrprxy.dll
04/14/2008 06:42 AM 54,784 npptools.dll
04/14/2008 06:42 AM 105,472 p2pgasvc.dll
04/14/2008 06:42 AM 26,624 perfdisk.dll
04/14/2008 06:42 AM 65,536 nwwks.dll
04/14/2008 06:42 AM 17,920 perfnet.dll
04/14/2008 06:42 AM 247,808 newdev.dll
04/14/2008 06:42 AM 270,336 oakley.dll
04/14/2008 06:42 AM 245,760 netui1.dll
04/14/2008 06:42 AM 80,896 netui0.dll
04/14/2008 06:42 AM 25,088 perfos.dll
04/14/2008 06:42 AM 1,703,936 netshell.dll
04/14/2008 06:42 AM 34,816 perfproc.dll
04/14/2008 06:42 AM 1,435,648 query.dll
04/14/2008 06:42 AM 153,600 p2p.dll
04/14/2008 06:42 AM 76,800 qutil.dll
04/14/2008 06:42 AM 43,520 racpldlg.dll
04/14/2008 06:42 AM 7,680 rasadhlp.dll
04/14/2008 06:42 AM 237,056 rasapi32.dll
04/14/2008 06:42 AM 412,160 photometadatahandler.dll
04/14/2008 06:42 AM 176,128 photowiz.dll
04/14/2008 06:42 AM 88,576 rasauto.dll
04/14/2008 06:42 AM 58,880 pnrpnsp.dll
04/14/2008 06:42 AM 67,584 osuninst.dll
04/14/2008 06:42 AM 286,208 objsel.dll
04/14/2008 06:42 AM 105,472 polstore.dll
04/14/2008 06:42 AM 713,728 opengl32.dll
04/14/2008 06:42 AM 409,088 qmgr.dll
04/14/2008 06:42 AM 79,872 raschap.dll
04/14/2008 06:42 AM 17,408 powrprof.dll
04/14/2008 06:42 AM 658,432 rasdlg.dll
04/14/2008 06:42 AM 560,640 printui.dll
04/14/2008 06:42 AM 67,584 ocmanage.dll
04/14/2008 06:42 AM 249,856 odbc32.dll
04/14/2008 06:42 AM 61,440 rasman.dll
04/14/2008 06:42 AM 186,368 rasmans.dll
04/14/2008 06:42 AM 16,384 odbc32gt.dll
04/14/2008 06:42 AM 144,384 onex.dll
04/14/2008 06:42 AM 27,648 profmap.dll
04/14/2008 06:42 AM 84,992 olepro32.dll
04/14/2008 06:42 AM 210,944 rasppp.dll
04/14/2008 06:42 AM 61,952 rasqec.dll
04/14/2008 06:42 AM 16,384 rassapi.dll
04/14/2008 06:42 AM 58,368 rastapi.dll
04/14/2008 06:42 AM 23,040 psapi.dll
04/14/2008 06:42 AM 96,768 psbase.dll
04/14/2008 06:42 AM 150,016 rastls.dll
04/14/2008 06:42 AM 102,400 rcbdyctl.dll
04/14/2008 06:42 AM 43,520 pstorec.dll
04/14/2008 06:42 AM 34,304 pstorsvc.dll
04/14/2008 06:42 AM 147,968 rdchost.dll
04/14/2008 06:42 AM 150,528 qagent.dll
04/14/2008 06:42 AM 24,576 odbcbcp.dll
04/14/2008 06:42 AM 291,328 qagentrt.dll
04/14/2008 06:42 AM 192,512 qcap.dll
04/14/2008 06:42 AM 62,464 qcliprov.dll
04/14/2008 06:42 AM 107,008 oleprn.dll
04/14/2008 06:42 AM 135,168 odbcconf.dll
04/14/2008 06:42 AM 106,496 odbccp32.dll
04/14/2008 06:42 AM 122,880 oledlg.dll
04/14/2008 06:42 AM 65,536 odbccr32.dll
04/14/2008 06:42 AM 279,040 qdv.dll
04/14/2008 06:42 AM 65,536 odbccu32.dll
04/14/2008 06:42 AM 386,048 qdvd.dll
04/14/2008 06:42 AM 278,559 odbcjt32.dll
04/14/2008 06:42 AM 147,456 odbctrac.dll
04/14/2008 06:42 AM 20,511 oddbse32.dll
04/14/2008 06:42 AM 37,376 olecnv32.dll
04/14/2008 06:42 AM 20,510 odexl32.dll
04/14/2008 06:42 AM 562,176 qedit.dll
04/14/2008 06:42 AM 20,510 odfox32.dll
04/14/2008 06:42 AM 20,510 odpdx32.dll
04/14/2008 06:42 AM 20,511 odtext32.dll
04/14/2008 06:42 AM 192,000 offfilt.dll
04/14/2008 06:42 AM 1,287,168 ole32.dll
04/14/2008 06:42 AM 551,936 oleaut32.dll
04/14/2008 06:42 AM 98,304 nlhtml.dll
04/14/2008 06:42 AM 74,752 olecli32.dll
04/14/2008 06:42 AM 413,696 msvcp60.dll
04/14/2008 06:42 AM 343,040 msvcrt.dll
04/14/2008 06:42 AM 121,344 msvfw32.dll
04/14/2008 06:42 AM 1,428,992 msvidctl.dll
04/14/2008 06:42 AM 57,344 msvcirt.dll
04/14/2008 06:42 AM 72,704 msw3prt.dll
04/14/2008 06:42 AM 1,384,479 msvbvm60.dll
04/14/2008 06:42 AM 203,776 mswebdvd.dll
04/14/2008 06:42 AM 506,368 msxml.dll
04/14/2008 06:42 AM 132,608 msv1_0.dll
04/14/2008 06:42 AM 701,440 msxml2.dll
04/14/2008 06:42 AM 1,104,896 msxml3.dll
04/14/2008 06:42 AM 195,072 msutb.dll
04/14/2008 06:42 AM 116,224 mstlsapi.dll
04/14/2008 06:42 AM 274,944 mstask.dll
04/14/2008 06:42 AM 155,136 mssha.dll
04/14/2008 06:42 AM 1,306,624 msxml6.dll
04/14/2008 06:42 AM 134,656 mssap.dll
04/14/2008 06:42 AM 11,264 msrle32.dll
04/14/2008 06:42 AM 66,560 mtxclu.dll
04/14/2008 06:42 AM 29,696 mspatcha.dll
04/14/2008 06:42 AM 143,360 msorcl32.dll
04/14/2008 06:42 AM 30,720 mtxdm.dll
04/14/2008 06:42 AM 4,096 mtxex.dll
04/14/2008 06:42 AM 34,304 mtxlegih.dll
04/14/2008 06:42 AM 91,648 mtxoci.dll
04/14/2008 06:42 AM 90,624 mydocs.dll
04/14/2008 06:42 AM 30,208 napipsec.dll
04/14/2008 06:42 AM 151,583 msjint40.dll
04/14/2008 06:42 AM 193,024 napmontr.dll
04/14/2008 06:42 AM 36,352 ncobjapi.dll
04/14/2008 06:42 AM 17,920 nddeapi.dll
04/14/2008 06:42 AM 18,944 nddenb32.dll
04/14/2008 06:42 AM 622,592 netcfgx.dll
04/14/2008 06:42 AM 139,264 netid.dll
04/14/2008 06:42 AM 407,040 netlogon.dll
04/14/2008 06:42 AM 198,144 netman.dll
04/14/2008 06:42 AM 875,008 netplwiz.dll
04/14/2008 06:42 AM 105,984 msoert2.dll
04/14/2008 06:42 AM 11,776 netrap.dll
04/14/2008 06:42 AM 252,928 msoeacct.dll
04/14/2008 06:42 AM 25,088 mslbui.dll
04/14/2008 06:42 AM 290,816 msnsspc.dll
04/14/2008 06:42 AM 337,408 netapi32.dll
04/14/2008 06:42 AM 15,360 msisip.dll
04/14/2008 06:42 AM 159,232 MSIMTF.dll
04/14/2008 06:42 AM 4,608 msimg32.dll
04/14/2008 06:42 AM 271,360 msihnd.dll
04/14/2008 06:42 AM 248,832 msieftp.dll
04/14/2008 06:42 AM 6,656 msidle.dll
04/14/2008 06:42 AM 51,712 msident.dll
04/14/2008 06:42 AM 2,843,136 msi.dll
04/14/2008 06:42 AM 33,792 msgsvc.dll
04/14/2008 06:42 AM 187,392 mqtrig.dll
04/14/2008 06:42 AM 539,136 msftedit.dll
04/14/2008 06:42 AM 161,792 msdtcuiu.dll
04/14/2008 06:42 AM 956,928 msdtctm.dll
04/14/2008 06:42 AM 427,008 msdtcprx.dll
04/14/2008 06:42 AM 58,880 msdtclog.dll
04/14/2008 06:42 AM 14,336 msdmo.dll
04/14/2008 06:42 AM 151,552 msdart.dll
04/14/2008 06:42 AM 118,784 msdadiag.dll
04/14/2008 06:42 AM 68,608 MSCTFP.dll
04/14/2008 06:42 AM 297,984 MSCTF.dll
04/14/2008 06:42 AM 36,864 mscpxl32.dLL
04/14/2008 06:42 AM 57,344 msasn1.dll
04/14/2008 06:42 AM 86,016 msapsspc.dll
04/14/2008 06:42 AM 71,680 msacm32.dll
04/14/2008 06:42 AM 471,552 mqutil.dll
04/14/2008 06:42 AM 49,152 mqupgrd.dll
04/14/2008 06:42 AM 517,632 mqsnap.dll
04/14/2008 06:41 AM 2,061,824 mstscax.dll
04/14/2008 06:41 AM 95,744 mqsec.dll
04/14/2008 06:41 AM 123,904 mqrtdep.dll
04/14/2008 06:41 AM 177,152 mqrt.dll
04/14/2008 06:41 AM 663,040 mqqm.dll
04/14/2008 06:41 AM 225,280 mqoa.dll
04/14/2008 06:41 AM 89,088 mqlogmgr.dll
04/14/2008 06:41 AM 16,896 mqise.dll
04/14/2008 06:41 AM 47,616 mqdscli.dll
04/14/2008 06:41 AM 138,240 mqad.dll
04/14/2008 06:41 AM 53,248 mprdim.dll
04/14/2008 06:41 AM 87,040 mprapi.dll
04/14/2008 06:41 AM 59,904 mpr.dll
04/14/2008 06:41 AM 153,600 modemui.dll
04/14/2008 06:41 AM 207,360 mobsync.dll
04/14/2008 06:41 AM 17,408 mmfutil.dll
04/14/2008 06:41 AM 61,440 mmcshext.dll
04/14/2008 06:41 AM 299,520 kerberos.dll
04/14/2008 06:41 AM 989,696 kernel32.dll
04/14/2008 06:41 AM 1,872,896 mmcndmgr.dll
04/14/2008 06:41 AM 106,496 mmcfxcommon.dll
04/14/2008 06:41 AM 397,312 mmcex.dll
04/14/2008 06:41 AM 150,528 keymgr.dll
04/14/2008 06:41 AM 163,328 mmcbase.dll
04/14/2008 06:41 AM 586,240 mlang.dll
04/14/2008 06:41 AM 61,440 kmsvc.dll
04/14/2008 06:41 AM 29,696 mimefilt.dll
04/14/2008 06:41 AM 60,928 miglibnt.dll
04/14/2008 06:41 AM 18,944 midimap.dll
04/14/2008 06:41 AM 184,320 microsoft.managementconsole.dll
04/14/2008 06:41 AM 37,376 l2gpstore.dll
04/14/2008 06:41 AM 14,848 mgmtapi.dll
04/14/2008 06:41 AM 22,528 mfcsubs.dll
04/14/2008 06:41 AM 1,028,096 mfc42.dll
04/14/2008 06:41 AM 927,504 mfc40u.dll
04/14/2008 06:41 AM 40,960 mf3216.dll
04/14/2008 06:41 AM 118,272 mdminst.dll
04/14/2008 06:41 AM 23,552 mciwave.dll
04/14/2008 06:41 AM 23,040 mciseq.dll
04/14/2008 06:41 AM 35,328 mciqtz32.dll
04/14/2008 06:41 AM 84,480 mciavi32.dll
04/14/2008 06:41 AM 14,336 mcastmib.dll
04/14/2008 06:41 AM 423,936 licdll.dll
04/14/2008 06:41 AM 728,064 lsasrv.dll
04/14/2008 06:41 AM 58,880 licwmi.dll
04/14/2008 06:41 AM 10,240 lprhelp.dll
04/14/2008 06:41 AM 19,968 linkinfo.dll
04/14/2008 06:41 AM 13,824 lmhsvc.dll
04/14/2008 06:41 AM 399,872 lmrt.dll
04/14/2008 06:41 AM 22,016 lpk.dll
04/14/2008 06:41 AM 11,776 localui.dll
04/14/2008 06:41 AM 97,280 loadperf.dll
04/14/2008 06:41 AM 343,040 localspl.dll
04/14/2008 06:41 AM 221,696 localsec.dll
04/14/2008 06:41 AM 110,080 imm32.dll
04/14/2008 06:41 AM 144,384 imagehlp.dll
04/14/2008 06:41 AM 27,648 jgpl400.dll
04/14/2008 06:41 AM 8,192 igmpagnt.dll
04/14/2008 06:41 AM 135,680 ifmon.dll
04/14/2008 06:41 AM 274,432 inetcfg.dll
04/14/2008 06:41 AM 32,768 inetmib1.dll
04/14/2008 06:41 AM 75,264 inetpp.dll
04/14/2008 06:41 AM 120,832 idq.dll
04/14/2008 06:41 AM 15,872 inetppui.dll
04/14/2008 06:41 AM 163,840 jgdw400.dll
04/14/2008 06:41 AM 147,456 initpki.dll
04/14/2008 06:41 AM 65,536 icwphbk.dll
04/14/2008 06:41 AM 54,272 ixsso.dll
04/14/2008 06:41 AM 285,184 gdi32.dll
04/14/2008 06:41 AM 73,728 icwdial.dll
04/14/2008 06:41 AM 191,488 iuengine.dll
04/14/2008 06:41 AM 254,976 icm32.dll
04/14/2008 06:41 AM 138,240 itss.dll
04/14/2008 06:41 AM 155,136 itircl.dll
04/14/2008 06:41 AM 80,384 iccvid.dll
04/14/2008 06:41 AM 81,920 isign32.dll
04/14/2008 06:41 AM 123,392 input.dll
04/14/2008 06:41 AM 94,720 iphlpapi.dll
04/14/2008 06:41 AM 183,808 ir50_qcx.dll
04/14/2008 06:41 AM 11,264 icaapi.dll
04/14/2008 06:41 AM 200,192 ir50_qc.dll
04/14/2008 06:41 AM 161,280 ipmontr.dll
04/14/2008 06:41 AM 119,808 iasrad.dll
04/14/2008 06:41 AM 755,200 ir50_32.dll
04/14/2008 06:41 AM 338,432 ir41_qcx.dll
04/14/2008 06:41 AM 122,880 glu32.dll
04/14/2008 06:41 AM 120,320 ir41_qc.dll
04/14/2008 06:41 AM 22,016 ipxwan.dll
04/14/2008 06:41 AM 347,136 hypertrm.dll
04/14/2008 06:41 AM 41,984 htui.dll
04/14/2008 06:41 AM 199,680 gptext.dll
04/14/2008 06:41 AM 59,904 ipv6mon.dll
04/14/2008 06:41 AM 24,576 httpapi.dll
04/14/2008 06:41 AM 384,000 ipsmsnap.dll
04/14/2008 06:41 AM 614,912 h323msp.dll
04/14/2008 06:41 AM 7,168 hccoin.dll
04/14/2008 06:41 AM 183,808 ipsecsvc.dll
04/14/2008 06:41 AM 41,472 hhsetup.dll
04/14/2008 06:41 AM 144,896 hotplug.dll
04/14/2008 06:41 AM 349,696 ipsecsnp.dll
04/14/2008 06:41 AM 177,152 iprtrmgr.dll
04/14/2008 06:41 AM 72,704 hlink.dll
04/14/2008 06:41 AM 36,921 imeshare.dll
04/14/2008 06:41 AM 330,752 ippromon.dll
04/14/2008 06:41 AM 344,064 hnetcfg.dll
04/14/2008 06:41 AM 331,264 ipnathlp.dll
04/14/2008 06:41 AM 330,752 hnetwiz.dll
04/14/2008 06:41 AM 379,904 dhcpmon.dll
04/14/2008 06:41 AM 126,976 eappcfg.dll
04/14/2008 06:41 AM 48,640 dhcpqec.dll
04/14/2008 06:41 AM 68,608 digest.dll
04/14/2008 06:41 AM 19,456 dimsntfy.dll
04/14/2008 06:41 AM 39,936 dimsroam.dll
04/14/2008 06:41 AM 158,720 dinput.dll
04/14/2008 06:41 AM 184,832 eapp3hst.dll
04/14/2008 06:41 AM 30,720 eapolqec.dll
04/14/2008 06:41 AM 498,742 dxmasf.dll
04/14/2008 06:41 AM 2,113,536 dxdiagn.dll
04/14/2008 06:41 AM 1,227,264 dx8vb.dll
04/14/2008 06:41 AM 94,208 eappgnui.dll
04/14/2008 06:41 AM 304,128 duser.dll
04/14/2008 06:41 AM 180,224 eapphost.dll
04/14/2008 06:41 AM 19,456 dswave.dll
04/14/2008 06:41 AM 113,152 dsuiext.dll
04/14/2008 06:41 AM 40,960 eappprxy.dll
04/14/2008 06:41 AM 181,760 dinput8.dll
04/14/2008 06:41 AM 59,392 eapqec.dll
04/14/2008 06:41 AM 33,792 eapsvc.dll
04/14/2008 06:41 AM 26,624 efsadu.dll
04/14/2008 06:41 AM 239,104 dsquery.dll
04/14/2008 06:41 AM 142,848 dsprop.dll
04/14/2008 06:41 AM 183,296 els.dll
04/14/2008 06:41 AM 1,293,824 dsound3d.dll
04/14/2008 06:41 AM 20,480 encapi.dll
04/14/2008 06:41 AM 367,616 dsound.dll
04/14/2008 06:41 AM 155,648 dskquoui.dll
04/14/2008 06:41 AM 92,672 dskquota.dll
04/14/2008 06:41 AM 71,680 dsdmoprp.dll
04/14/2008 06:41 AM 186,880 encdec.dll
04/14/2008 06:41 AM 23,040 ersvc.dll
04/14/2008 06:41 AM 1,082,368 esent.dll
04/14/2008 06:41 AM 56,320 eventlog.dll
04/14/2008 06:41 AM 181,248 dsdmo.dll
04/14/2008 06:41 AM 380,445 expsrv.dll
04/14/2008 06:41 AM 16,384 ds32gt.dll
04/14/2008 06:41 AM 14,336 drprov.dll
04/14/2008 06:41 AM 125,952 exts.dll
04/14/2008 06:41 AM 87,040 drmstor.dll
04/14/2008 06:41 AM 1,504,256 diskcopy.dll
04/14/2008 06:41 AM 32,768 dispex.dll
04/14/2008 06:41 AM 60,416 fwcfg.dll
04/14/2008 06:41 AM 80,384 faultrep.dll
04/14/2008 06:41 AM 57,344 dpwsockx.dll
04/14/2008 06:41 AM 116,736 dpvvox.dll
04/14/2008 06:41 AM 124,928 fde.dll
04/14/2008 06:41 AM 212,480 dpvoice.dll
04/14/2008 06:41 AM 21,504 dpvacm.dll
04/14/2008 06:41 AM 60,928 dpnhupnp.dll
04/14/2008 06:41 AM 35,328 dpnhpast.dll
04/14/2008 06:41 AM 375,296 dpnet.dll
04/14/2008 06:41 AM 23,552 dpmodemx.dll
04/14/2008 06:41 AM 229,888 dplayx.dll
04/14/2008 06:41 AM 650,752 dot3ui.dll
04/14/2008 06:41 AM 132,096 dot3svc.dll
04/14/2008 06:41 AM 56,320 dot3msm.dll
04/14/2008 06:41 AM 39,936 dot3gpclnt.dll
04/14/2008 06:41 AM 9,216 dot3dlg.dll
04/14/2008 06:41 AM 57,856 dot3cfg.dll
04/14/2008 06:41 AM 26,112 dot3api.dll
04/14/2008 06:41 AM 48,128 docprop2.dll
04/14/2008 06:41 AM 45,568 dnsrslvr.dll
04/14/2008 06:41 AM 73,728 fdeploy.dll
04/14/2008 06:41 AM 21,504 feclient.dll
04/14/2008 06:41 AM 337,920 filemgmt.dll
04/14/2008 06:41 AM 87,552 fldrclnr.dll
04/14/2008 06:41 AM 104,448 dmusic.dll
04/14/2008 06:41 AM 103,424 dmsynth.dll
04/14/2008 06:41 AM 16,896 fltlib.dll
04/14/2008 06:41 AM 105,984 dmstyle.dll
04/14/2008 06:41 AM 23,552 dmserver.dll
04/14/2008 06:41 AM 80,896 fontsub.dll
04/14/2008 06:41 AM 82,432 dmscript.dll
04/14/2008 06:41 AM 28,672 dmband.dll
04/14/2008 06:41 AM 619,008 dx7vb.dll
04/14/2008 06:41 AM 382,976 fontext.dll
04/14/2008 06:41 AM 35,840 dmloader.dll
04/14/2008 06:41 AM 181,248 dmime.dll
04/14/2008 06:41 AM 200,704 dmdskmgr.dll
04/14/2008 06:41 AM 285,184 dmdlgs.dll
04/14/2008 06:41 AM 61,440 dmcompos.dll
04/14/2008 06:41 AM 51,200 dssec.dll
04/14/2008 06:41 AM 252,928 compatUI.dll
04/14/2008 06:41 AM 344,064 cmdial32.dll
04/14/2008 06:41 AM 13,312 cmsetACL.dll
04/14/2008 06:41 AM 62,464 authz.dll
04/14/2008 06:41 AM 194,560 certcli.dll
04/14/2008 06:41 AM 2,091,520 cdosys.dll
04/14/2008 06:41 AM 151,040 cdfview.dll
04/14/2008 06:41 AM 39,424 cmutil.dll
04/14/2008 06:41 AM 498,688 clbcatq.dll
04/14/2008 06:41 AM 42,496 audiosrv.dll
04/14/2008 06:41 AM 77,824 cliconfg.dll
04/14/2008 06:41 AM 625,664 catsrvut.dll
04/14/2008 06:41 AM 457,728 certmgr.dll
04/14/2008 06:41 AM 85,504 catsrvps.dll
04/14/2008 06:41 AM 84,992 avifil32.dll
04/14/2008 06:41 AM 226,304 catsrv.dll
04/14/2008 06:41 AM 150,016 capesnpn.dll
04/14/2008 06:41 AM 50,688 camocx.dll
04/14/2008 06:41 AM 30,208 atmlib.dll
04/14/2008 06:41 AM 84,480 cabview.dll
04/14/2008 06:41 AM 60,416 cabinet.dll
04/14/2008 06:41 AM 126,976 dhcpcsvc.dll
04/14/2008 06:41 AM 111,104 dgnet.dll
04/14/2008 06:41 AM 28,672 dfsshlex.dll
04/14/2008 06:41 AM 124,416 dfrgui.dll
04/14/2008 06:41 AM 39,424 dfrgsnap.dll
04/14/2008 06:41 AM 282,624 devmgr.dll
04/14/2008 06:41 AM 59,904 devenum.dll
04/14/2008 06:41 AM 27,136 ddrawex.dll
04/14/2008 06:41 AM 279,552 ddraw.dll
04/14/2008 06:41 AM 229,376 compstui.dll
04/14/2008 06:41 AM 50,688 btpanui.dll
04/14/2008 06:41 AM 30,208 bthserv.dll
04/14/2008 06:41 AM 8,704 dciman32.dll
04/14/2008 06:41 AM 20,992 bthci.dll
04/14/2008 06:41 AM 78,336 browsewm.dll
04/14/2008 06:41 AM 77,824 browser.dll
04/14/2008 06:41 AM 28,672 dbnmpntw.dll
04/14/2008 06:41 AM 110,592 dbnetlib.dll
04/14/2008 06:41 AM 24,576 dbmsrpcn.dll
04/14/2008 06:41 AM 7,168 bitsprx4.dll
04/14/2008 06:41 AM 640,000 dbghelp.dll
04/14/2008 06:41 AM 7,168 bitsprx3.dll
04/14/2008 06:41 AM 25,088 davclnt.dll
04/14/2008 06:41 AM 165,376 datime.dll
04/14/2008 06:41 AM 8,192 bitsprx2.dll
04/14/2008 06:41 AM 17,408 bidispl.dll
04/14/2008 06:41 AM 8,704 batt.dll
04/14/2008 06:41 AM 54,272 dataclen.dll
04/14/2008 06:41 AM 1,054,208 danim.dll
04/14/2008 06:41 AM 38,912 cfgbkend.dll
04/14/2008 06:41 AM 824,320 d3dim700.dll
04/14/2008 06:41 AM 1,689,088 d3d9.dll
04/14/2008 06:41 AM 69,120 ciodm.dll
04/14/2008 06:41 AM 8,192 d3d8thk.dll
04/14/2008 06:41 AM 1,179,648 d3d8.dll
04/14/2008 06:41 AM 29,184 batmeter.dll
04/14/2008 06:41 AM 32,256 csrsrv.dll
04/14/2008 06:41 AM 276,992 comdlg32.dll
04/14/2008 06:41 AM 326,656 cscui.dll
04/14/2008 06:41 AM 101,888 cscdll.dll
04/14/2008 06:41 AM 52,736 basesrv.dll
04/14/2008 06:41 AM 148,480 cic.dll
04/14/2008 06:41 AM 512,512 cryptui.dll
04/14/2008 06:41 AM 62,464 cryptsvc.dll
04/14/2008 06:41 AM 64,512 cryptnet.dll
04/14/2008 06:41 AM 53,760 cryptext.dll
04/14/2008 06:41 AM 33,280 cryptdll.dll
04/14/2008 06:41 AM 617,472 comctl32.dll
04/14/2008 06:41 AM 58,880 atl.dll
04/14/2008 06:41 AM 28,160 comaddin.dll
04/14/2008 06:41 AM 74,752 cryptdlg.dll
04/14/2008 06:41 AM 15,872 cmcfg32.dll
04/14/2008 06:41 AM 599,040 crypt32.dll
04/14/2008 06:41 AM 58,368 clusapi.dll
04/14/2008 06:41 AM 110,592 clbcatex.dll
04/14/2008 06:41 AM 163,840 credui.dll
04/14/2008 06:41 AM 60,416 colbact.dll
04/14/2008 06:41 AM 233,472 azroles.dll
04/14/2008 06:41 AM 12,800 credssp.dll
04/14/2008 06:41 AM 357,888 confmsp.dll
04/14/2008 06:41 AM 539,648 comuid.dll
04/14/2008 06:41 AM 1,267,200 comsvcs.dll
04/14/2008 06:41 AM 167,424 comsnap.dll
04/14/2008 06:41 AM 792,064 comres.dll
04/14/2008 06:41 AM 97,792 comrepl.dll
04/14/2008 06:41 AM 185,344 cmprops.dll
04/14/2008 06:41 AM 65,024 asycfilt.dll
04/14/2008 06:41 AM 100,352 6to4svc.dll
04/14/2008 06:41 AM 136,192 aaclient.dll
04/14/2008 06:41 AM 115,712 aclui.dll
04/14/2008 06:41 AM 617,472 advapi32.dll
04/14/2008 06:41 AM 17,408 alrsvc.dll
04/14/2008 06:41 AM 70,656 amstream.dll
04/14/2008 06:41 AM 263,680 adsnt.dll
04/14/2008 06:41 AM 125,952 apphelp.dll
04/14/2008 06:41 AM 167,936 appmgmts.dll
04/14/2008 06:41 AM 295,936 appmgr.dll
04/14/2008 06:41 AM 193,536 activeds.dll
04/14/2008 06:41 AM 98,304 actxprxy.dll
04/14/2008 06:41 AM 175,616 adsldp.dll
04/14/2008 06:41 AM 68,096 adsmsext.dll
04/14/2008 06:41 AM 143,360 adsldpc.dll
04/14/2008 06:41 AM 123,392 adsnw.dll
04/14/2008 06:41 AM 706,048 ntdll.dll
04/14/2008 06:41 AM 20,480 wmp.ocx
04/14/2008 06:41 AM 5,632 wmi.dll
04/14/2008 06:40 AM 218,624 sysmon.ocx
04/14/2008 06:40 AM 86,016 sl_anet.acm
04/14/2008 06:40 AM 102,912 dpcdll.dll
04/14/2008 06:40 AM 81,920 proctexe.ocx
04/14/2008 06:40 AM 53,279 odbcji32.dll
04/14/2008 06:40 AM 110,592 msscript.ocx
04/14/2008 06:40 AM 4,126 msdxmlc.dll
04/14/2008 06:40 AM 844,314 msdxm.ocx
04/14/2008 06:40 AM 294,912 msaud32.acm
04/14/2008 06:40 AM 14,848 msadp32.acm
04/14/2008 06:40 AM 3,584 msafd.dll
04/14/2008 06:40 AM 177,152 MSCTFIME.IME
04/14/2008 06:39 AM 290,816 l3codeca.acm
04/14/2008 06:39 AM 6,144 kbdnepr.dll
04/14/2008 06:39 AM 6,144 kbdinben.dll
04/14/2008 06:39 AM 5,632 kbdmaori.dll
04/14/2008 06:39 AM 6,144 kbdpash.dll
04/14/2008 06:39 AM 7,168 kbdnec.dll
04/14/2008 06:39 AM 6,144 kbdbhc.dll
04/14/2008 06:39 AM 6,144 kbdmlt48.dll
04/14/2008 06:39 AM 6,144 kbdmlt47.dll
04/14/2008 06:39 AM 6,144 kbdinbe1.dll
04/14/2008 06:39 AM 7,680 kbdsmsno.dll
(continued Look32)
04/14/2008 06:39 AM 6,656 kbdinmal.dll
04/14/2008 06:39 AM 7,168 kbdno1.dll
04/14/2008 06:39 AM 7,168 kbdukx.dll
04/14/2008 06:39 AM 6,144 kbdiultn.dll
04/14/2008 06:39 AM 7,680 kbdsmsfi.dll
04/14/2008 06:39 AM 7,168 kbdfi1.dll
04/14/2008 06:39 AM 16,384 imaadp32.acm
04/14/2008 06:39 AM 3,584 icmp.dll
04/14/2008 06:39 AM 545,280 hhctrl.ocx
04/14/2008 06:39 AM 566,784 gpedit.dll
04/14/2008 06:39 AM 9,344 framebuf.dll
04/14/2008 06:39 AM 24,064 pidgen.dll
04/14/2008 06:39 AM 3,072 dpnlobby.dll
04/14/2008 06:39 AM 3,072 dpnaddr.dll
04/14/2008 06:39 AM 153,088 daxctle.ocx
04/14/2008 06:39 AM 16,896 cfgmgr32.dll
04/14/2008 06:39 AM 285,696 atmfd.dll
04/14/2008 06:39 AM 114,688 asctrls.ocx
04/14/2008 02:00 AM 1,845,632 win32k.sys
04/14/2008 01:15 AM 17,664 watchdog.sys
04/14/2008 01:13 AM 12,800 spiisupd.exe
04/14/2008 01:01 AM 7,424 kd1394.dll
04/14/2008 01:01 AM 134,400 hal.dll
04/14/2008 01:00 AM 61,440 msvcrt40.dll
04/14/2008 12:45 AM 76,800 msshavmsg.dll
04/14/2008 12:09 AM 438,784 xpob2res.dll
04/14/2008 12:09 AM 689,152 xpsp3res.dll
04/14/2008 12:09 AM 2,897,920 xpsp2res.dll
04/14/2008 12:09 AM 187,392 xpsp1res.dll
04/14/2008 12:08 AM 101,888 gpkcsp.dll
04/14/2008 12:08 AM 169,984 sccbase.dll
04/14/2008 12:08 AM 306,176 slbcsp.dll
04/14/2008 12:07 AM 138,752 dssenh.dll
04/14/2008 12:07 AM 208,384 rsaenh.dll
04/13/2008 11:57 PM 79,872 msxml6r.dll
04/13/2008 11:56 PM 24,576 cliconfg.rll
04/13/2008 11:56 PM 90,112 sqlsrv32.rll
04/13/2008 11:56 PM 4,310 odbcconf.rsp
04/13/2008 11:56 PM 12,288 mscpx32r.dLL
04/13/2008 11:56 PM 12,288 odbcp32r.dll
04/13/2008 11:56 PM 94,208 odbcint.dll
04/13/2008 11:54 PM 16,384 simpdata.tlb
04/13/2008 11:54 PM 20,480 msorc32r.dll
04/13/2008 11:54 PM 12,288 msdatsrc.tlb
04/13/2008 11:51 PM 733,696 qedwipes.dll
04/13/2008 11:39 PM 4,096 dsprpres.dll
04/13/2008 11:33 PM 63,488 browselc.dll
04/13/2008 11:33 PM 549,376 shdoclc.dll
04/13/2008 11:24 PM 53,840 dosx.exe
04/13/2008 11:24 PM 5,120 winnls.dll
04/13/2008 11:24 PM 68,768 mmsystem.dll
04/13/2008 11:23 PM 92,224 krnl386.exe
04/13/2008 11:22 PM 3,338 redir.exe
04/13/2008 11:20 PM 42,537 keyboard.sys
04/13/2008 11:19 PM 34,560 ntio404.sys
04/13/2008 11:19 PM 35,424 ntio412.sys
04/13/2008 11:19 PM 34,560 ntio804.sys
04/13/2008 11:19 PM 33,840 ntio.sys
04/13/2008 11:19 PM 35,648 ntio411.sys
04/13/2008 11:18 PM 1,647,616 winbrand.dll
04/13/2008 11:15 PM 216,064 moricons.dll
04/13/2008 10:58 PM 929 homepage.inf
04/13/2008 10:53 PM 48,128 msprivs.dll
04/13/2008 10:52 PM 48,128 inetres.dll
04/13/2008 10:12 PM 16,896 stdole2.tlb
04/13/2008 10:09 PM 884,736 msimsg.dll
04/11/2008 03:04 PM 691,712 inetcomm.dll
03/20/2008 06:06 PM 1,480,232 LegitCheckControl.dll
03/12/2008 08:54 PM 1,344,512 msgina.dll
02/29/2008 04:40 PM 265,948 locale.nls
01/29/2008 12:02 PM 107,368 GEARAspi.dll
01/10/2008 05:34 PM 218,624 uxtheme.dll
11/30/2007 08:39 AM 17,272 spmsg.dll
10/27/2007 05:40 PM 222,720 wmasf.dll
10/24/2007 01:47 AM 282,112 mscoree.dll
10/24/2007 01:47 AM 158,720 mscorier.dll
10/24/2007 01:47 AM 84,480 mscories.dll
10/24/2007 01:47 AM 96,760 dfshim.dll
10/22/2007 04:00 PM 1,516,568 msjet40.dll
10/11/2007 09:55 AM 579,584 icardagt.exe
10/11/2007 09:55 AM 595,464 icardres.dll.mui
10/11/2007 09:55 AM 88,576 infocardapi.dll
10/11/2007 09:55 AM 28,160 infocardcpl.cpl
10/11/2007 09:55 AM 11,776 icardres.dll
10/09/2007 01:03 PM 1,986,072 milcore.dll
10/09/2007 01:03 PM 493,080 evr.dll
10/09/2007 01:03 PM 779,800 PresentationNative_v0300.dll
10/09/2007 01:03 PM 161,304 UIAutomationCore.dll
10/09/2007 01:03 PM 350,744 PresentationHost.exe
10/09/2007 01:03 PM 106,520 PresentationCFFRasterizerNative_v0300.dll
10/09/2007 01:03 PM 33,304 PresentationHostProxy.dll
10/09/2007 01:03 PM 73,752 dxva2.dll
10/09/2007 12:58 PM 16,896 tswpfwrp.exe
08/13/2007 06:45 PM 206,336 winfxdocobj.exe
08/13/2007 06:39 PM 92,672 inseng.dll
08/13/2007 06:38 PM 10,240 advpack.dll.mui
08/13/2007 06:36 PM 12,288 msfeedssync.exe
08/13/2007 06:36 PM 36,352 imgutil.dll
07/24/2007 03:17 PM 61,440 dnssd.dll
07/24/2007 03:17 PM 81,920 dns-sd.exe
06/28/2007 06:55 PM 77,824 xvid.ax
06/28/2007 06:54 PM 180,224 xvidvfw.dll
06/28/2007 06:52 PM 765,952 xvidcore.dll
06/21/2007 12:22 PM 974 pid.inf
06/11/2007 11:51 PM 10,834,944 wmp.dll
05/08/2007 03:03 PM 1,275,392 msxml4.dll
04/03/2007 09:44 AM 981,760 mfc42u.dll
04/03/2007 12:04 AM 53,478 tcpmon.ini
04/02/2007 10:29 PM 862 termcap
04/02/2007 10:29 PM 487 login.cmd
04/02/2007 10:06 PM 956,990 instcat.sql
04/02/2007 08:35 PM 4,656 ds16gt.dLL
04/02/2007 08:35 PM 26,224 odbc16gt.dll
04/02/2007 07:22 PM 355,104 msxbde40.dll
04/02/2007 07:21 PM 621,344 mswstr10.dll
04/02/2007 07:21 PM 838,432 mswdat10.dll
04/02/2007 07:21 PM 264,992 mstext40.dll
04/02/2007 07:21 PM 559,904 msrepl40.dll
04/02/2007 07:20 PM 322,336 msrd3x40.dll
04/02/2007 07:20 PM 432,928 msrd2x40.dll
04/02/2007 07:20 PM 355,104 mspbde40.dll
04/02/2007 07:19 PM 219,936 msltus40.dll
04/02/2007 07:19 PM 248,608 msjtes40.dll
04/02/2007 07:19 PM 60,192 msjter40.dll
04/02/2007 07:19 PM 355,112 msjetoledb40.dll
04/02/2007 07:18 PM 326,432 msexcl40.dll
04/02/2007 07:17 PM 518,944 msexch40.dll
03/23/2007 06:07 AM 1,683,280 XpsSvcs.dll
03/23/2007 06:07 AM 583,504 XPSSHHDR.dll
03/22/2007 08:25 PM 124,928 prntvpt.dll
03/21/2007 08:54 PM 77,312 TWAIN_32.DLL
03/21/2007 08:54 PM 48,560 TWUNK_16.EXE
03/21/2007 08:54 PM 69,632 TWUNK_32.EXE
03/12/2007 02:02 PM 947,472 msjava.dll
03/08/2007 07:10 AM 991,232 ieframe.dll.mui
03/07/2007 07:51 PM 547,576 px.dll
03/07/2007 07:51 PM 39,672 vxblock.dll
03/07/2007 07:51 PM 379,640 pxwave.dll
03/07/2007 07:51 PM 64,760 pxcpya64.exe
03/07/2007 07:51 PM 129,784 pxafs.dll
03/07/2007 07:51 PM 1,628,920 pxsfs.dll
03/07/2007 07:51 PM 187,128 pxmas.dll
03/07/2007 07:51 PM 64,760 pxinsa64.exe
03/07/2007 07:51 PM 72,440 pxhpinst.exe
03/07/2007 07:51 PM 510,712 pxdrv.dll
02/20/2007 04:04 PM 190,696 NPSWF32_FlashUtil.exe
02/20/2007 04:04 PM 2,463,976 NPSWF32.dll
01/24/2007 07:15 PM 382,976 Vista.scr
01/01/2007 10:14 PM 1,326,080 webfldrs.msi
12/31/2006 09:57 AM 7,208 secupd.sig
12/31/2006 09:57 AM 4,569 secupd.dat
12/31/2006 09:11 AM 174,200 xenroll.dll
12/31/2006 08:56 AM 9,728 gpkrsrc.dll
12/30/2006 01:38 AM 23,044 sorttbls.nls
12/30/2006 01:38 AM 262,148 sortkey.nls
12/30/2006 01:24 AM 66,082 c_28603.nls
12/29/2006 08:34 PM 7,168 stdole32.tlb
12/24/2006 07:45 PM 7,680 engine.dll
12/24/2006 07:45 PM 8,174,592 Branded.scr
12/11/2006 01:15 AM 498,176 vLogon.scr
12/04/2006 04:21 PM 414,720 msscp.dll
12/01/2006 08:54 PM 626,688 msvcr80.dll
11/13/2006 01:39 PM 138,024 rapi.dll
11/13/2006 01:38 PM 22,824 ceutil.dll
10/18/2006 09:58 PM 8,704 uwdf.exe
10/18/2006 09:58 PM 8,704 wdfmgr.exe
10/18/2006 09:47 PM 4,096 WMVADVD.dll
10/18/2006 09:47 PM 1,329,152 WMSPDMOE.dll
10/18/2006 09:47 PM 2,450,944 wmvcore.dll
10/18/2006 09:47 PM 603,648 WMSPDMOD.dll
10/18/2006 09:47 PM 629,760 wpd_ci.dll
10/18/2006 09:47 PM 356,352 wpdsp.dll
10/18/2006 09:47 PM 133,632 WPDShServiceObj.dll
10/18/2006 09:47 PM 38,400 wpdshextres.dll
10/18/2006 09:47 PM 656,896 WMVXENCD.dll
10/18/2006 09:47 PM 4,096 wmsdmoe2.dll
10/18/2006 09:47 PM 4,096 WMVADVE.DLL
10/18/2006 09:47 PM 2,603,008 WpdShext.dll
10/18/2006 09:47 PM 63,488 wpdmtpus.dll
10/18/2006 09:47 PM 154,624 wpdmtp.dll
10/18/2006 09:47 PM 35,840 wpdconns.dll
10/18/2006 09:47 PM 1,543,680 WMVDECOD.dll
10/18/2006 09:47 PM 767,488 WMVSENCD.dll
10/18/2006 09:47 PM 4,096 wmvdmod.dll
10/18/2006 09:47 PM 1,382,912 WMVSDECD.dll
10/18/2006 09:47 PM 1,574,912 WMVENCOD.dll
10/18/2006 09:47 PM 4,096 wmvdmoe2.dll
10/18/2006 09:47 PM 4,096 wmsdmod.dll
10/18/2006 09:47 PM 348,672 wmdrmnet.dll
10/18/2006 09:47 PM 314,880 wmpdxm.dll
10/18/2006 09:47 PM 242,688 wmpasf.dll
10/18/2006 09:47 PM 937,984 WMNetMgr.dll
10/18/2006 09:47 PM 157,184 wmidx.dll
10/18/2006 09:47 PM 227,328 wmerror.dll
10/18/2006 09:47 PM 535,040 wmdrmsdk.dll
10/18/2006 09:47 PM 1,661,440 wmpencen.dll
10/18/2006 09:47 PM 204,288 wmpsrcwp.dll
10/18/2006 09:47 PM 99,840 wmpshell.dll
10/18/2006 09:47 PM 130,048 wmpps.dll
10/18/2006 09:47 PM 613,376 wmpmde.dll
10/18/2006 09:47 PM 8,231,936 wmploc.dll
10/18/2006 09:47 PM 757,248 WMADMOD.dll
10/18/2006 09:47 PM 4,096 wdfapi.dll
10/18/2006 09:47 PM 1,117,696 WMADMOE.dll
10/18/2006 09:47 PM 211,456 qasf.dll
10/18/2006 09:47 PM 199,168 PortableDeviceWMDRM.dll
10/18/2006 09:47 PM 132,096 PortableDeviceWiaCompat.dll
10/18/2006 09:47 PM 166,912 PortableDeviceTypes.dll
10/18/2006 09:47 PM 101,888 PortableDeviceClassExtension.dll
10/18/2006 09:47 PM 429,056 wmdrmdev.dll
10/18/2006 09:47 PM 284,160 PortableDeviceApi.dll
10/18/2006 09:47 PM 37,376 wmdmps.dll
10/18/2006 09:47 PM 33,792 wmdmlog.dll
10/18/2006 09:47 PM 179,712 msnetobj.dll
10/18/2006 09:47 PM 321,536 mswmdm.dll
10/18/2006 09:47 PM 175,616 mspmsp.dll
10/18/2006 09:47 PM 27,136 mspmsnsv.dll
10/18/2006 09:47 PM 317,440 MP4SDECD.dll
10/18/2006 09:47 PM 4,096 MP43DMOD.dll
10/18/2006 09:47 PM 259,072 MP43DECD.dll
10/18/2006 09:47 PM 4,096 MPG4DMOD.dll
10/18/2006 09:47 PM 4,096 MP4SDMOD.dll
10/18/2006 09:47 PM 212,992 MFPLAT.dll
10/18/2006 09:47 PM 259,072 MPG4DECD.dll
10/18/2006 09:47 PM 11,264 LAPRXY.dll
10/18/2006 09:47 PM 229,376 cewmdm.dll
10/18/2006 09:47 PM 542,720 blackbox.dll
10/18/2006 09:47 PM 991,744 drmv2clt.dll
10/18/2006 09:47 PM 276,992 audiodev.dll
10/18/2006 09:47 PM 7,168 asferror.dll
10/18/2006 08:05 PM 232,448 l3codecp.acm
10/18/2006 08:03 PM 100,864 logagent.exe
10/18/2006 08:00 PM 249,856 drmupgds.exe
10/18/2006 08:00 PM 17,408 wpdshextautoplay.exe
10/02/2006 03:28 PM 312,128 msdelta.dll
09/29/2006 06:56 AM 28,248 AdobePDF.dll
09/28/2006 08:52 PM 655,360 CDDBControl.dll
09/28/2006 08:52 PM 98,304 CddbLangDE.dll
09/28/2006 08:52 PM 98,304 CddbLangNL.dll
09/28/2006 08:52 PM 765,952 CDDBUI.dll
09/28/2006 08:52 PM 77,824 CddbLangJA.dll
09/28/2006 08:52 PM 102,400 CddbLangIT.dll
09/28/2006 08:52 PM 98,304 CddbLangES.dll
09/28/2006 08:52 PM 98,304 CddbLangFR.dll
09/28/2006 08:13 PM 95,344 WUDFCoinstaller.dll
09/28/2006 06:56 PM 146,432 WudfHost.exe
09/28/2006 06:56 PM 316,416 WUDFx.dll
09/28/2006 06:56 PM 165,376 WudfPlatform.dll
09/28/2006 06:56 PM 55,808 WudfSvc.dll
09/25/2006 05:58 PM 23,856 spupdsvc.exe
09/23/2006 01:12 PM 74,715 IE7Eula.rtf
09/01/2006 08:44 AM 8,798 icrav03.rat
09/01/2006 08:44 AM 1,988 ticrf.rat
08/24/2006 04:15 PM 150,808 rgb9rast_2.dll
07/02/2006 08:13 PM 884 Branded.scr.manifest
06/29/2006 01:07 PM 14,048 spmsg2.dll
03/03/2006 02:42 PM 117,248 Mystify.scr
03/01/2006 05:21 AM 117,248 Ribbons.scr
03/01/2006 05:21 AM 1,263,616 Aurora.scr
03/01/2006 04:53 AM 773,120 Bubbles.scr
02/28/2006 09:10 PM 69,632 Crypserv.exe
01/09/2006 10:47 PM 31,846 Ckldrv.sys
12/11/2005 01:53 AM 720,412 MGB_ScreenSaver.scr
12/02/2005 03:34 PM 946,448 calc.exe
11/26/2005 11:01 PM 221,184 cttune.cpl
10/28/2005 06:11 PM 602,112 hpowiax2.dll
10/28/2005 06:11 PM 614,400 hpotscl2.dll
10/28/2005 06:11 PM 254,026 hpovst09.dll
10/27/2005 08:23 PM 282,624 HPZc3212.dll
10/14/2005 10:42 PM 46,592 hpzll43a.dll
09/09/2005 06:28 PM 98,304 hpzjsn01.dll
07/05/2005 11:47 AM 1,073,152 cdintf210.dll
05/06/2005 02:09 PM 81,920 cmudax.dll
04/15/2005 08:58 PM 1,071,088 MSCOMCTL.OCX
04/15/2005 10:00 AM 204,800 HPTcpMUI.dll
04/15/2005 10:00 AM 9,688 hptcpmui.hlp
04/15/2005 09:59 AM 155,648 HPTcpMon.dll
04/15/2005 09:58 AM 73,728 HPTcpMib.dll
04/06/2005 12:46 PM 139,264 hpzjrd01.dll
03/22/2005 08:48 AM 77,824 hpzids01.dll
03/14/2005 01:39 PM 65,536 HPZinw12.exe
03/14/2005 12:05 PM 204,800 HPZipr12.dll
03/14/2005 12:05 PM 69,632 HPZipm12.exe
03/14/2005 12:03 PM 278,584 HPZidr12.dll
03/08/2005 11:55 AM 57,344 HPZisn12.dll
03/08/2005 11:55 AM 94,208 HPZipt12.dll
09/19/2004 12:27 PM 172,032 LClock.cpl
08/16/2004 03:04 PM 237,568 cmirmdrv.exe
05/27/2004 03:00 PM 118,784 HPODXPAT.DLL
04/18/2004 11:31 AM 661 LClock.cpl.manifest
02/25/2004 01:05 PM 348,160 msvcr71.dll
02/20/2004 04:47 PM 1,047,552 mfc71u.dll
02/20/2004 04:15 PM 49,152 MFC71KOR.DLL
02/20/2004 04:15 PM 45,056 MFC71CHT.DLL
02/20/2004 04:15 PM 61,440 MFC71FRA.DLL
02/20/2004 04:15 PM 61,440 MFC71ESP.DLL
02/20/2004 04:15 PM 40,960 MFC71CHS.DLL
02/20/2004 04:15 PM 49,152 MFC71JPN.DLL
02/20/2004 04:15 PM 61,440 MFC71ITA.DLL
02/20/2004 04:15 PM 65,536 MFC71DEU.DLL
02/18/2004 02:19 PM 16,384 udaprop.dll
01/27/2004 10:56 AM 28,672 hpzjfw01.dll
10/17/2003 12:44 PM 89,088 atl71.dll
10/17/2003 12:44 PM 499,712 msvcp71.dll
10/17/2003 12:44 PM 57,344 MFC71ENU.DLL
10/17/2003 12:44 PM 1,060,864 mfc71.dll
08/03/2003 10:56 AM 1,146,184 FM20.DLL
07/14/2003 10:57 PM 32,584 FM20ENU.DLL
06/18/2003 05:31 PM 17,920 mdimon.dll
02/20/2003 07:16 PM 32,768 netfxperf.dll
02/18/2003 06:26 PM 28,672 cmirmdrv.dll
01/07/2003 03:05 PM 2,695 OUTLPERF.INI
01/07/2003 03:05 PM 551 OUTLPERF.H
08/21/2002 05:13 AM 189,952 WISPTIS.EXE
08/21/2002 05:10 AM 204,800 INKED.DLL
02/04/2002 02:43 AM 82,432 msxml4r.dll
11/23/2001 12:08 PM 712,704 a3d.dll
11/23/2001 12:08 PM 712,704 Audio3D.dll
08/22/2001 05:00 PM 5,632 kbdpl1.dll
08/22/2001 05:00 PM 35,755 prncnfg.vbs
08/22/2001 05:00 PM 25,415 prndrvr.vbs
08/22/2001 05:00 PM 21,527 prnjobs.vbs
08/22/2001 05:00 PM 32,546 prnmngr.vbs
08/22/2001 05:00 PM 29,454 prnport.vbs
08/22/2001 05:00 PM 15,860 prnqctl.vbs
08/22/2001 05:00 PM 29,146 ntdos804.sys
08/22/2001 05:00 PM 29,274 ntdos412.sys
08/22/2001 05:00 PM 343 prodspec.ini
08/22/2001 05:00 PM 6,656 kbdpl.dll
08/22/2001 05:00 PM 29,370 ntdos411.sys
08/22/2001 05:00 PM 29,146 ntdos404.sys
08/22/2001 05:00 PM 6,144 kbdno.dll
08/22/2001 05:00 PM 27,866 ntdos.sys
08/22/2001 05:00 PM 7,680 mll_mtf.dll
08/22/2001 05:00 PM 3,010 pschdcnt.h
08/22/2001 05:00 PM 10,752 pschdprf.dll
08/22/2001 05:00 PM 6,877 pschdprf.ini
08/22/2001 05:00 PM 51 pscript.sep
08/22/2001 05:00 PM 8,192 psnppagn.dll
08/22/2001 05:00 PM 6,144 kbdne.dll
08/22/2001 05:00 PM 5,632 kbdmon.dll
08/22/2001 05:00 PM 5,632 mll_qic.dll
08/22/2001 05:00 PM 10,240 panmap.dll
08/22/2001 05:00 PM 3,708 pubprn.vbs
08/22/2001 05:00 PM 1,492 mmdriver.inf
08/22/2001 05:00 PM 12,288 mmdrv.dll
08/22/2001 05:00 PM 167,219 pagefileconfig.vbs
08/22/2001 05:00 PM 5,632 kbdus.dll
08/22/2001 05:00 PM 46,592 pmspl.dll
08/22/2001 05:00 PM 15,872 cdmodem.dll
08/22/2001 05:00 PM 1,152 mmtask.tsk
08/22/2001 05:00 PM 697 noise.tha
08/22/2001 05:00 PM 13,730 noise.sve
08/22/2001 05:00 PM 13,256 noise.nld
08/22/2001 05:00 PM 19,618 noise.ita
08/22/2001 05:00 PM 16,896 qappsrv.exe
08/22/2001 05:00 PM 6,144 kbdusl.dll
08/22/2001 05:00 PM 6,144 kbdmac.dll
08/22/2001 05:00 PM 6,144 kbdlv1.dll
08/22/2001 05:00 PM 6,144 kbdlv.dll
08/22/2001 05:00 PM 5,632 kbdlt1.dll
08/22/2001 05:00 PM 5,632 kbdlt.dll
08/22/2001 05:00 PM 49,196 noise.fra
08/22/2001 05:00 PM 6,656 kbdla.dll
08/22/2001 05:00 PM 5,632 kbdkyr.dll
08/22/2001 05:00 PM 8,192 qosname.dll
08/22/2001 05:00 PM 5,632 kbdkaz.dll
08/22/2001 05:00 PM 19,684 noise.esn
08/22/2001 05:00 PM 5,632 kbdit142.dll
08/22/2001 05:00 PM 5,632 kbdit.dll
08/22/2001 05:00 PM 1,688 AUTOEXEC.NT
08/22/2001 05:00 PM 5,632 kbdir.dll
08/22/2001 05:00 PM 22,016 qwinsta.exe
08/22/2001 05:00 PM 751 noise.enu
08/22/2001 05:00 PM 6,144 kbdusr.dll
08/22/2001 05:00 PM 751 noise.eng
08/22/2001 05:00 PM 149,848 noise.deu
08/22/2001 05:00 PM 6,144 kbdic.dll
08/22/2001 05:00 PM 11,776 rasautou.exe
08/22/2001 05:00 PM 5,632 kbdhu1.dll
08/22/2001 05:00 PM 1,818 rasctrnm.h
08/22/2001 05:00 PM 11,776 rasctrs.dll
08/22/2001 05:00 PM 3,458 rasctrs.ini
08/22/2001 05:00 PM 11,264 rasdial.exe
08/22/2001 05:00 PM 6,656 kbdhu.dll
08/22/2001 05:00 PM 8,192 kbdhept.dll
08/22/2001 05:00 PM 6,656 kbdhela3.dll
08/22/2001 05:00 PM 143,360 rasmontr.dll
08/22/2001 05:00 PM 22,528 rasmxs.dll
08/22/2001 05:00 PM 6,144 kbdhela2.dll
08/22/2001 05:00 PM 5,632 kbdhe319.dll
08/22/2001 05:00 PM 5,632 kbdhe220.dll
08/22/2001 05:00 PM 23,552 rasrad.dll
08/22/2001 05:00 PM 5,632 kbdhe.dll
08/22/2001 05:00 PM 12,800 rasser.dll
08/22/2001 05:00 PM 6,144 kbdgr1.dll
08/22/2001 05:00 PM 6,144 kbdgr.dll
08/22/2001 05:00 PM 6,144 kbdgkl.dll
08/22/2001 05:00 PM 5,632 kbdgae.dll
08/22/2001 05:00 PM 6,144 kbdfr.dll
08/22/2001 05:00 PM 6,144 kbdfo.dll
08/22/2001 05:00 PM 741 noise.dat
08/22/2001 05:00 PM 4,096 rdpcfgex.dll
08/22/2001 05:00 PM 1,696 noise.cht
08/22/2001 05:00 PM 6,144 kbdfi.dll
08/22/2001 05:00 PM 6,144 kbdfc.dll
08/22/2001 05:00 PM 6,144 kbdest.dll
08/22/2001 05:00 PM 6,144 kbdes.dll
08/22/2001 05:00 PM 5,120 kbddv.dll
08/22/2001 05:00 PM 7,168 recover.exe
08/22/2001 05:00 PM 1,696 noise.chs
08/22/2001 05:00 PM 6,144 kbdda.dll
08/22/2001 05:00 PM 6,656 kbdcz2.dll
08/22/2001 05:00 PM 3,584 regedt32.exe
08/22/2001 05:00 PM 33,792 regini.exe
08/22/2001 05:00 PM 6,656 kbdcz1.dll
08/22/2001 05:00 PM 7,168 kbdcz.dll
08/22/2001 05:00 PM 4,608 regwiz.exe
08/22/2001 05:00 PM 6,656 kbdcr.dll
08/22/2001 05:00 PM 32,768 relog.exe
08/22/2001 05:00 PM 7,680 kbdcan.dll
08/22/2001 05:00 PM 6,144 kbdca.dll
08/22/2001 05:00 PM 107,520 rend.dll
08/22/2001 05:00 PM 12,800 replace.exe
08/22/2001 05:00 PM 9,728 reset.exe
08/22/2001 05:00 PM 5,632 kbdbu.dll
08/22/2001 05:00 PM 6,144 kbdbr.dll
08/22/2001 05:00 PM 6,144 kbdusx.dll
08/22/2001 05:00 PM 5,632 kbdblr.dll
08/22/2001 05:00 PM 5,632 kbduzb.dll
08/22/2001 05:00 PM 7,052 nlsfunc.exe
08/22/2001 05:00 PM 3,584 riched32.dll
08/22/2001 05:00 PM 3,072 rnr20.dll
08/22/2001 05:00 PM 19,968 route.exe
08/22/2001 05:00 PM 25,600 routemon.exe
08/22/2001 05:00 PM 6,656 routetab.dll
08/22/2001 05:00 PM 22,016 rpcns4.dll
08/22/2001 05:00 PM 6,144 kbdbene.dll
08/22/2001 05:00 PM 6,144 kbdbe.dll
08/22/2001 05:00 PM 3,167 rsaci.rat
08/22/2001 05:00 PM 119,808 mmutilse.dll
08/22/2001 05:00 PM 28,672 rsfsaps.dll
08/22/2001 05:00 PM 5,632 kbdazel.dll
08/22/2001 05:00 PM 5,632 kbdaze.dll
08/22/2001 05:00 PM 49,152 rsm.exe
08/22/2001 05:00 PM 6,656 KBDAL.DLL
08/22/2001 05:00 PM 24,576 rsmsink.exe
08/22/2001 05:00 PM 49,152 rsmui.exe
08/22/2001 05:00 PM 14,710 kb16.com
08/22/2001 05:00 PM 44,451 rsop.msc
08/22/2001 05:00 PM 62,976 rsopprov.exe
08/22/2001 05:00 PM 132,608 rsvp.exe
08/22/2001 05:00 PM 12,082 rsvp.ini
08/22/2001 05:00 PM 3,178 rsvpcnts.h
08/22/2001 05:00 PM 23,552 rsvpmsg.dll
08/22/2001 05:00 PM 9,728 rsvpperf.dll
08/22/2001 05:00 PM 8,484 kanji_2.uce
08/22/2001 05:00 PM 6,948 kanji_1.uce
08/22/2001 05:00 PM 98,304 rtm.dll
08/22/2001 05:00 PM 71,859 cliconf.chm
08/22/2001 05:00 PM 16,384 runas.exe
08/22/2001 05:00 PM 47,952 jobexec.dll
08/22/2001 05:00 PM 65,536 jgsh400.dll
08/22/2001 05:00 PM 15,872 rwinsta.exe
08/22/2001 05:00 PM 45,568 jgsd400.dll
08/22/2001 05:00 PM 35,840 jgmd400.dll
08/22/2001 05:00 PM 44,544 jgaw400.dll
08/22/2001 05:00 PM 362,496 jet500.dll
08/22/2001 05:00 PM 19,456 mode.com
08/22/2001 05:00 PM 80,384 autodisc.dll
08/22/2001 05:00 PM 13,312 irclass.dll
08/22/2001 05:00 PM 199,168 ir32_32.dll
08/22/2001 05:00 PM 66,560 ipxsap.dll
08/22/2001 05:00 PM 31,232 sc.exe
08/22/2001 05:00 PM 39,936 ipxrtmgr.dll
08/22/2001 05:00 PM 118,784 scardssp.dll
08/22/2001 05:00 PM 10,112 modex.dll
08/22/2001 05:00 PM 2,656 netware.drv
08/22/2001 05:00 PM 69,120 ipxpromn.dll
08/22/2001 05:00 PM 83,968 ipxmontr.dll
08/22/2001 05:00 PM 44,032 ipsec6.exe
08/22/2001 05:00 PM 4,096 iprtprio.dll
08/22/2001 05:00 PM 3,584 iprop.dll
08/22/2001 05:00 PM 30,720 iologmsg.dll
08/22/2001 05:00 PM 308,224 netui2.dll
08/22/2001 05:00 PM 44,032 msxml3r.dll
08/22/2001 05:00 PM 26,624 scredir.dll
08/22/2001 05:00 PM 10,240 scriptpw.dll
08/22/2001 05:00 PM 8,192 mountvol.exe
08/22/2001 05:00 PM 9,216 print.exe
08/22/2001 05:00 PM 450,560 infosoft.dll
08/22/2001 05:00 PM 2,032 mouse.drv
08/22/2001 05:00 PM 5,632 kbdycc.dll
08/22/2001 05:00 PM 130,048 sdpblb.dll
08/22/2001 05:00 PM 16,384 prflbmsg.dll
08/22/2001 05:00 PM 110,592 inetcplc.dll
08/22/2001 05:00 PM 36,364 secpol.msc
08/22/2001 05:00 PM 69,584 avicap.dll
08/22/2001 05:00 PM 40,448 osuninst.exe
08/22/2001 05:00 PM 6,656 kbdycl.dll
08/22/2001 05:00 PM 7,040 kdcom.dll
08/22/2001 05:00 PM 22,016 mpnotify.exe
08/22/2001 05:00 PM 9,216 iissuba.dll
08/22/2001 05:00 PM 70,656 ifsutil.dll
08/22/2001 05:00 PM 40,505 cmdlib.wsc
08/22/2001 05:00 PM 13,824 senscfg.dll
08/22/2001 05:00 PM 14,336 serialui.dll
08/22/2001 05:00 PM 3,584 mll_hp.dll
08/22/2001 05:00 PM 171,008 netmsg.dll
08/22/2001 05:00 PM 33,464 services.msc
08/22/2001 05:00 PM 14,848 serwvdrv.dll
08/22/2001 05:00 PM 30,720 plustab.dll
08/22/2001 05:00 PM 61,172 cmmgr32.hlp
08/22/2001 05:00 PM 240,120 setup.bmp
08/22/2001 05:00 PM 64 cmos.ram
08/22/2001 05:00 PM 14,336 cmpbk32.dll
08/22/2001 05:00 PM 414,208 setupdll.dll
08/22/2001 05:00 PM 42,809 key01.sys
08/22/2001 05:00 PM 33,280 ping6.exe
08/22/2001 05:00 PM 11,753 setver.exe
08/22/2001 05:00 PM 60,458 ideograf.uce
08/22/2001 05:00 PM 9,728 sfc.exe
08/22/2001 05:00 PM 2,000 keyboard.drv
08/22/2001 05:00 PM 69,120 olethk32.dll
08/22/2001 05:00 PM 23,552 sfmapi.dll
08/22/2001 05:00 PM 14,848 shadow.exe
08/22/2001 05:00 PM 882 share.exe
08/22/2001 05:00 PM 69,120 mprddm.dll
08/22/2001 05:00 PM 54,784 icmui.dll
08/22/2001 05:00 PM 5,120 shell.dll
08/22/2001 05:00 PM 99,840 mprmsg.dll
08/22/2001 05:00 PM 435,712 shellstyle.dll
08/22/2001 05:00 PM 16,384 icfgnt5.dll
08/22/2001 05:00 PM 47,104 mprui.dll
08/22/2001 05:00 PM 16,740 shiftjis.uce
08/22/2001 05:00 PM 253,952 neth.dll
08/22/2001 05:00 PM 26,112 ntdsbcli.dll
08/22/2001 05:00 PM 59,392 iassvcs.dll
08/22/2001 05:00 PM 247,808 iassdo.dll
08/22/2001 05:00 PM 86,528 iassam.dll
08/22/2001 05:00 PM 141,312 iasrecst.dll
08/22/2001 05:00 PM 17,920 iaspolcy.dll
08/22/2001 05:00 PM 62,464 iasnap.dll
08/22/2001 05:00 PM 32,256 iashlpr.dll
08/22/2001 05:00 PM 41,472 iasads.dll
08/22/2001 05:00 PM 23,552 iasacct.dll
08/22/2001 05:00 PM 22,016 olesvr32.dll
08/22/2001 05:00 PM 214,016 netevent.dll
08/22/2001 05:00 PM 13,824 sisbkup.dll
08/22/2001 05:00 PM 5,632 skdll.dll
08/22/2001 05:00 PM 44,544 hticons.dll
08/22/2001 05:00 PM 6,656 kbdsg.dll
08/22/2001 05:00 PM 10,752 mqcertui.dll
08/22/2001 05:00 PM 35,328 pifmgr.dll
08/22/2001 05:00 PM 14,848 slbrccsp.dll
08/22/2001 05:00 PM 60,928 mqgentr.dll
08/22/2001 05:00 PM 673,088 mlang.dat
08/22/2001 05:00 PM 48,794 ntimage.gif
08/22/2001 05:00 PM 6,656 kbdsl.dll
08/22/2001 05:00 PM 57,856 ntlanui.dll
08/22/2001 05:00 PM 138,752 sndvol32.exe
08/22/2001 05:00 PM 109,456 avifile.dll
08/22/2001 05:00 PM 6,656 kbdsl1.dll
08/22/2001 05:00 PM 5,632 softpub.dll
08/22/2001 05:00 PM 14,336 ntlanui2.dll
08/22/2001 05:00 PM 24,064 olesvr.dll
08/22/2001 05:00 PM 36,864 ntmsevt.dll
08/22/2001 05:00 PM 1,744 sound.drv
08/22/2001 05:00 PM 81,408 mqoa.tlb
08/22/2001 05:00 PM 108,464 netapi.dll
08/22/2001 05:00 PM 12,876 korean.uce
08/22/2001 05:00 PM 5,632 kbdur.dll
08/22/2001 05:00 PM 2,732 perfwci.ini
08/22/2001 05:00 PM 435 perfwci.h
08/22/2001 05:00 PM 26,209 ntmsmgr.msc
08/22/2001 05:00 PM 9,728 sprestrt.exe
08/22/2001 05:00 PM 12,288 perfts.dll
08/22/2001 05:00 PM 11,264 atrace.dll
08/22/2001 05:00 PM 82,944 olecli.dll
08/22/2001 05:00 PM 24,661 spxcoins.dll
08/22/2001 05:00 PM 46,133 sqlsodbc.chm
08/22/2001 05:00 PM 16,384 avmeter.dll
08/22/2001 05:00 PM 36,864 mqoa10.tlb
08/22/2001 05:00 PM 102,446 net.hlp
08/22/2001 05:00 PM 24,603 sqlwid.dll
08/22/2001 05:00 PM 49,179 sqlwoa.dll
08/22/2001 05:00 PM 51,712 migpwd.exe
08/22/2001 05:00 PM 6,144 kbdsp.dll
08/22/2001 05:00 PM 83,456 l3codecx.ax
08/22/2001 05:00 PM 16,896 oleaccrc.dll
08/22/2001 05:00 PM 163,328 oleacc.dll
08/22/2001 05:00 PM 5,632 perfnw.dll
08/22/2001 05:00 PM 34,816 atmpvcno.dll
08/22/2001 05:00 PM 7,680 hostname.exe
08/22/2001 05:00 PM 55,296 mqoa20.tlb
08/22/2001 05:00 PM 8,192 mqperf.dll
08/22/2001 05:00 PM 9,728 label.exe
08/22/2001 05:00 PM 14,848 hnetmon.dll
08/22/2001 05:00 PM 4,768 himem.sys
08/22/2001 05:00 PM 32,768 cnetcfg.dll
08/22/2001 05:00 PM 10,110 mqperf.ini
08/22/2001 05:00 PM 4,208 storage.dll
08/22/2001 05:00 PM 2,755 mqprfsym.h
08/22/2001 05:00 PM 12,800 mrinfo.exe
08/22/2001 05:00 PM 26,624 cnvfat.dll
08/22/2001 05:00 PM 21,232 graphics.pro
08/22/2001 05:00 PM 93,702 subrange.uce
08/22/2001 05:00 PM 9,216 subst.exe
08/22/2001 05:00 PM 19,694 graphics.com
08/22/2001 05:00 PM 6,144 svcpack.dll
08/22/2001 05:00 PM 138,752 swprv.dll
08/22/2001 05:00 PM 26,112 graftabl.com
08/22/2001 05:00 PM 51,200 syncapp.exe
08/22/2001 05:00 PM 57,344 gpupdate.exe
08/22/2001 05:00 PM 153,008 ole2nls.dll
08/22/2001 05:00 PM 7,680 ncxpnt.dll
08/22/2001 05:00 PM 18,896 sysedit.exe
08/22/2001 05:00 PM 15,872 sysinv.dll
08/22/2001 05:00 PM 36,864 syskey.exe
08/22/2001 05:00 PM 102,912 msaatext.dll
08/22/2001 05:00 PM 34,871 gpedit.msc
08/22/2001 05:00 PM 3,214 sysprint.sep
08/22/2001 05:00 PM 6,144 kbdsw.dll
08/22/2001 05:00 PM 6,144 kbdpo.dll
08/22/2001 05:00 PM 3,577 sysprtj.sep
08/22/2001 05:00 PM 285,184 glmf32.dll
08/22/2001 05:00 PM 3,360 system.drv
08/22/2001 05:00 PM 605,696 getuname.dll
08/22/2001 05:00 PM 3,072 systray.exe
08/22/2001 05:00 PM 24,772 geo.nls
08/22/2001 05:00 PM 19,200 tapi.dll
08/22/2001 05:00 PM 61,168 msacm.dll
08/22/2001 05:00 PM 24,576 gdi.exe
08/22/2001 05:00 PM 5,632 tapiperf.dll
08/22/2001 05:00 PM 5,632 kbdro.dll
08/22/2001 05:00 PM 78,848 tapiui.dll
08/22/2001 05:00 PM 24,006 gb2312.uce
08/22/2001 05:00 PM 41,472 g711codc.ax
08/22/2001 05:00 PM 15,360 taskman.exe
08/22/2001 05:00 PM 176,128 ftsrch.dll
08/22/2001 05:00 PM 12,288 tcmsetup.exe
08/22/2001 05:00 PM 56,320 fsutil.exe
08/22/2001 05:00 PM 81,408 fsusd.dll
08/22/2001 05:00 PM 20,480 nbtstat.exe
08/22/2001 05:00 PM 32,760 fsmgmt.msc
08/22/2001 05:00 PM 19,456 tcpsvcs.exe
08/22/2001 05:00 PM 13,312 atkctrs.dll
08/22/2001 05:00 PM 28,160 telephon.cpl
08/22/2001 05:00 PM 35,840 narrhook.dll
08/22/2001 05:00 PM 20,480 msacm32.drv
08/22/2001 05:00 PM 16,384 fmifs.dll
08/22/2001 05:00 PM 5,632 kbdru.dll
08/22/2001 05:00 PM 16,896 tftp.exe
08/22/2001 05:00 PM 21,504 pathping.exe
08/22/2001 05:00 PM 169,520 ole2disp.dll
08/22/2001 05:00 PM 3,072 fixmapi.exe
08/22/2001 05:00 PM 4,048 timer.drv
08/22/2001 05:00 PM 9,216 finger.exe
08/22/2001 05:00 PM 9,216 find.exe
08/22/2001 05:00 PM 14,848 fc.exe
08/22/2001 05:00 PM 882 fastopen.exe
08/22/2001 05:00 PM 13,888 toolhelp.dll
08/22/2001 05:00 PM 15,872 expand.exe
08/22/2001 05:00 PM 8,424 exe2bin.exe
08/22/2001 05:00 PM 31,744 tracert6.exe
08/22/2001 05:00 PM 31,232 traffic.dll
08/22/2001 05:00 PM 39,744 ole2.dll
08/22/2001 05:00 PM 56,678 eventvwr.msc
08/22/2001 05:00 PM 52,224 tsappcmp.dll
08/22/2001 05:00 PM 8,704 eventvwr.exe
08/22/2001 05:00 PM 97,965 eventquery.vbs
08/22/2001 05:00 PM 14,848 tscon.exe
08/22/2001 05:00 PM 15,360 tsd32.dll
08/22/2001 05:00 PM 33,280 eventcls.dll
08/22/2001 05:00 PM 14,848 tsdiscon.exe
08/22/2001 05:00 PM 29,338 eula.txt
08/22/2001 05:00 PM 16,384 tskill.exe
08/22/2001 05:00 PM 3,286 tslabels.h
08/22/2001 05:00 PM 13,223 tslabels.ini
08/22/2001 05:00 PM 3,584 comcat.dll
08/22/2001 05:00 PM 16,896 tsshutdn.exe
08/22/2001 05:00 PM 8,192 tssoft32.acm
08/22/2001 05:00 PM 65,024 msaudite.dll
08/22/2001 05:00 PM 90,112 mycomput.dll
08/22/2001 05:00 PM 39,424 esentutl.exe
08/22/2001 05:00 PM 7,168 mscat32.dll
08/22/2001 05:00 PM 817 mscdexnt.exe
08/22/2001 05:00 PM 1,015,477 esentprf.ini
08/22/2001 05:00 PM 177,856 typelib.dll
08/22/2001 05:00 PM 36,352 typeperf.exe
08/22/2001 05:00 PM 58,273 perfmon.msc
08/22/2001 05:00 PM 6,708 esentprf.hxx
08/22/2001 05:00 PM 46,258 mib.bin
08/22/2001 05:00 PM 17,408 esentprf.dll
08/22/2001 05:00 PM 82,432 ufat.dll
08/22/2001 05:00 PM 42,339 certmgr.msc
08/22/2001 05:00 PM 1,114,896 esent97.dll
08/22/2001 05:00 PM 103,424 EqnClass.Dll
08/22/2001 05:00 PM 13,312 umdmxfrm.dll
08/22/2001 05:00 PM 89,600 langwrbk.dll
08/22/2001 05:00 PM 89,588 unicode.nls
08/22/2001 05:00 PM 10,544 comm.drv
08/22/2001 05:00 PM 127,213 ega.cpi
08/22/2001 05:00 PM 12,642 edlin.exe
08/22/2001 05:00 PM 4,096 unlodctr.exe
08/22/2001 05:00 PM 10,790 edit.hlp
08/22/2001 05:00 PM 69,886 edit.com
08/22/2001 05:00 PM 26,624 msxmlr.dll
08/22/2001 05:00 PM 50,620 command.com
08/22/2001 05:00 PM 32,816 commdlg.dll
08/22/2001 05:00 PM 15,872 comp.exe
08/22/2001 05:00 PM 17,920 ureg.dll
08/22/2001 05:00 PM 32,256 asr_ldm.exe
08/22/2001 05:00 PM 114 pcl.sep
08/22/2001 05:00 PM 218,003 dssec.dat
08/22/2001 05:00 PM 37,916 msxml2r.dll
08/22/2001 05:00 PM 47,872 user.exe
08/22/2001 05:00 PM 81 dsound.vxd
08/22/2001 05:00 PM 62,976 dsauth.dll
08/22/2001 05:00 PM 6,761 oembios.sig
08/22/2001 05:00 PM 45,568 drwtsn32.exe
08/22/2001 05:00 PM 4,463 oembios.dat
08/22/2001 05:00 PM 13,107,200 oembios.bin
08/22/2001 05:00 PM 19,456 arp.exe
08/22/2001 05:00 PM 28,112 drwatson.exe
08/22/2001 05:00 PM 221,600 lanman.drv
08/22/2001 05:00 PM 768 msdtcprf.h
08/22/2001 05:00 PM 1,161 usrlogon.cmd
08/22/2001 05:00 PM 126,912 msvideo.dll
08/22/2001 05:00 PM 12,498 append.exe
08/22/2001 05:00 PM 102,912 apcups.dll
08/22/2001 05:00 PM 9,029 ansi.sys
08/22/2001 05:00 PM 1,931 msdtcprf.ini
08/22/2001 05:00 PM 25,600 msvidc32.dll
08/22/2001 05:00 PM 5,632 kbdtat.dll
08/22/2001 05:00 PM 272,128 perfi009.dat
08/22/2001 05:00 PM 253,952 msvcrt20.dll
08/22/2001 05:00 PM 32,968 ntmsoprq.msc
08/22/2001 05:00 PM 25,600 utildll.dll
08/22/2001 05:00 PM 42,768 dpwsock.dll
08/22/2001 05:00 PM 29,696 lights.exe
08/22/2001 05:00 PM 227,840 avtapi.dll
08/22/2001 05:00 PM 18,832 v7vga.rom
08/22/2001 05:00 PM 1,152 perffilt.ini
08/22/2001 05:00 PM 30,160 compobj.dll
08/22/2001 05:00 PM 53,520 dpserial.dll
08/22/2001 05:00 PM 2,577 CONFIG.TMP
08/22/2001 05:00 PM 61,952 dpnwsock.dll
08/22/2001 05:00 PM 62,464 dpnmodem.dll
08/22/2001 05:00 PM 5,632 kbduk.dll
08/22/2001 05:00 PM 7,680 vcdex.dll
08/22/2001 05:00 PM 94,282 msencode.dll
08/22/2001 05:00 PM 565,760 msvcp50.dll
08/22/2001 05:00 PM 66,560 console.dll
08/22/2001 05:00 PM 9,008 ver.dll
08/22/2001 05:00 PM 33,040 dplay.dll
08/22/2001 05:00 PM 8,192 cidaemon.exe
08/22/2001 05:00 PM 98,304 verifier.exe
08/22/2001 05:00 PM 1,355,776 msvbvm50.dll
08/22/2001 05:00 PM 20,535 vfpodbc.dll
08/22/2001 05:00 PM 9,344 vga.dll
08/22/2001 05:00 PM 2,176 vga.drv
08/22/2001 05:00 PM 51,456 vga256.dll
08/22/2001 05:00 PM 18,176 vga64k.dll
08/22/2001 05:00 PM 75 View Channels.scf
08/22/2001 05:00 PM 20,992 msg.exe
08/22/2001 05:00 PM 4,608 vjoy.dll
08/22/2001 05:00 PM 25,088 lnkstub.exe
08/22/2001 05:00 PM 2,151 12520437.cpx
08/22/2001 05:00 PM 33,792 vssadmin.exe
08/22/2001 05:00 PM 10,752 doskey.exe
08/22/2001 05:00 PM 46,080 docprop.dll
08/22/2001 05:00 PM 16,896 vss_ps.dll
08/22/2001 05:00 PM 19,456 vwipxspx.dll
08/22/2001 05:00 PM 1,129 vwipxspx.exe
08/22/2001 05:00 PM 9,216 msg711.acm
08/22/2001 05:00 PM 19,968 msgsm32.acm
08/22/2001 05:00 PM 49,664 w32tm.exe
08/22/2001 05:00 PM 22,016 w32topl.dll
08/22/2001 05:00 PM 17,408 compact.exe
08/22/2001 05:00 PM 41,762 ciadv.msc
08/22/2001 05:00 PM 163,328 ciadmin.dll
08/22/2001 05:00 PM 65,489 wbcache.deu
08/22/2001 05:00 PM 65,489 wbcache.enu
08/22/2001 05:00 PM 65,489 wbcache.esn
08/22/2001 05:00 PM 65,489 wbcache.fra
08/22/2001 05:00 PM 65,489 wbcache.ita
08/22/2001 05:00 PM 65,489 wbcache.nld
08/22/2001 05:00 PM 65,489 wbcache.sve
08/22/2001 05:00 PM 1,309,184 wbdbase.deu
08/22/2001 05:00 PM 957,440 wbdbase.enu
08/22/2001 05:00 PM 750,080 wbdbase.esn
08/22/2001 05:00 PM 786,944 wbdbase.fra
08/22/2001 05:00 PM 867,840 wbdbase.ita
08/22/2001 05:00 PM 1,095,680 wbdbase.nld
08/22/2001 05:00 PM 937,984 wbdbase.sve
08/22/2001 05:00 PM 140 perffilt.h
08/22/2001 05:00 PM 6,144 kbdtuf.dll
08/22/2001 05:00 PM 61,440 dmview.ocx
08/22/2001 05:00 PM 4,096 wdl.trm
08/22/2001 05:00 PM 19,456 dmocx.dll
08/22/2001 05:00 PM 6,656 msswchx.exe
08/22/2001 05:00 PM 18,432 dmintf.dll
08/22/2001 05:00 PM 13,312 msswch.dll
08/22/2001 05:00 PM 40,448 webhits.dll
08/22/2001 05:00 PM 118,784 dmdskres.dll
08/22/2001 05:00 PM 330,752 dmconfig.dll
08/22/2001 05:00 PM 13,600 wfwnet.drv
08/22/2001 05:00 PM 4,608 dllhst3g.exe
08/22/2001 05:00 PM 17,920 diskperf.exe
08/22/2001 05:00 PM 33,673 diskmgmt.msc
08/22/2001 05:00 PM 7,168 diskcopy.com
08/22/2001 05:00 PM 9,216 diskcomp.com
08/22/2001 05:00 PM 44,032 dimap.dll
08/22/2001 05:00 PM 394,240 diactfrm.dll
08/22/2001 05:00 PM 40,448 wiasf.ax
08/22/2001 05:00 PM 74,240 dhcpsapi.dll
08/22/2001 05:00 PM 85,020 dgsetup.dll
08/22/2001 05:00 PM 145,408 wiavusd.dll
08/22/2001 05:00 PM 9,216 wifeman.dll
08/22/2001 05:00 PM 18,432 win.com
08/22/2001 05:00 PM 4,608 mssip32.dll
08/22/2001 05:00 PM 176,157 dgrpsetu.dll
08/22/2001 05:00 PM 13,312 win87em.dll
08/22/2001 05:00 PM 35,840 mssign32.dll
08/22/2001 05:00 PM 35,328 winchat.exe
08/22/2001 05:00 PM 11,264 chkntfs.exe
08/22/2001 05:00 PM 51,200 dfrgres.dll
08/22/2001 05:00 PM 161,792 adsnds.dll
08/22/2001 05:00 PM 9,216 winfax.dll
08/22/2001 05:00 PM 1,131 loadfix.com
08/22/2001 05:00 PM 32,674 winhelp.hlp
08/22/2001 05:00 PM 8,192 winhlp32.exe
08/22/2001 05:00 PM 41,397 dfrg.msc
08/22/2001 05:00 PM 11,776 chkdsk.exe
08/22/2001 05:00 PM 33,079 devmgmt.msc
08/22/2001 05:00 PM 2 desktop.ini
08/22/2001 05:00 PM 18,432 deskperf.dll
08/22/2001 05:00 PM 11,776 winmsd.exe
08/22/2001 05:00 PM 14,848 msidntld.dll
08/22/2001 05:00 PM 16,896 deskmon.dll
08/22/2001 05:00 PM 2,080 winoldap.mod
08/22/2001 05:00 PM 16,384 deskadp.dll
08/22/2001 05:00 PM 20,634 debug.exe
08/22/2001 05:00 PM 39,424 ddeml.dll
08/22/2001 05:00 PM 2,864 winsock.dll
08/22/2001 05:00 PM 847,872 dbgeng.dll
08/22/2001 05:00 PM 2,112 winspool.exe
08/22/2001 05:00 PM 28,746 msrecr40.dll
08/22/2001 05:00 PM 47,616 d3dxof.dll
08/22/2001 05:00 PM 18,944 winstrm.dll
08/22/2001 05:00 PM 350,208 d3drm.dll
08/22/2001 05:00 PM 590,336 d3dramp.dll
08/22/2001 05:00 PM 15,360 pentnt.exe
08/22/2001 05:00 PM 34,816 d3dpmesh.dll
08/22/2001 05:00 PM 436,224 d3dim.dll
08/22/2001 05:00 PM 196,642 c_950.nls
08/22/2001 05:00 PM 196,642 c_949.nls
08/22/2001 05:00 PM 31,744 ntsd.exe
08/22/2001 05:00 PM 5,120 lodctr.exe
08/22/2001 05:00 PM 73,802 msrclr40.dll
08/22/2001 05:00 PM 36,864 ntsdexts.dll
08/22/2001 05:00 PM 50,176 loghours.dll
08/22/2001 05:00 PM 28,626 perfd009.dat
08/22/2001 05:00 PM 15,360 logoff.exe
08/22/2001 05:00 PM 6,144 lpq.exe
08/22/2001 05:00 PM 51,200 wmerrenu.dll
08/22/2001 05:00 PM 8,192 lpr.exe
08/22/2001 05:00 PM 80,384 charmap.exe
08/22/2001 05:00 PM 9,216 lprmonui.dll
08/22/2001 05:00 PM 63,488 wmimgmt.msc
08/22/2001 05:00 PM 18,944 wmiprop.dll
08/22/2001 05:00 PM 55,808 wmiscmgr.dll
08/22/2001 05:00 PM 6,144 kbdtuq.dll
08/22/2001 05:00 PM 60,416 msratelc.dll
08/22/2001 05:00 PM 7,168 msr2cenu.dll
08/22/2001 05:00 PM 10,752 clb.dll
08/22/2001 05:00 PM 196,642 c_936.nls
08/22/2001 05:00 PM 162,850 c_932.nls
08/22/2001 05:00 PM 42,166 lusrmgr.msc
08/22/2001 05:00 PM 69,632 msr2c.dll
08/22/2001 05:00 PM 2,560 lz32.dll
08/22/2001 05:00 PM 66,082 c_875.nls
08/22/2001 05:00 PM 9,936 lzexpand.dll
08/22/2001 05:00 PM 126,464 nwscript.exe
08/22/2001 05:00 PM 66,594 c_874.nls
08/22/2001 05:00 PM 168 l_except.nls
08/22/2001 05:00 PM 7,046 l_intl.nls
08/22/2001 05:00 PM 6,144 nwevent.dll
08/22/2001 05:00 PM 66,594 c_869.nls
08/22/2001 05:00 PM 20,480 nwcfg.dll
08/22/2001 05:00 PM 66,594 c_866.nls
08/22/2001 05:00 PM 8,192 mag_hook.dll
08/22/2001 05:00 PM 36,864 nwc.cpl
08/22/2001 05:00 PM 187,904 main.cpl
08/22/2001 05:00 PM 66,594 c_865.nls
08/22/2001 05:00 PM 66,594 c_863.nls
08/22/2001 05:00 PM 17,408 nwapi16.dll
08/22/2001 05:00 PM 3,252 nw16.exe
08/22/2001 05:00 PM 112,128 mapi32.dll
08/22/2001 05:00 PM 28,420 bios1.rom
08/22/2001 05:00 PM 8,191 bios4.rom
08/22/2001 05:00 PM 112,128 mapistub.dll
08/22/2001 05:00 PM 66,594 c_861.nls
08/22/2001 05:00 PM 10,240 mcd32.dll
08/22/2001 05:00 PM 10,496 mcdsrv32.dll
08/22/2001 05:00 PM 4,608 mchgrcoi.dll
08/22/2001 05:00 PM 73,376 mciavi.drv
08/22/2001 05:00 PM 66,594 c_860.nls
08/22/2001 05:00 PM 2,736 wowdeb.exe
08/22/2001 05:00 PM 10,368 wowexec.exe
08/22/2001 05:00 PM 41,984 msports.dll
08/22/2001 05:00 PM 66,594 c_857.nls
08/22/2001 05:00 PM 4,608 bootok.exe
08/22/2001 05:00 PM 12,288 bootvid.dll
08/22/2001 05:00 PM 5,120 bootvrfy.exe
08/22/2001 05:00 PM 22,984 bopomofo.uce
08/22/2001 05:00 PM 2,891 perfci.ini
08/22/2001 05:00 PM 17,408 mcicda.dll
08/22/2001 05:00 PM 8,192 mciole16.dll
08/22/2001 05:00 PM 7,680 mciole32.dll
08/22/2001 05:00 PM 25,264 mciseq.drv
08/22/2001 05:00 PM 66,594 c_855.nls
08/22/2001 05:00 PM 5,632 write.exe
08/22/2001 05:00 PM 66,594 c_852.nls
08/22/2001 05:00 PM 66,594 c_850.nls
08/22/2001 05:00 PM 66,594 c_775.nls
08/22/2001 05:00 PM 26,112 adptif.dll
08/22/2001 05:00 PM 66,594 c_737.nls
08/22/2001 05:00 PM 66,082 c_500.nls
08/22/2001 05:00 PM 66,594 c_437.nls
08/22/2001 05:00 PM 9,216 wshatm.dll
08/22/2001 05:00 PM 66,082 c_28605.nls
08/22/2001 05:00 PM 28,160 mciwave.drv
08/22/2001 05:00 PM 50,176 mdhcp.dll
08/22/2001 05:00 PM 66,082 c_28599.nls
08/22/2001 05:00 PM 11,776 wshisn.dll
08/22/2001 05:00 PM 7,168 wshnetbs.dll
08/22/2001 05:00 PM 66,082 c_28598.nls
08/22/2001 05:00 PM 66,082 C_28597.NLS
08/22/2001 05:00 PM 66,082 C_28595.NLS
08/22/2001 05:00 PM 66,082 C_28594.NLS
08/22/2001 05:00 PM 66,082 c_28593.nls
08/22/2001 05:00 PM 66,082 c_28592.nls
08/22/2001 05:00 PM 66,082 c_28591.nls
08/22/2001 05:00 PM 66,082 c_21866.nls
08/22/2001 05:00 PM 66,082 c_20905.nls
08/22/2001 05:00 PM 5,632 kbdru1.dll
08/22/2001 05:00 PM 66,082 c_20866.nls
08/22/2001 05:00 PM 139,810 c_20261.nls
08/22/2001 05:00 PM 111,104 activeds.tlb
08/22/2001 05:00 PM 66,082 c_20127.nls
08/22/2001 05:00 PM 66,082 c_1258.nls
08/22/2001 05:00 PM 7,680 ckcnv.exe
08/22/2001 05:00 PM 33,280 msobjs.dll
08/22/2001 05:00 PM 129,536 acledit.dll
08/22/2001 05:00 PM 66,082 c_1257.nls
08/22/2001 05:00 PM 61,952 acelpdec.ax
08/22/2001 05:00 PM 66,082 c_1256.nls
08/22/2001 05:00 PM 66,082 c_1255.nls
08/22/2001 05:00 PM 66,082 c_1254.nls
08/22/2001 05:00 PM 66,082 c_1253.nls
08/22/2001 05:00 PM 64,512 acctres.dll
08/22/2001 05:00 PM 66,082 c_1252.nls
08/22/2001 05:00 PM 39,274 mem.exe
08/22/2001 05:00 PM 924,432 mfc40.dll
08/22/2001 05:00 PM 6,144 kbdsf.dll
08/22/2001 05:00 PM 76,800 gcdef.dll
08/22/2001 05:00 PM 427 perfci.h
08/22/2001 05:00 PM 32,256 wupdmgr.exe
08/22/2001 05:00 PM 7,680 chcp.com
08/22/2001 05:00 PM 25,600 aaaamon.dll
08/22/2001 05:00 PM 64,000 avicap32.dll
08/22/2001 05:00 PM 66,082 c_1251.nls
08/22/2001 05:00 PM 35,840 ncpa.cpl
08/22/2001 05:00 PM 2,233 12520850.cpx
08/22/2001 05:00 PM 66,082 c_1250.nls
08/22/2001 05:00 PM 66,082 c_1026.nls
08/22/2001 05:00 PM 66,082 c_10082.nls
08/22/2001 05:00 PM 66,082 c_10081.nls
08/22/2001 05:00 PM 66,082 c_10079.nls
08/22/2001 05:00 PM 66,082 c_10029.nls
08/22/2001 05:00 PM 66,082 c_10017.nls
08/22/2001 05:00 PM 66,082 c_10010.nls
08/22/2001 05:00 PM 66,082 c_10007.nls
08/22/2001 05:00 PM 66,082 c_10006.nls
08/22/2001 05:00 PM 66,082 c_10000.nls
08/22/2001 05:00 PM 66,082 c_037.nls
08/22/2001 05:00 PM 8,386 ctype.nls
08/22/2001 05:00 PM 73,216 avwav.dll
08/22/2001 05:00 PM 27,200 ctl3dv2.dll
08/22/2001 05:00 PM 27,136 ctl3d32.dll
08/22/2001 05:00 PM 73,728 csseqchk.dll
08/22/2001 05:00 PM 38,302 compmgmt.msc
08/22/2001 05:00 PM 27,648 ccfgnt.dll
08/22/2001 05:00 PM 21,504 ipxrip.dll
08/22/2001 05:00 PM 149,019 crtdll.dll
08/22/2001 05:00 PM 27,097 country.sys
08/22/2001 05:00 PM 13,824 convert.exe
08/22/2001 05:00 PM 8,192 control.exe
08/18/2001 03:36 AM 5,632 ptpusb.dll
07/06/2001 04:30 PM 3,399 hptcpmon.ini
05/23/2000 10:45 PM 118,784 MSSTDFMT.DLL
05/11/2000 01:06 PM 397,312 MSRDO20.DLL
04/03/2000 05:52 PM 151,552 RDOCURS.DLL
11/24/1999 06:40 PM 40,960 VBAME.DLL
01/05/1999 05:30 PM 225,280 VSFLEX3.OCX
08/09/1998 11:07 AM 94,208 MSSTKPRP.DLL
06/24/1998 12:00 AM 260,920 MSDATGRD.OCX
06/17/1998 07:08 PM 53,248 MFC42ENU.DLL
03/24/1998 09:54 PM 15,872 SCP32.DLL
03/24/1998 01:44 PM 24,848 VBAEND32.OLB
03/24/1998 01:44 PM 24,848 VBAEN32.OLB
12/03/1996 02:50 PM 37,376 VEN2232.OLB
2158 File(s) 553,367,354 bytes
0 Dir(s) 61,396,725,760 bytes free
Hi,
Step 1
Press Start -> My Computer -> Local Disk (C)
Locate the following folder using the path below. If found please delete.
C:\Program Files\LimeWire
Step 2
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Step 3
Please post a fresh HijackThis log and Malwarebytes' Anti-Malware log.
There was no Limewire folder to remove. Here are the logs.
Malwarebytes'
Malwarebytes' Anti-Malware 1.28
Database version: 1240
Windows 5.1.2600 Service Pack 3
10/7/2008 4:49:25 PM
mbam-log-2008-10-07 (16-49-25).txt
Scan type: Full Scan (C:\|)
Objects scanned: 165263
Time elapsed: 24 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Matthew\Application Data\Adobe\Manager.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20303F20-1390-41C6-87BA-1DA68AA32B12}\RP84\A0010279.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted
successfully.
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:21 PM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10218 bytes
Hi,
How your computer running now?
Step 1
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.
You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
Step 2
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
Step 3
Please post a fresh HijackThis log and Kaspersky Online Scanner log.
Hello!
Do you still need help?
It has been three days since my last post.
Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?
Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
sorry abotu the delay, was away from my computer for the past couple of days.
I installed the first Antivirus you listed and here is the Kaspersky log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 16, 2008 20:06:51
Records in database: 1316968
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
E:\
Scan statistics:
Files scanned: 129472
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:39:12
File name / Threat name / Threats count
C:\autorun.inf Infected: Worm.Win32.AutoRun.nuu 1
Infected: Trojan.Win32.Small.xut 1
The selected area was scanned.
Hi,
Step 1
Remove file with OTMoveIt3.
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.
:Files
C:\autorun.inf
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Step 2
Please post a fresh HijackThis log and OTMoveIt3 log.
OTMoveIt Log
========== FILES ==========
C:\autorun.inf moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10202008_224529
HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:54 PM, on 10/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11102 bytes
Hi,
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Re-enable Teatimer:
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
On the left hand side, click on Tools.
Check (tick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.
Next we remove all used tools.
Open OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
You can also remove RSIT.exe, if you still have it on your desktop.
Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://bfccomputers.com/index.php?showtopic=1644)
Malwarebytes' Anti-Malware Scanning Guide (http://bfccomputers.com/index.php?showtopic=1645)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
Thanks so much for all your help, really appreciate it!