PDA

View Full Version : need help with reocurring problem


radiokiller
2008-11-22, 01:07
One day while I was surfing the web looking for some tv-shows I get a pop-up, but it was blocked because it was a reported attack site. However, I got alot of AV alerts so the pop-up still managed to infect my PC. After scanning with my AV, which is nod32, I removed quite a few threats. The browser though kept getting random pop-ups and redirecting pages. I decided to get Spybot search and destroy and it picked up 5 infections that were called Virtumonde. I cleaned it and rescanned to make sure. Virtumonde somehow came back so i deleted it again. a third time it also came back....it keeps coming bak!! so can anyone please help me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:44 PM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Andrew\Desktop\remover\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [SpybotDeletingA8252] command /c del "C:\WINDOWS\system32\niwetplq.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3800] cmd /c del "C:\WINDOWS\system32\niwetplq.dll_old"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7642] command /c del "C:\WINDOWS\system32\niwetplq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9204] cmd /c del "C:\WINDOWS\system32\niwetplq.dll_old"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: zyluqj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5745 bytes



OTViewIt logfile created on: 11/21/2008 4:04:57 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Andrew\Desktop\remover
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 139.18 Gb Free Space | 59.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Q6600
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/03/13 15:49:56 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
[2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2007/01/30 22:20:42 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
[2007/01/30 22:18:02 | 00,180,285 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2008/04/13 16:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/04/07 15:06:00 | 16,859,136 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/03/13 15:48:30 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[2008/05/01 20:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
[2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/10/07 14:09:03 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Valve\Steam\Steam.exe
[2007/10/08 13:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
[2008/07/07 09:42:04 | 04,891,472 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
[2008/11/12 19:37:59 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/21 09:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
[2008/04/13 16:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/13 16:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/11/21 07:20:18 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\remover\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/03/19 17:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/03/13 15:55:26 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2008/03/13 15:49:56 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
[2007/10/09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/01/30 22:20:42 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
[2007/10/11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/10/11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/02/28 16:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007/01/30 22:18:02 | 00,180,285 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2008/10/07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/03/13 15:43:42 | 00,040,456 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2008/03/13 15:44:36 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2008/03/13 15:52:18 | 00,033,800 | ---- | M] () -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir [System | Running])
[2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/04/07 15:06:00 | 04,713,472 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2007/11/26 10:16:00 | 00,072,704 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/05/19 16:36:28 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Copy of MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
[2008/05/19 16:36:26 | 00,015,472 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb [On_Demand | Running])
[2008/10/07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/10/18 15:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/11/20 01:35:24 | 00,062,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/11/20 01:35:26 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/05/02 16:54:10 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/06/26 19:07:44 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\PE_C_MOM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\PE_C_MOM\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\PE_C_MOM\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (288033 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
9926 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{1a000b78-4ccb-43f9-90d9-ce7e0a3056dc} (HKLM) -- C:\WINDOWS\system32\zyluqj.dll ()
{21D0EF7D-EA62-4DF3-84E7-7E8F1D116E04} (HKLM) -- C:\WINDOWS\system32\hgGwUmkJ.dll ()
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{73259091-9574-4ED8-A40F-7F65AFC28634} (HKLM) -- C:\WINDOWS\system32\cbXNHXRj.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe boot (JMicron Technology Corp.)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe ()
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Aim6"= File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"Steam"=C:\Program Files\Valve\Steam\\Steam.exe -silent (Valve Corporation)

[HKEY_USERS\PE_C_MOM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Aim6"= File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"Steam"=C:\Program Files\Valve\Steam\\Steam.exe -silent (Valve Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA8252"=command /c del "C:\WINDOWS\system32\niwetplq.dll_old" ()
"SpybotDeletingC3800"=cmd /c del "C:\WINDOWS\system32\niwetplq.dll_old" (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB7642"=command /c del "C:\WINDOWS\system32\niwetplq.dll_old" ()
"SpybotDeletingD9204"=cmd /c del "C:\WINDOWS\system32\niwetplq.dll_old" (Microsoft Corporation)

[HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (Nero AG)

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB7642"=command /c del "C:\WINDOWS\system32\niwetplq.dll_old" ()
"SpybotDeletingD9204"=cmd /c del "C:\WINDOWS\system32\niwetplq.dll_old" (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\PE_C_MOM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\PE_C_MOM\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\PE_C_MOM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{782F4E37-AE3D-4FE0-ADD2-87EE148C9CD6} (Servers: | Description: 1394 Net Adapter)
{963A4D9D-F476-4013-AED1-72D59C1BB094} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=zyluqj.dll
>[2008/11/20 19:27:45 | 00,129,024 | ---- | M] () -- C:\WINDOWS\system32\zyluqj.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
cbXNHXRj: "DllName" = cbXNHXRj.dll -- C:\WINDOWS\system32\cbXNHXRj.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{73259091-9574-4ED8-A40F-7F65AFC28634}" (HKLM) -- C:\WINDOWS\system32\cbXNHXRj.dll ()

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\hgGwUmkJ,
>[2008/11/20 19:21:40 | 00,318,464 | ---- | M] () -- C:\WINDOWS\system32\hgGwUmkJ.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/04/25 22:10:15 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03777a16-47eb-11dd-b01d-001d92346ae8}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03777a16-47eb-11dd-b01d-001d92346ae8}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03777a16-47eb-11dd-b01d-001d92346ae8}\Shell\AutoRun\command]
""=F:\autoplay.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6200862b-4c64-11dd-b02a-001d92346ae8}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6200862b-4c64-11dd-b02a-001d92346ae8}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6200862b-4c64-11dd-b02a-001d92346ae8}\Shell\AutoRun\command]
""=E:\OblivionLauncher.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{667797f0-47ca-11dd-b01b-001d92346ae8}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{667797f0-47ca-11dd-b01b-001d92346ae8}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{667797f0-47ca-11dd-b01b-001d92346ae8}\Shell\AutoRun\command]
""=F:\autoplay.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/11/21 16:03:32 | 00,901,851 | -HS- | C] () -- C:\WINDOWS\System32\JkmUwGgh.ini2
[2008/11/21 15:38:28 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/21 15:23:27 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Spybot - Search & Destroy.lnk
[2008/11/21 15:23:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/21 15:23:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/21 07:28:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\remover
[2008/11/20 19:39:59 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\mlJBTjjh.dll
[2008/11/20 19:39:59 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\iifgGWNd.dll
[2008/11/20 19:31:37 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\cbXPiFUk.dll
[2008/11/20 19:31:37 | 00,000,000 | ---D | C] -- C:\Temp
[2008/11/20 19:31:36 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\opnlighH.dll
[2008/11/20 19:27:46 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\zyluqj.dll
[2008/11/20 19:27:43 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mftnxsoo.dll
[2008/11/20 19:25:25 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\tuvSjGWm.dll
[2008/11/20 19:25:25 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\awtRLddc.dll
[2008/11/20 19:24:44 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\niwetplq.dll_old
[2008/11/20 19:21:43 | 00,901,867 | -HS- | C] () -- C:\WINDOWS\System32\JkmUwGgh.ini
[2008/11/20 19:21:31 | 00,318,464 | ---- | C] () -- C:\WINDOWS\System32\hgGwUmkJ.dll
[2008/11/20 19:16:28 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\ddcDtSif.dll
[2008/11/20 19:16:27 | 00,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/11/20 19:16:27 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2008/11/20 19:16:27 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\cbXNHXRj.dll
[2008/11/20 19:16:27 | 00,002,407 | ---- | C] () -- C:\WINDOWS\System32\MSINET.DEP
[2008/11/15 19:18:29 | 00,060,416 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\wu-yi.doc
[2008/11/15 17:57:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2008/11/15 17:57:27 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2008/11/15 17:57:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/12 15:13:07 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 15:12:55 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/10 18:17:14 | 00,000,768 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Fallout 3.lnk
[2008/11/09 17:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Fallout3
[2008/11/09 17:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/11/09 17:04:55 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2008/11/09 17:04:55 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2008/11/09 17:04:55 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2008/11/09 17:04:55 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2008/11/09 17:04:54 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2008/11/09 17:04:54 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2008/11/09 17:04:54 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2008/11/09 17:04:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2008/11/09 17:03:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2008/11/09 17:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/11/09 17:01:00 | 00,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2008/11/09 17:00:58 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2008/11/06 17:42:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\Fallout.3-RELOADED
[2008/11/06 17:35:53 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\µTorrent.lnk
[2008/11/01 17:57:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Xfire
[2008/11/01 17:57:22 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2008/11/01 17:57:21 | 00,000,000 | ---D | C] -- C:\Program Files\Xfire
[2008/10/29 17:24:22 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/10/23 14:15:59 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/22 16:13:55 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/11/21 16:05:09 | 00,901,867 | -HS- | M] () -- C:\WINDOWS\System32\JkmUwGgh.ini
[2008/11/21 16:03:32 | 00,901,851 | -HS- | M] () -- C:\WINDOWS\System32\JkmUwGgh.ini2
[2008/11/21 15:43:36 | 00,288,033 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/21 15:38:28 | 00,000,091 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/21 15:23:27 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Spybot - Search & Destroy.lnk
[2008/11/21 15:00:10 | 00,195,690 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/11/21 15:00:09 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/21 14:59:26 | 00,498,032 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz
[2008/11/21 14:59:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/21 14:59:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/20 19:39:59 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\mlJBTjjh.dll
[2008/11/20 19:39:59 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\iifgGWNd.dll
[2008/11/20 19:31:36 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\opnlighH.dll
[2008/11/20 19:31:36 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\cbXPiFUk.dll
[2008/11/20 19:31:35 | 00,115,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/11/20 19:31:35 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\MSINET.oca
[2008/11/20 19:31:35 | 00,002,407 | ---- | M] () -- C:\WINDOWS\System32\MSINET.DEP
[2008/11/20 19:27:45 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\zyluqj.dll
[2008/11/20 19:27:45 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\mftnxsoo.dll
[2008/11/20 19:25:25 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\tuvSjGWm.dll
[2008/11/20 19:25:25 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\awtRLddc.dll
[2008/11/20 19:24:49 | 00,072,704 | ---- | M] () -- C:\WINDOWS\System32\niwetplq.dll_old
[2008/11/20 19:21:40 | 00,318,464 | ---- | M] () -- C:\WINDOWS\System32\hgGwUmkJ.dll
[2008/11/20 19:16:27 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\ddcDtSif.dll
[2008/11/20 19:16:27 | 00,026,112 | ---- | M] () -- C:\WINDOWS\System32\cbXNHXRj.dll
[2008/11/19 19:03:18 | 04,285,008 | -H-- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\IconCache.db
[2008/11/16 13:31:59 | 00,060,416 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\wu-yi.doc
[2008/11/12 15:17:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/11 14:49:23 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/11 14:49:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/11 14:49:23 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/11/10 18:17:14 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Fallout 3.lnk
[2008/11/09 17:01:00 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2008/11/06 17:35:53 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\µTorrent.lnk
[2008/11/05 17:28:08 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/03 16:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/02 03:09:08 | 00,444,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/02 03:09:08 | 00,072,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/02 03:09:07 | 00,526,212 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/01 17:57:22 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2008/10/29 17:24:22 | 00,042,320 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/10/28 15:04:43 | 00,001,391 | -H-- | M] () -- C:\IPH.PH
[2008/10/28 15:04:29 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/10/22 16:24:28 | 00,010,844 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Office Word Document (3).docx
< End of report >
radiokiller
2008-11-22, 01:09
OTViewIt Extras logfile created on: 11/21/2008 4:04:57 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Andrew\Desktop\remover
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 139.18 Gb Free Space | 59.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Q6600
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/01 17:47:08 | 00,286,720 | ---- | M] () -- C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/02 23:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/10/21 09:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/02/20 06:33:48 | 00,963,072 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
[2008/11/14 16:21:25 | 00,106,496 | ---- | M] () -- C:\Program Files\Valve\Steam\SteamApps\boostboi\counter-strike source\hl2.exe:*:Enabled:hl2
[2008/04/23 14:46:32 | 26,150,480 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9
[2008/04/16 16:35:22 | 25,667,160 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10
[2008/02/22 10:08:44 | 00,619,144 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update
[2008/11/17 16:51:43 | 00,098,304 | ---- | M] () -- C:\Program Files\Valve\Steam\SteamApps\boostboi\team fortress 2\hl2.exe:*:Enabled:hl2
[2007/10/24 23:11:24 | 04,674,784 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32
[2007/10/24 23:11:28 | 00,017,120 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32
File not found -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
File not found -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client
[2008/09/26 18:14:06 | 03,660,848 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client
[2008/08/30 21:00:06 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/11/06 17:35:42 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/09/01 17:47:08 | 00,286,720 | ---- | M] () -- C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
[2008/05/14 20:57:10 | 19,353,392 | ---- | M] (Codemasters) -- C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2008/10/18 09:29:42 | 00,098,304 | ---- | M] () -- C:\Program Files\Valve\Steam\SteamApps\boostboi\age of chivalry\hl2.exe:*:Enabled:hl2
[2008/10/29 17:24:18 | 03,104,080 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
[2008/07/01 20:35:26 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}"=Crysis(R)
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam(TM)
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}"=HP USB Disk Storage Format Tool
"{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=JMB36X Raid Configurer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5A0B7BA5-4682-4273-81C2-69B17E649103}"=GRID
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}"=PlayNC Launcher
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}"=Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7A512A34-F4E8-43C4-BD80-43A022B31BF6}"=MapleStory
"{86A6E235-C08F-4A14-B14C-793C7D8844A0}"=ESET NOD32 Antivirus
"{8CFA9151-6404-409A-AF22-4632D04582FD}"=Assassin's Creed
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}"=Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}"=Fallout 3
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1"=IZArc 3.81
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}"=Nero 8
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}"=Half-Life(R) 2
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}"=BioShock
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AIM_6"=AIM 6
"Ares"=Ares 2.0.9
"AskSBar Uninstall"=Ask Toolbar
"DualCoreCenter_is1"=DualCoreCenter
"DVD Shrink_is1"=DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) 5_is1"=DVDFab (Platinum/Gold/HD Decrypter) 5.0.0.0 Beta
"FrostWire"=FrostWire 4.17.0
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"IrfanView"=IrfanView (remove only)
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.9.5 (Standard)
"Marsu-Fix"=Marsu-Fix
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSIHQ USB Bootable Tool & BIOS Helper_is1"=MSIHQ USB Bootable Tool and BIOS Helper ver: 1.16 2008
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"OpenAL"=OpenAL
"PeerGuardian_is1"=PeerGuardian 2.0
"PROR"=Microsoft Office Professional 2007
"Silkroad"=Silkroad
"Steam App 440"=Team Fortress 2
"StreamPlug"=StreamPlug Player
"SystemRequirementsLab"=System Requirements Lab
"Unlocker"=Unlocker 1.8.7
"ViewpointMediaPlayer"=Viewpoint Media Player
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"xTyFileCrypter_is1"=xTyFileCrypter 6.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
"NCsoft-Exteel"=Exteel
"uTorrent"=µTorrent
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-152049171-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA
"NCsoft-Exteel"=Exteel
"uTorrent"=µTorrent
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2008 6:25:04 PM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application nerostartsmart.exe, version 8.3.1.2, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Error - 7/28/2008 7:52:56 PM | Computer Name = Q6600 | Source = Application Hang | ID = 1002
Description = Hanging application swkotor2.exe, version 2.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2008 9:31:37 PM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application swkotor2.exe, version 2.0.0.0, faulting module
swkotor2.exe, version 2.0.0.0, fault address 0x000fc441.

Error - 7/28/2008 10:47:21 PM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application swkotor2.exe, version 2.0.0.0, faulting module
nvoglnt.dll, version 6.14.11.7519, fault address 0x001b7437.

Error - 7/28/2008 10:47:52 PM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application swkotor2.exe, version 2.0.0.0, faulting module
nvoglnt.dll, version 6.14.11.7519, fault address 0x001b7437.

Error - 7/28/2008 11:00:50 PM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application swkotor2.exe, version 2.0.0.0, faulting module
nvoglnt.dll, version 6.14.11.7519, fault address 0x001b7437.

Error - 7/28/2008 11:01:59 PM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application swkotor2.exe, version 2.0.0.0, faulting module
nvoglnt.dll, version 6.14.11.7519, fault address 0x001b7437.

Error - 7/28/2008 11:03:58 PM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application swkotor2.exe, version 2.0.0.0, faulting module
nvoglnt.dll, version 6.14.11.7519, fault address 0x001b7437.

Error - 7/29/2008 12:11:05 AM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application swkotor2.exe, version 2.0.0.0, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00011d8f.

Error - 7/29/2008 12:19:07 AM | Computer Name = Q6600 | Source = Application Error | ID = 1000
Description = Faulting application swkotor2.exe, version 2.0.0.0, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00011760.

[ OSession Events ]
Error - 10/21/2008 7:42:42 PM | Computer Name = Q6600 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/22/2008 8:09:36 PM | Computer Name = Q6600 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 10/22/2008 8:09:36 PM | Computer Name = Q6600 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 10/22/2008 8:09:36 PM | Computer Name = Q6600 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 10/22/2008 8:09:36 PM | Computer Name = Q6600 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/22/2008 8:09:36 PM | Computer Name = Q6600 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD easdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

Error - 10/22/2008 8:11:02 PM | Computer Name = Q6600 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/16/2008 2:55:54 PM | Computer Name = Q6600 | Source = Service Control Manager | ID = 7022
Description = The ForceWare Intelligent Application Manager (IAM) service hung on
starting.

Error - 11/16/2008 2:55:57 PM | Computer Name = Q6600 | Source = Service Control Manager | ID = 7022
Description = The ForceWare IP service service hung on starting.

Error - 11/20/2008 11:52:56 PM | Computer Name = Q6600 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/21/2008 12:06:06 AM | Computer Name = Q6600 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >