PDA

View Full Version : Viruses Keep Reappearing (Previously Had Virtumonde)



Oracle3001
2009-01-20, 18:02
I had a bout of Virtumonde, which I thought I had successfully killed off using ComboFix. However, in the past two weeks one in a while I will return to me computer and my anti-virus (Bitdefender 2009) will report that it has detected a list of maybe 4-5 new viruses and removed them.

I have been running Spybot, Spyware Doctor and MalwareBytes pretty much every day since the Virtumonde infection and I haven't seen anything out of the ordinary show up on those scans.

I am pretty concerned that something is still left deep in my system. I know that certain forms of Virtumonde go out and download new viruses from the net, so I am wondering if I am somehow still infected.

Below is latest HJT log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:03, on 01/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Program Files\Mediafour\XPlay 3\XPlay.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\UltraMon\UltraMon.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
D:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\MATLAB\R2007b\bin\win32\MATLAB.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Spyware Doctor\pctsGui.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
D:\Documents and Settings\Adam\Desktop\HiJackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Mediafour XPlay Explorer notifications - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - D:\Program Files\Mediafour\XPlay 3\XPBHO.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] "D:\Program Files\Mediafour\XPlay 3\XPlay.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194944531140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194944521171
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dejlkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - D:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: M4iPodWPDService - Mediafour Corporation - D:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Server 8.3 (postgresql-8.3) - PostgreSQL Global Development Group - D:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 14400 bytes

Blade81
2009-01-25, 13:09
Hi,


Please download ***OTViewIt**** (http://oldtimer.geekstogo.com/OTViewIt.exe) by ***OldTimer**** and save it to your Desktop.
Close all applications and windows.
Double-click on the ***OTViewIt.exe****to start OTViewIt.
Place a checkmark in the blue-colored Scan All Users checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, ***OTViewIt.Txt**** <- this one will be opened in Notepad and ***Extras.txt**** on Desktop.
Copy ***(Ctrl+A then Ctrl+C)**** and paste ***(Ctrl+V)**** the contents of ***OTViewIt.Txt**** and the Extras.txt to your post.

Oracle3001
2009-01-25, 14:15
OTViewIt logfile created on: 01/25/2009 11:23:21 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\Documents and Settings\Adam\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 56.91% Memory free
3.85 Gb Paging File | 2.73 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 135.21 Gb Total Space | 24.77 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 188.45 Gb Total Space | 124.16 Gb Free Space | 65.89% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 14.41 Gb Free Space | 29.52% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 18.45 Gb Free Space | 37.77% Space Free | Partition Type: NTFS
Drive G: | 184.16 Gb Total Space | 179.20 Gb Free Space | 97.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPANY-AF16886
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/01/15 11:51:13 | 00,425,984 | ---- | M] (BitDefender SRL) -- D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[2009/01/15 11:51:09 | 01,581,056 | ---- | M] (BitDefender S. R. L.) -- D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/04 13:56:18 | 01,123,608 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2008/11/25 19:41:50 | 00,088,024 | ---- | M] () -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe
[2009/01/12 18:33:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
[2008/10/06 10:12:04 | 00,211,456 | ---- | M] (Mediafour Corporation) -- D:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe
[2008/11/21 04:24:35 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- D:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
[2008/11/21 04:21:56 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
[2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- D:\WINDOWS\system32\PSIService.exe
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsAuxs.exe
[2009/01/11 20:43:07 | 01,079,176 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsSvc.exe
[2008/11/21 04:21:56 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
[2008/11/21 04:21:56 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
[2008/11/21 04:21:56 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
[2008/11/21 04:21:56 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
[2008/11/21 04:21:56 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
[2008/08/25 11:36:36 | 01,168,264 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsTray.exe
[2004/03/18 14:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\iTouch\iTouch.exe
[2006/08/11 19:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\CTHELPER.EXE
[2006/11/12 10:48:46 | 00,157,592 | ---- | M] (DT Soft Ltd.) -- D:\Program Files\DAEMON Tools\daemon.exe
[2008/04/14 00:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\rundll32.exe
[2004/12/14 02:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2006/10/11 11:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- D:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[2008/11/18 09:46:58 | 00,293,888 | ---- | M] (Mediafour Corporation) -- D:\Program Files\Mediafour\XPlay 3\XPlay.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunes\iTunesHelper.exe
[2009/01/15 11:51:10 | 00,741,376 | ---- | M] (BitDefender S.R.L.) -- D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
[2009/01/12 18:33:48 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
[2008/12/02 22:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- D:\Program Files\Canon\CAL\CALMAIN.exe
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe
[2008/12/28 16:51:14 | 00,133,104 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/09/29 01:38:26 | 00,731,648 | ---- | M] (Realtime Soft Ltd) -- D:\Program Files\UltraMon\UltraMon.exe
[2008/09/29 00:02:38 | 00,307,200 | ---- | M] (Realtime Soft Ltd) -- D:\Program Files\UltraMon\UltraMonTaskbar.exe
[2008/11/27 19:18:56 | 00,413,696 | ---- | M] () -- D:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
[2008/12/02 21:09:52 | 00,027,496 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Contacts\wlcomm.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wuauclt.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe
[2008/12/19 10:20:01 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/25 11:20:33 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Adam\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/02/29 22:24:11 | 00,069,632 | ---- | M] (Adobe Systems) -- D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/17 13:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- D:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- D:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/04/04 13:56:18 | 01,123,608 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/11/25 19:41:50 | 00,088,024 | ---- | M] () -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService [Auto | Running])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/01/12 18:33:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2009/01/15 11:51:13 | 00,425,984 | ---- | M] (BitDefender SRL) -- D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
[2008/10/06 10:12:04 | 00,211,456 | ---- | M] (Mediafour Corporation) -- D:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe -- (M4iPodWPDService [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 17:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (postgresql-8.3 [Auto | Running])
[2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- D:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2009/01/11 20:43:07 | 01,079,176 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2009/01/15 11:51:09 | 01,581,056 | ---- | M] (BitDefender S. R. L.) -- D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV [Auto | Running])
[2007/10/25 20:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/19 01:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/07/05 02:33:24 | 00,472,000 | ---- | M] (Atheros Communications, Inc.) -- D:\WINDOWS\system32\drivers\WG311T13.sys -- (AR5211 [On_Demand | Stopped])
[2008/11/27 19:17:30 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- D:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
[2008/11/27 19:19:13 | 00,104,328 | ---- | M] (BitDefender LLC) -- D:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
[2009/01/15 11:51:04 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- D:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
[2009/01/12 10:54:10 | 00,136,200 | ---- | M] (BitDefender LLC) -- D:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
[2008/02/26 17:12:40 | 00,008,448 | ---- | M] (BitDefender S.R.L.) -- D:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
[2009/01/15 11:51:05 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- D:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK [Auto | Running])
[2006/08/11 19:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2006/08/11 19:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2005/11/10 22:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2006/08/11 19:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2006/08/11 19:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2006/08/11 19:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/04/13 18:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/08/11 19:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2006/08/11 19:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Stopped])
[2006/08/11 19:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2008/08/25 11:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- D:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 11:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- D:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 11:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- D:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/03/03 14:50:00 | 00,014,095 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr [On_Demand | Running])
[2004/03/03 14:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) -- D:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb [On_Demand | Running])
[2008/10/24 07:53:16 | 00,293,632 | ---- | M] (Mediafour Corporation) -- D:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT [Boot | Running])
[2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2008/04/13 18:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2008/05/16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/04/24 22:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/04/15 01:09:04 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/04/15 01:09:06 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/08/11 19:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/11/27 19:17:09 | 00,013,056 | ---- | M] () -- D:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Running])
[2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/09/19 21:57:32 | 00,043,528 | ---- | M] (Sonic Solutions) -- D:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007/02/18 21:38:58 | 00,062,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2007/10/11 03:04:00 | 00,208,936 | ---- | M] (Silicon Image, Inc) -- D:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5 [Boot | Running])
[2007/10/11 03:04:36 | 00,017,064 | ---- | M] (Silicon Image, Inc.) -- D:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2007/10/11 03:04:20 | 00,012,200 | ---- | M] (Silicon Image, Inc.) -- D:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil [Boot | Running])
[2007/11/13 16:07:20 | 00,639,224 | ---- | M] () -- D:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/01/23 21:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) -- D:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Running])
[2007/07/10 08:00:42 | 00,036,736 | ---- | M] () -- D:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Running])
[2008/09/14 16:32:58 | 00,010,496 | ---- | M] (Realtime Soft Ltd) -- D:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility [Auto | Running])
[2005/09/19 13:41:00 | 00,241,280 | ---- | M] (Marvell) -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=D:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=D:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

========== (O1) Hosts File ==========

HOSTS File = (290724 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
10015 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} (HKLM) -- D:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (HKLM) -- D:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- D:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" (HKLM) -- D:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}"="D:\Program Files\Mediafour\XPlay 3\XPlay.exe" (Mediafour Corporation)
"Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"AppleSyncNotifier"=D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"BDAgent"="D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
"BitDefender Antiphishing Helper"="D:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"ISTray"="D:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"OpwareSE4"="D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
"SSBkgdUpdate"="D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="D:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"zBrowser Launcher"=D:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="D:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="D:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/03/18 23:48:04 | 00,025,214 | R--- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2008/10/12 13:18:36 | 00,029,310 | R--- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = D:\WINDOWS\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico

Oracle3001
2009-01-25, 14:16
========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1005\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: D:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1005\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Easy-WebPrint Add To Print List: Reg Error: Key does not exist or could not be opened. File not found
Easy-WebPrint High Speed Print: Reg Error: Key does not exist or could not be opened. File not found
Easy-WebPrint Preview: Reg Error: Key does not exist or could not be opened. File not found
Easy-WebPrint Print: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 19:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 10:58:44 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 10:58:44 | 00,110,592 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 19:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 10:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 19:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 10:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
antispyexpert.com: * in Trusted sites
imageservr.com: * in Trusted sites
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
imageservr.com: * in Trusted sites
55 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
imageservr.com: * in Trusted sites
55 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/su/ocx/15031/CTSUEng.cab -- Creative Software AutoUpdate
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab -- CKAVWebScan Object
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab -- Symantec AntiVirus scanner
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}: http://dl.tvunetworks.com/TVUAx.cab -- CTVUAxCtrl Object
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194944531140 -- WUWebControl Class
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab -- Symantec RuFSI Utility Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194944521171 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su/ocx/15031/CTPID.cab -- Creative Software AutoUpdate Support Package
Microsoft XML Parser for Java: file:///D:/WINDOWS/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{26C85DC1-5722-4830-AC77-01B72499CEEC} (Servers: | Description: 1394 Net Adapter)
{3BD2BCB2-6CEB-46D5-B4B8-3E30FA9140E6} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{70063D40-4C93-4B0E-AF7B-434DF2E41F9E} (Servers: | Description: 1394 Net Adapter)
{7719FF05-B43E-472E-9C73-913DF1C28BCC} (Servers: | Description: NETGEAR 108 Mbps Wireless PCI Adapter WG311T)
{8101F05D-EF4C-4D1A-8CDF-76563816A9BA} (Servers: | Description: )
{97AE8585-96EB-4514-BFF6-23E9CE53421D} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=dejlkg.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/10/15 16:32:49 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2 D:\WINDOWS\System32\*.tmp files]
[4 D:\WINDOWS\*.tmp files]
[4 D:\Documents and Settings\Adam\My Documents\*.tmp files]
[2009/01/25 11:20:33 | 00,422,912 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Adam\Desktop\OTViewIt.exe
[2009/01/22 17:01:25 | 00,036,968 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\Monthly Budget.pdf
[2009/01/22 03:20:45 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\NtmsData
[2009/01/21 23:49:12 | 00,024,064 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\Monthly Budget.xls
[2009/01/21 15:35:15 | 00,068,108 | ---- | C] () -- D:\Documents and Settings\Adam\My Documents\RE_ - Outlook Web Access Light.pdf
[2009/01/21 01:04:55 | 00,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2009/01/20 22:35:55 | 00,000,000 | -HSD | C] -- D:\RECYCLER
[2009/01/15 16:30:19 | 00,081,984 | ---- | C] () -- D:\WINDOWS\System32\bdod.bin
[2009/01/12 11:52:17 | 00,000,780 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Explore my iPod with XPlay.lnk
[2009/01/12 11:06:02 | 00,000,723 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\VLC.lnk
[2009/01/12 00:52:19 | 00,000,694 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\SpywareBlaster.lnk
[2009/01/12 00:35:54 | 00,578,560 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll
[2009/01/12 00:32:02 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERUNT
[2009/01/12 00:16:24 | 00,000,000 | ---D | C] -- D:\Program Files\SpywareBlaster
[2009/01/11 20:12:01 | 00,001,641 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/01/11 20:12:00 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- D:\WINDOWS\System32\drivers\iksyssec.sys
[2009/01/11 20:12:00 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- D:\WINDOWS\System32\drivers\iksysflt.sys
[2009/01/11 20:12:00 | 00,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- D:\WINDOWS\System32\drivers\ikfilesec.sys
[2009/01/11 20:12:00 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- D:\WINDOWS\System32\drivers\kcom.sys
[2009/01/11 20:11:45 | 00,000,000 | ---D | C] -- D:\Program Files\Spyware Doctor
[2009/01/11 20:11:45 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Adam\Application Data\PC Tools
[2009/01/11 17:50:32 | 00,022,454 | ---- | C] () -- D:\Documents and Settings\Adam\My Documents\cc_20090111_175032.reg
[2009/01/11 17:49:53 | 00,416,472 | ---- | C] () -- D:\Documents and Settings\Adam\My Documents\cc_20090111_174952.reg
[2009/01/11 17:44:14 | 00,000,008 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\settings.dat
[2009/01/11 17:43:37 | 00,446,464 | ---- | C] ( ) -- D:\Documents and Settings\Adam\Desktop\RootRepeal.exe
[2009/01/11 17:20:00 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- D:\Documents and Settings\Adam\Desktop\HiJackThis.exe
[2009/01/11 16:02:44 | 03,162,278 | ---- | C] () -- D:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-00511102}.BAK
[2009/01/11 01:40:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Adam\Application Data\cogad
[2009/01/11 01:40:41 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\dp2
[2009/01/11 01:40:39 | 00,000,000 | -HSD | C] -- D:\Documents and Settings\Adam\Local Settings\Application Data\.#
[2009/01/10 01:14:40 | 00,271,375 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\Matlab Tutorial.pdf
[2009/01/08 18:28:28 | 00,000,000 | ---D | C] -- D:\gnuex
[2009/01/08 18:17:34 | 00,000,000 | ---D | C] -- D:\MinGW
[2009/01/08 17:45:48 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Adam\Application Data\MathWorks
[2009/01/08 17:45:32 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Adam\My Documents\MATLAB
[2009/01/08 17:45:06 | 00,000,851 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\MATLAB R2007b.lnk
[2009/01/08 17:44:36 | 00,407,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSHFLXGD.OCX
[2009/01/08 17:44:36 | 00,203,976 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\RICHTX32.OCX
[2009/01/08 17:44:35 | 00,002,362 | ---- | C] () -- D:\WINDOWS\System32\mscomct2.dep
[2009/01/08 17:44:34 | 00,647,872 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mscomct2.ocx
[2009/01/08 17:44:18 | 00,645,120 | ---- | C] () -- D:\WINDOWS\System32\config.gms
[2009/01/08 17:26:31 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft
[2009/01/08 17:26:19 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\microsoft
[2009/01/08 17:26:04 | 00,000,000 | ---D | C] -- D:\Program Files\Windows Live SkyDrive
[2009/01/08 17:21:34 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Windows Live
[2009/01/08 17:08:05 | 00,000,000 | ---D | C] -- D:\Program Files\MATLAB
[2009/01/08 16:58:33 | 00,001,490 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\MagicISO.lnk
[2009/01/08 16:58:32 | 00,000,000 | ---D | C] -- D:\Program Files\MagicISO
[2009/01/08 14:56:12 | 00,269,117 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\Self-Tuning Semi-Supervised Spectral Clustering.pdf
[2009/01/08 14:54:12 | 00,998,123 | ---- | C] () -- D:\Documents and Settings\Adam\Desktop\Noise Robust Spectral Clustering.pdf
[2009/01/04 00:27:04 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Adam\Application Data\KillProcess
[2008/12/29 02:30:16 | 00,000,084 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2008/12/28 16:20:12 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Adam\My Documents\My Corel Shows
[2008/12/28 16:20:11 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Adam\Local Settings\Application Data\Corel
[2008/12/28 16:19:56 | 00,000,088 | RHS- | C] () -- D:\WINDOWS\System32\C685C7EE4B.sys
[2008/12/28 16:19:42 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Corel
[2008/12/28 16:18:30 | 00,002,061 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2008/12/28 16:17:52 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Corel
[2008/12/28 15:18:45 | 00,000,406 | ---- | C] () -- D:\WINDOWS\System32\ioloBootDefrag.cfg
[2008/12/28 15:17:13 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\iolo
[2008/12/28 15:17:13 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Adam\Application Data\iolo

========== Files - Modified Within 30 Days ==========

[2 D:\WINDOWS\System32\*.tmp files]
[4 D:\WINDOWS\*.tmp files]
[4 D:\Documents and Settings\Adam\My Documents\*.tmp files]
[2009/01/25 11:20:33 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Adam\Desktop\OTViewIt.exe
[2009/01/25 11:19:28 | 00,081,984 | ---- | M] () -- D:\WINDOWS\System32\bdod.bin
[2009/01/25 02:35:53 | 00,002,335 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/25 02:35:53 | 00,002,299 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[2009/01/25 02:35:52 | 00,000,051 | ---- | M] () -- D:\WINDOWS\iTouch.ini
[2009/01/25 02:35:51 | 00,140,158 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2009/01/25 02:35:36 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/01/25 02:35:36 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/01/25 02:35:35 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/01/25 02:34:23 | 00,030,120 | ---- | M] () -- D:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-00511102}.rfx
[2009/01/25 02:34:23 | 00,030,120 | ---- | M] () -- D:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-00511102}.rfx
[2009/01/25 02:34:23 | 00,027,408 | ---- | M] () -- D:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-00511102}.rfx
[2009/01/25 02:34:23 | 00,027,408 | ---- | M] () -- D:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-00511102}.rfx
[2009/01/25 02:34:23 | 00,011,564 | ---- | M] () -- D:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-00511102}.rfx
[2009/01/25 02:34:23 | 00,001,080 | ---- | M] () -- D:\WINDOWS\System32\settingsbkup.sfm
[2009/01/25 02:34:23 | 00,001,080 | ---- | M] () -- D:\WINDOWS\System32\settings.sfm
[2009/01/25 02:33:04 | 03,162,278 | ---- | M] () -- D:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-00511102}.CDF
[2009/01/25 02:33:04 | 03,162,278 | ---- | M] () -- D:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-00511102}.BAK
[2009/01/24 16:58:05 | 00,002,137 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/22 17:24:37 | 00,002,497 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\Microsoft Office Word 2003.lnk
[2009/01/22 17:02:34 | 00,036,968 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\Monthly Budget.pdf
[2009/01/22 14:25:07 | 00,002,577 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2009/01/22 14:21:36 | 00,000,748 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\PokerTracker 3.lnk
[2009/01/22 02:49:31 | 00,002,423 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2009/01/21 23:49:13 | 00,024,064 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\Monthly Budget.xls
[2009/01/21 15:35:15 | 00,068,108 | ---- | M] () -- D:\Documents and Settings\Adam\My Documents\RE_ - Outlook Web Access Light.pdf
[2009/01/20 22:32:24 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/01/20 09:13:06 | 00,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/20 03:36:46 | 00,002,495 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\Microsoft Office Excel 2003.lnk
[2009/01/18 15:19:28 | 00,048,640 | ---- | M] () -- D:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 15:53:31 | 00,000,260 | ---- | M] () -- D:\WINDOWS\System32\BDUpdateV1.xml
[2009/01/15 11:51:05 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- D:\WINDOWS\System32\drivers\BDVEDISK.sys
[2009/01/15 11:51:04 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- D:\WINDOWS\System32\drivers\bdfsfltr.sys
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2009/01/12 11:52:25 | 00,000,867 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/01/12 11:52:17 | 00,000,780 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Explore my iPod with XPlay.lnk
[2009/01/12 11:06:02 | 00,000,723 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\VLC.lnk
[2009/01/12 10:39:44 | 00,290,724 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\HOSTS
[2009/01/12 00:52:19 | 00,000,694 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\SpywareBlaster.lnk
[2009/01/12 00:36:58 | 00,000,686 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.20090112-103944.backup
[2009/01/12 00:35:54 | 00,578,560 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\user32.dll
[2009/01/11 20:13:11 | 00,522,706 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/11 20:13:11 | 00,441,932 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2009/01/11 20:13:11 | 00,071,424 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2009/01/11 20:12:01 | 00,001,641 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/01/11 17:50:36 | 00,022,454 | ---- | M] () -- D:\Documents and Settings\Adam\My Documents\cc_20090111_175032.reg
[2009/01/11 17:50:02 | 00,416,472 | ---- | M] () -- D:\Documents and Settings\Adam\My Documents\cc_20090111_174952.reg
[2009/01/11 17:46:28 | 00,000,008 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\settings.dat
[2009/01/11 17:12:48 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- D:\Documents and Settings\Adam\Desktop\HiJackThis.exe
[2009/01/10 17:49:39 | 00,138,056 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/10 01:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MRT.exe
[2009/01/10 01:14:40 | 00,271,375 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\Matlab Tutorial.pdf
[2009/01/08 17:45:06 | 00,000,851 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\MATLAB R2007b.lnk
[2009/01/08 17:44:19 | 00,645,120 | ---- | M] () -- D:\WINDOWS\System32\config.gms
[2009/01/08 17:28:15 | 00,023,104 | ---- | M] () -- D:\Documents and Settings\Adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/08 17:28:06 | 00,000,900 | ---- | M] () -- D:\Documents and Settings\Adam\My Documents\My Sharing Folders.lnk
[2009/01/08 16:58:33 | 00,001,490 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\MagicISO.lnk
[2009/01/08 14:56:12 | 00,269,117 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\Self-Tuning Semi-Supervised Spectral Clustering.pdf
[2009/01/08 14:54:12 | 00,998,123 | ---- | M] () -- D:\Documents and Settings\Adam\Desktop\Noise Robust Spectral Clustering.pdf
[2009/01/04 21:52:30 | 00,002,257 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/01/04 00:49:18 | 00,001,661 | ---- | M] () -- D:\WINDOWS\IPokerscope.ini
[2008/12/29 02:30:16 | 00,000,084 | ---- | M] () -- D:\WINDOWS\wininit.ini
[2008/12/28 16:22:50 | 00,004,546 | -HS- | M] () -- D:\WINDOWS\System32\KGyGaAvL.sys
[2008/12/28 16:19:57 | 00,000,088 | RHS- | M] () -- D:\WINDOWS\System32\C685C7EE4B.sys
[2008/12/28 16:18:30 | 00,002,061 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2008/12/28 15:18:45 | 00,000,406 | ---- | M] () -- D:\WINDOWS\System32\ioloBootDefrag.cfg
< End of report >

Oracle3001
2009-01-25, 14:16
OTViewIt Extras logfile created on: 01/25/2009 11:23:21 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\Documents and Settings\Adam\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 56.91% Memory free
3.85 Gb Paging File | 2.73 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 135.21 Gb Total Space | 24.77 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 188.45 Gb Total Space | 124.16 Gb Free Space | 65.89% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 14.41 Gb Free Space | 29.52% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 18.45 Gb Free Space | 37.77% Space Free | Partition Type: NTFS
Drive G: | 184.16 Gb Total Space | 179.20 Gb Free Space | 97.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPANY-AF16886
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/12/02 21:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 22:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/12/07 15:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/12/02 21:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 22:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 17:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 17:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 18:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 18:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/12/07 15:08:02 | 01,934,672 | R--- | M] (Skype Technologies) D:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 18:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}"=Windows Live Call
"{036AA4D4-6D32-11D4-9875-00105ACE7734}"=Logitech iTouch Software
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}"=Windows Live Messenger
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160"=Canon MP160
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1"=ConvertHelper 2.1
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2F7A260C-AA74-4C55-88D6-9ECD077B0018}"=IdleMiner
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{41E0B8B8-0686-47BB-8854-179A415DD88A}"=XPlay 3
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}"=Windows Live Sign-in Assistant
"{560247B5-5AAD-43D7-B1C0-D77C5EAEE8CE}"=Canon Camera WIA Driver
"{5C257D34-17C0-44F1-9331-E7991CEA83A9}"=HoldemLuck
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}"=Corel Paint Shop Pro Photo X2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1"=PokerStove version 1.21
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{784E6B0F-00EC-4950-95A2-BBA64F44EC48}"=Camtasia Studio 5
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders
"{806B86DC-4B7E-4865-94D4-8FA01F9E2C69}"=StoxEV
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ACF317C-CA66-4363-AEBF-A073B124AA1A}"=BitDefender Total Security 2009
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}"=VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{AC76BA86-1033-0000-7760-000000000002}"=Adobe Acrobat 7.0 Professional
"{ad8d7882-5bc4-43a5-b54c-e96a4995ead9}"=DFX 8 for Windows Media Player
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B695F0BF-D610-4C5E-B7AC-C9FF6C172CC0}"=Diskeeper 2008 Pro Premier
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}"=ScanSoft OmniPage SE 4.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}"=UltraMon
"{CC6D326B-B2C4-4195-AE74-2F0354E4D6B6}"=PokerEV
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}"=Windows Live Essentials
"{E31E2A9F-D76D-49DD-9851-930DD1B0A081}"=Poker Grapher
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F69E83CF-B440-43F8-89E6-6EA80712109B}"=Windows Live Communications Platform
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"Adobe Acrobat 7.0 Professional"=Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AudioConSole"=Creative Audio Console
"AutoHotkey"=AutoHotkey 1.0.47.06
"AviSynth"=AviSynth 2.5
"bet365poker"=bet365poker
"CAL"=Canon Camera Access Library
"CameraWindowDC"=Canon Utilities CameraWindow DC
"CameraWindowDVC5"=Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher"=Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"Canon MP160 User Registration"=Canon MP160 User Registration
"CCleaner"=CCleaner (remove only)
"CSCLIB"=Canon Camera Support Core Library
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"FreePHG V2.09"=FreePHG V2.09
"Green Joker Poker"=Green Joker Poker
"HijackThis"=HijackThis 2.0.2
"HotspotShield"=Hotspot Shield 1.10
"iBolide 2_is1"=iBolide v. 2.0 BETA Build 2.0.0.9
"iBolide_is1"=iBolide 1.06.40
"IdleMiner Full Tilt"=IdleMiner Full Tilt 1.16
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Innovatools Add/Remove Plus! 2006_is1"=Innovatools Add/Remove Plus! 2006 version 5.1
"InstallShield_{560247B5-5AAD-43D7-B1C0-D77C5EAEE8CE}"=Canon Camera WIA Driver 6.4
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"Magic ISO Maker v5.4 (build 0239)"=Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MatlabR2007b"=MATLAB R2007b
"MediaCoder"=MediaCoder 0.6.1
"MediaCoder MPx Player Edition"=MediaCoder MPx Player Edition
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"MinGW"=MinGW 5.1.4
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MP Navigator 3.0"=Canon MP Navigator 3.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera"=Canon Utilities MyCamera
"MyCameraDC"=Canon Utilities MyCamera DC
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PartyPoker"=PartyPoker
"Poker Tracker Version 2.13.01a_is1"=Poker Tracker Version 2.13.01a
"PokerStars"=PokerStars
"PokerTracker3"=PokerTracker 3 (remove only)
"PostgreSQL 8.3"=PostgreSQL 8.3
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 7.0
"RemoteCaptureDC"=Canon Utilities RemoteCapture DC
"RemoteCaptureTask"=Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sixth Sense_is1"=Sixth Sense 1.1.0.93
"SopCast"=SopCast 3.0.3
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Spyware Doctor"=Spyware Doctor 6.0
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SystemRequirementsLab"=System Requirements Lab
"TeamViewer 4"=TeamViewer 4
"TuningWizard 1.2"=EnterpriseDB TuningWizard 1.2
"TVAnts 1.0"=TVAnts 1.0
"TVUPlayer"=TVUPlayer 2.4.1.0
"VLC media player"=VLC media player 0.9.6
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinLiveSuite_Wave3"=Windows Live Essentials
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01007"=Microsoft User-Mode Driver Framework Feature Pack 1.7
"XPlay 2.3.6 Hotfix for iTunes 7.6.1 Compatibilty_is1"=XPlay 2.3.6 Hotfix for iTunes 7.6.1 Compatibility
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility"=Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7acfc69374139012"=Pokerazor
"EyePoker"=EyePoker
"FreePHG V2.12"=FreePHG V2.12
"FreePHG V2.13"=FreePHG V2.13
"FreePHG V2.14"=FreePHG V2.14
"Google Chrome"=Google Chrome
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player
"SpadeEye"=SpadeEye

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7acfc69374139012"=Pokerazor
"EyePoker"=EyePoker
"FreePHG V2.12"=FreePHG V2.12
"FreePHG V2.13"=FreePHG V2.13
"FreePHG V2.14"=FreePHG V2.14
"Google Chrome"=Google Chrome
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player
"SpadeEye"=SpadeEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/25/2009 2:11:55 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:11:55 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:11:55 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:11:55 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:12:03 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:12:03 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:12:03 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:12:03 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:12:19 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

Error - 01/25/2009 2:12:19 AM | Computer Name = COMPANY-AF16886 | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 01/22/2009 1:23:14 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 01/22/2009 7:51:33 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 01/22/2009 7:51:41 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 01/22/2009 7:51:50 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 01/22/2009 7:51:59 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 01/22/2009 8:23:35 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 01/22/2009 8:23:44 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 01/22/2009 8:23:53 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 01/22/2009 8:24:02 AM | Computer Name = COMPANY-AF16886 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 01/24/2009 10:37:49 PM | Computer Name = COMPANY-AF16886 | Source = Service Control Manager | ID = 7022
Description = The M4iPodWPDService service hung on starting.


< End of report >

Blade81
2009-01-25, 17:38
Hi

Start hjt, do a system scan, check:
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O20 - AppInit_DLLs: dejlkg.dll

Close browsers and fix checked entries.

Reboot.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report & a fresh hjt log. How's the system running?

Oracle3001
2009-01-25, 18:52
Done everything but the online scan as it was incredibly slow and probably take many many hours. I will run it later on, but in the meantime here is the latest HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:05, on 01/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Program Files\Mediafour\XPlay 3\XPlay.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\UltraMon\UltraMon.exe
D:\Program Files\UltraMon\UltraMonTaskbar.exe
D:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\alg.exe
D:\Documents and Settings\Adam\Desktop\HiJackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Mediafour XPlay Explorer notifications - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - D:\Program Files\Mediafour\XPlay 3\XPBHO.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] "D:\Program Files\Mediafour\XPlay 3\XPlay.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194944531140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194944521171
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - D:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: M4iPodWPDService - Mediafour Corporation - D:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Server 8.3 (postgresql-8.3) - PostgreSQL Global Development Group - D:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 13920 bytes

Blade81
2009-01-25, 21:39
Ok. I recommend turning BitDefender off while you do scanning with Kaspersky. It may be faster :)

Blade81
2009-01-31, 12:53
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.