View Full Version : Browsers deny access or send to wrong sites
wingreen
2010-06-01, 19:47
(DDS Log at end of this post - and I've attached a zipped Attach.txt file)
My PC is infected! Aaaaargh. Its running slowly, takes long time to boot up and both Internet Explorer and Firefox take me to weird search pages when I use Google. They also block me from accessing this site, and others that seem to be associated with those good people who try and solve these problems (So, I'm sending this from a non-infected PC).
AVG first detected a problem. The Scan found about 41 problems, but couldn't deal with 4 of them (named alureon I think). I used curealureon.exe to try and deal with that. But it only seemed to find one alureon problem (plus quite a few "worms" that were apparently sitting in my external drive). Spybot didn't find anything, except cookie and adware type things - which it got rid of (unless they are back again!)
I've managed to disable TeaTimer and have backed up my registry (using ERUNT)
Hope someone can help as I'm really stuck. I'm far from being an expert, so be gentle!
Thanks
DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 18:12:57.04 on 01/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3318.2716 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Malware May 10\dds.scr
============== Pseudo HJT Report ===============
uStart Page = https://login.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Redten
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: WebCGMHlprObj Class: {56b38f40-4e70-11d4-a076-0080ad86ba2f} - c:\windows\system32\cgmopenbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: EyeOnIE Class: {f081d70d-477f-11d9-95ec-004095356f63} - c:\progra~1\availa~1\asanti~1\AhBho.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [PowerBar]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103587301578
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178104577323
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222563451466&h=ab142d0f223045041e6febda072d1ee7/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - file:///C:/Program%20Files/InterCAP/ActiveCGM/ActiveX/Acgm.cab
TCP: NameServer = 93.188.163.43,93.188.166.178
TCP: {965A2A8F-8291-4DB6-91B5-A4D1CBB65D9A} = 93.188.163.43,93.188.166.178
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: fnpipe - fnpipe.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\m3c04twn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quidco.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2008-10-4 40464]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2007-12-7 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-24 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-16 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S2 gupdate1c9a8cd569b7d04;Google Update Service (gupdate1c9a8cd569b7d04);c:\program files\google\update\GoogleUpdate.exe [2009-3-19 133104]
S2 MSWU-a23c7763;MSWU-a23c7763;c:\windows\system32\a23c7763.exe --> c:\windows\system32\a23c7763.exe [?]
S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]
S2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\slingagentservice.exe --> c:\program files\sling media\slingagent\SlingAgentService.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 asfm;asfm;\??\c:\program files\availasoft\as anti-hacker\asfm.sys --> c:\program files\availasoft\as anti-hacker\asfm.sys [?]
S3 bfastfao;bfastfao;c:\docume~1\family\locals~1\temp\bfastfao.sys [2004-5-17 29696]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-12-21 17149]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S3 Sling_Audio;SlingProjector Audio Device;c:\windows\system32\drivers\SlingAudio.sys [2009-4-30 19072]
S3 SlingAudioBusenum;Sling Audio Bus Enumerator;c:\windows\system32\drivers\SlingAudioBus.sys [2009-4-30 23168]
S3 STVqx5;Digital Blue QX5(tm) Microscope;c:\windows\system32\drivers\STVqx5.sys [2009-10-13 64512]
S3 STVqx5m;Digital Blue QX5(tm) Microscopem;c:\windows\system32\drivers\STVqx5m.sys [2009-10-13 6144]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2006-12-21 362944]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2005-7-28 88080]
=============== Created Last 30 ================
2010-06-01 17:06:20 0 dc----w- C:\Malware May 10
2010-05-31 19:49:11 25088 ----a-w- c:\windows\system32\fnpipe.dll
2010-05-27 15:04:16 823808 ----a-w- c:\windows\system32\drivers\djwsgvto.sys
2010-05-27 15:02:10 36532 ----a-w- c:\windows\system32\net.net
==================== Find3M ====================
2010-04-21 07:53:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 18:43:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 20:44:14 71220 ---ha-w- c:\windows\system32\mlfcache.dat
2007-12-07 02:48:20 604 ---ha-w- c:\program files\STLL Notifier
2004-10-01 21:00:16 40960 ------w- c:\program files\Uninstall_CDS.exe
2008-05-09 01:42:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050920080510\index.dat
============= FINISH: 18:20:34.79 ===============
Dakeyras
2010-06-04, 16:22
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.Hi wingreen and welcome to Safer Networking. :)
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
SUPERAntiSpyware Advice:
CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.
Next:
What did you use to transfer the logs, a USB drive for example. If so can we format this prior to it being used again to transfer some tools or not?
Also what operating system is in use on the machine you used to post your topic please.
wingreen
2010-06-04, 16:39
Thanks for your reply.
I was aware that using USBs etc. might be a problem - so I burnt the logs onto a CD, then put the CD in my (work) laptop and posted them from there. Using a USB would be easier I'm sure so, if there's a (safe) way to use an USB, I'm all for it (but you may have to advise me on any [re]formatting I'd need to do)
The machine I used to actually post the topic uses Windows Vista Enterprise.
The (work) laptop that I'm currently using to "communicate" over the internet is subject to certain security controls and its likely not to allow me to download any executable programs. If these might be needed, I can, if you prefer, communicate through another (non-infected) PC which I can arrange to connect to the internet.
Hope the above helps.
Dakeyras
2010-06-04, 17:49
Hi. :)
Thanks for your reply.You're welcome!
OK, actually using a CD is safer, in spite of the the precautions I could advise with regard to a USB drive. So use a CD for the following please.
Please download Rkill from one of the following links:-
One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com), Three (http://download.bleepingcomputer.com/grinler/rkill.scr) or Four (http://download.bleepingcomputer.com/grinler/rkill.pif).
Please download GMER Rootkit Scanner from here (http://www.gmer.net/download.php).
Next:
Transfer both applications to the desktop of your infected machine.
Scan with Rkill:
Note: If your security software warns about Rkill, please ignore and allow to continue.
Double click on Rkill.
A command window will open then disappear upon completion, this is normal.
Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.
Scan with GMER:
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
http://i28.photobucket.com/albums/c227/tetonbob/gmer_th.gif (http://i28.photobucket.com/albums/c227/tetonbob/gmer_screen2-1.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.
When completed the above, please post back the following in the order asked for:
How is your computer performing now, any further symptoms and or problems encountered?
Rkill Log.
GMER Log.
wingreen
2010-06-04, 21:55
Damn - I think I messed it up!
Did as you said and put RKill and GMER on desktop.
Ran Rkill. (Haven't got the log - see later for why!) but it was a very short one - from memory it "came up" with nothing.
Then ran GMER and did as instructed and it started running. Then I noticed that Notepad (left over from Rkill) was running in background and, having seen your note saying "Do not run any programs while Gmer running", I thought I better close it, stop Gmer and start again. Trouble is everything seemed so slow - couldn't get it to respond. Tried Ctrl+Alt+Del - still nothing. So I waited even longer. Finally managed to close notepad and, after another long wait, got "access" to Gmer - which I closed down using the X box in the window.
Double clicked on GMer again to start it - but just got the eggtimer - this went on for ages - so I shut down computer (!?), using power button.
Started computer again and its just stuck! Hard drive light has been on for couple hours but it won't start in Windows or even Safe Mode. Its just stuck!
Aaaaargh! What have I done?!
wingreen
2010-06-04, 21:59
UPDATE!
Just managed to get keyboard to select the Safe Mode - it started doing the safe mode "boot" but now its just stuck with a screen listing load of path names (to system ,drivers etc.) - the sort you get when Safe Mode starts up. But that's it. Stuck again. Hard disk light still glowing like mad. Scared to power it off again - but not sure its right to leave it like that for hours
wingreen
2010-06-04, 22:24
Not sure if this is helpful or not - but the last line (where Safe Mode has stuck) ends in windows\system32\DRIVERS\isapnp.sys
(Apologies if adding info before you've had chance to reply is messing things up)
(PS: Still stuck!)
Dakeyras
2010-06-04, 22:44
Hi. :)
No problem what you mentioned these things happen............If I do mange to remove the malware from your machine some serious system maintenance will be in order but we can address such in due course.
OK you are going to have to perform a cold shut down with your machine, not good but the only viable option in this scenario. Hold down your computers power on/switch on button until the machine is powered down completely.
If the need merely disconnect from the mains.
Reboot into Safe Mode:
How to boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.
If any problems refer to this tutorial. (http://www.malwareremoval.com/tutorials/safemodeboot.php)
Next:
In Safe Mode when the Windows Advanced Options menu appears use the Arrow(On the number pad part of the keyboard)keys to select Last Known Good Configuration (your most recent settings that worked), and then press the Enter/Return key.
Also do you have a Genuine Windows XP CD-ROM or can borrow one from a family member/friend at all if the need arises?
Let myself know the outcome before we proceed further please.
wingreen
2010-06-04, 22:59
Phew.
OK, did that (chose Last known.....) - and its taken me to a screen where I have to choose between
Windows XP Media Center Edition
or
Safe Mode
(it has Last Known Good Configuration in ble at bottom of screen)
Dakeyras
2010-06-04, 23:21
Hi. :)
Choose Last Known Good Configuration and let your machine boot up as normal.
Have you got a Genuine Windows XP CD-ROM or not if we need it? This you can inform myself about in your next reply when you post the logs requested.
Once booted up run Rkill, do not worry about the log, close down the notepad file for it. So you can post the log for myself to review it can be found here:-
C:\rkill.txt.
Next:
Re-run GMER again as outlined here (http://forums.spybot.info/showpost.php?p=373198&postcount=4).
When completed the above post the logs requested and or let myself know if any further problems encountered, thank you.
wingreen
2010-06-04, 23:32
I used f8 and got list options. Chose "Last Known etc - but it just takes me the screen I normally get - giving an option to start in Windows XP Media Centre Edition or in Safe Mode. But if I choose the Windows XP it just freezes in black screen like before.
It does let me choose f8 again, but then I just go around in circles.
(Can't find the CD you mention - not sure I've got it though - PC came with it installed. I might have a Windows 98 CD, plus an "upgrade" to XP CD)
Dakeyras
2010-06-04, 23:44
Hi. :)
Hmm strange that as DDS says your particular Operating System is:-
Microsoft Windows XP Professional
OK could well be a log error(due to updates/you changed the operating system) anyway let your machine boot up into:-
Windows XP Media Centre Edition
With regard to no XP CD-ROM and the fact your machine appears to a be a HP modal it probably has a recovery partition on the main system drive.
Out of interest is this drive a extra drive installed or a external drive?
E: is FIXED (NTFS) - 466 GiB total, 103.398 GiB free.
----------
Let myself know the outcome/answer(s) to my questions, thank you.
wingreen
2010-06-05, 00:00
Sorry - should have explained - the Windows 98 and XP ugrade were for another PC.
Have chosen XP Media Centre but back to earlier problem - black screen, hard disk light constantly on.
The E Drive is an external additional drive, connected via USB
wingreen
2010-06-05, 00:03
UPDATE - I found 3 Product Revocery CD that came with the PC. Install Disk, Program Disk 1 and Program Disk 2 (all 3 for Windows XP Media Center - made by Watford Electronics)
Dakeyras
2010-06-05, 00:19
Hi. :)
Reboot your machine again please(into Safe mode) but this time see if you can choose the option Safe Mode with networking.
With regard to Watford Electronics. Aye I am aware of the former IT company and would prefer not to use those particular CD's if we can.
OK try the above for myself please and can you tell myself the exact make/modal your HP machine is before we go any further, thank you.
wingreen
2010-06-05, 00:27
Getting worse!
Now its stuck on the flashing cursor so I'm not getting to the f8 option. Currently has screen showing PCI Devide listing, with list of devices, then flashing cursor at bottom of screen - but stuck (and hard disk light constantly on)
Dakeyras
2010-06-05, 00:30
can you tell myself the exact make/modal your HP machine is before we go any further, thank you.This will be helpful information. :)
wingreen
2010-06-05, 00:33
UPDATE: Just had series of clicks and the computer moved on. Managed to use F8 and I tried Safe mode with Networking but it just takes me to same options as before i.e. Safe Mode or Media Center...or F8 again (so still going around in circles)
wingreen
2010-06-05, 00:36
It says Aries (on a sticky label on side). Not sure where I find the make and model number. I will try and see if documents tell me and get back to you
wingreen
2010-06-05, 00:41
UPDATE: Sorry - can't find relevant documents. It was a "free" PC when I joined RedTen Broadband about 3 years ago.
Dakeyras
2010-06-05, 01:03
Hi :)
OK fair play wingreen, not a lot of viable options remaining I'm afraid...........I would like for your good self to download the below please:
Avira AntiVir Rescue System (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html)
Then burn it to either a blank DVD or CD-ROM./R
After that place it in the CD drive of your infected machine and see if will boot-up correctly. If it does post back please and we can proceed from there and acknowledge the below, thank you.
Note: If we use the AARS in a proactive manner and you do not have any backups and in turn they are lost and or a means to carry out a reformat and reinstallation of the Windows operating system be it via the CD's and or HP recovery partition neither myself or Safer Networking will be held responsible for the free advice I impart.
wingreen
2010-06-05, 01:50
OK. I put it on a CD and in CD drive of infected machine (its on the CD as an .exe file. Same problem - it took me to the usual screen and I went for xp media centre (rather than Safe Mode) - but do I need to select something like boot from CD when PC starts, or will it automatically go the CD drive?
wingreen
2010-06-05, 01:56
UPDATE!
Ignore last message. It didn't burn properly - I'll try again
wingreen
2010-06-05, 02:01
Burnt OK this time. Tried it. Same problem.
Does it matter that it was an .exe file? (apologise for ignorance) and do I need to do anything when "Boot from CD?" comes up? (I just left it to try and boot from the exe file on the CD on its own)
Dakeyras
2010-06-05, 02:02
Hi. :)
You may need to change your machine to boot from a CD:-
http://www.hiren.info/pages/bios-boot-cdrom
wingreen
2010-06-05, 02:16
I checked and its set to Boot from CD Rom first. I did do something to PC a long time ago that made it go to the XP Media Centre or Safe Mode screen (but with a time delay to let me choose), but don't know if that affects things?
wingreen
2010-06-05, 02:28
EXTRA: I just downloaded the avira thing, burnt it to CD. I didn't run it before burning it. Should I?
Dakeyras
2010-06-05, 02:32
I checked and its set to Boot from CD Rom first. I did do something to PC a long time ago that made it go to the XP Media Centre or Safe Mode screen (but with a time delay to let me choose), but don't know if that affects things?Should not in theroy......so follow the instructions below if you accept my prior disclaimer and bare in mind my overall advice/initial post. :)
Reboot your machine again with the Avira AntiVir Rescue CD and select option 1#
To so type in 1 at the prompt and hit the Enter key.
When the main menu screen appears click on the UK Flag(this will change it to the English format).
Now click on Configuration and select the following options:-
Scan all files
Remove infected files
Click on Virus scanner
When completed follow the prompts
Then click on Miscellaneous >> Shutdown >> remove the Avira AntiVir Rescue CD
Bootup you computer as normal into Windows.
When completed the above, please post back the following in the order asked for:
How is your computer performing now, any further symptoms and or problems encountered?
A new DDS log.
wingreen
2010-06-05, 02:40
I accept all the warnings.
Not sure what you mean by typing in 1 and Enter.
When I boot up I get Boot from CD? with a flashing cursor, but when I type 1, nothing shows.
At what point do I enter "1"?
Dakeyras
2010-06-05, 11:41
Hi. :)
When you bootup with the CD you should see a black screen with the options as described, any problems merely let it load and the main AARC screen will load automatically then follow my prior instructions from:-
When the main menu screen appears click on the UK Flag(this will change it to the English format).
wingreen
2010-06-05, 12:11
Hi
When I boot up it just seems to ignore the CD (even though its set to look there first) and goes to the option screen of XP Media Centre Edition or Safe Mode (or F8) - in other words, having the CD Rom in (with the burnt Avira Antivir exe file on it) doesn't make any difference.
(Probably not relevant, but I seem to recall using DeFogger to disable CD emulation programs)
wingreen
2010-06-05, 12:36
UPDATE:
I tried again - this time pressing Enter when "Boot from CD?" came up and this time it missed out the screen with option to choose XP or Safe Mode and went straight to the black screen (which is what I get when I boot up without the CD and go to XP)
Dakeyras
2010-06-05, 12:49
Hi. :)
(Probably not relevant, but I seem to recall using DeFogger to disable CD emulation programs) I do not think this would be a issuie actually and checked it out on my test machine and was still able to boot from the CD-Drive.
Now if you have set the machine to boot up via the BIOS with the CD-Drive as the first boot option and still no joy as you mentioned it could be a faulty piece of hardware and or still malware the cause.
Not a lot I can advise I'm afraid. If you feel confidant enough you can remove the Hard-Drive from you infected machine and temporarily install it in the other machine you have access to as a slave drive. Then scan the whole drive with a Anti-Virus and have it fix/remove anything found. Then replace back in your original machine and it should be able to boot-up so we can continue the malware removal process.
How to Install a Second Hard Drive (http://www.ehow.com/video_6030_install-second-hard.html)
Or check to see if your machine has the HP Recovery (partition) Manager (http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/16608/HP_Backup_and_Recovery_Manager_restore_files.htm) and use that but bare in mind it is defacto a reformat and reinstallation of the Windows operating system.
Finally the only other option I'm afraid would be to take it to a reputable local IT repair centre as only so much I am able to advise/do without physical access to the machine.
wingreen
2010-06-05, 13:08
OK, thanks.
I have a full back up on the external hard drive so maybe the option to use HP Recovery (partition) Manager might be a good one (but how would I know if I had that on my PC? and how would I access it if I can't boot up?)
I may well explore the hard drive removal and checking it on another PC - but would there be a chance that the infection would spread to the other PC?!
I have AV and SpyBot on other PC so I assume that running those should get the hard drive back into a condition which would allow me to put the hard drive back in the infected machine and continue with this thread - but I suppose there's a chance that we would end up with the same problem as we have now?
Is there any point in me trying to boot via a LINUX system rescue CD which I made a couple years ago?
Thanks for your help
wingreen
2010-06-05, 13:17
UPDATE:
Should I try the bootable CD I made on my other PC, to make sure it works?
Dakeyras
2010-06-05, 15:42
Hi. :)
Thanks for your helpYou're most welcome!
I have a full back up on the external hard drive so maybe the option to use HP Recovery (partition) Manager might be a good one (but how would I know if I had that on my PC? and how would I access it if I can't boot up?)
To do so is explained in the URL I provided:-
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/16608/HP_Backup_and_Recovery_Manager_restore_files.htm
I may well explore the hard drive removal and checking it on another PC - but would there be a chance that the infection would spread to the other PC?!The chance of such is negligible being honest as the hard-drive will be in slave mode and any malware should not in theory become active and or cross-over. Though as a precaution if you do attempt this process afterwards update and scan the other machine with its on-board security related applications etc.
I have actually done the above a fair few times myself and never noticed the host system if you will becoming infected in turn but as a precaution I did scan afterwards like I mentioned prior.
Is there any point in me trying to boot via a LINUX system rescue CD which I made a couple years ago?No harm trying but unfortunately I have no experience/knowledge of anything Linux related, I'm purely a Windows person so to speak.
Should I try the bootable CD I made on my other PC, to make sure it works?
Aye by all means if you so wish.
wingreen
2010-06-05, 16:15
Interesting........I tried the Linux Rescue Disk and it found it and started. Like you, I don't know much about Linux so I'm not going to use it. If I do....should I start a new post or can you refer me to another person here who could take me through Linux?
However.....I tried the Avri Boot CD on my other PC - and it said no boot device on it! So...maybe it didn't burn properly (although windows explorer does show that there is an .exe file [the only file] on it). Maybe it didn't burn properly? Would I need to burn it using ISO (or something?)
Might still be hope?
wingreen
2010-06-05, 16:26
UPDATE: Might have realised what I've done wrong. I downloaded the rescue package and burnt the package onto the CD - as the original .exe file. I think I needed to run the .exe file THEN burn the resulting file(s) onto the CD. Sorry if that was what I should have done and that it should have been "bleedin obvious", but I'm bit new to it all. I will try that approach and get back to you if it boots with the information you originally requested for that stage
Dakeyras
2010-06-05, 17:02
OK, by all means let myself know the outcome. :)
wingreen
2010-06-05, 17:14
I just can't seem to get the Avira burnt properly. (Been trying since my last post) I went to the website, downloaded the Rescue file, then ran it and it then said I should put a CD into drive so I can burn it but it keeps saying "No CD inserted or not compatible burning device" - which is wrong as I put a CD-R in which was blank.
I know its something about burning as an ISO file or something but I'm now totally lost. I have Roxio CD creator. I just can't work out how to make the Rescue CD. It's possible you are assuming I know more than I actually do on this burning issue. I've burned music before, but never anything like this.
The frustrating thing is that, if I can burn it properly, I think it will boot and we can move on.
Thanks
wingreen
2010-06-05, 17:38
UPDATE: Eureka! Burnt it - and its booting! I'll get back to you with whether PC runs better after scan - and new DDS log
Dakeyras
2010-06-06, 01:15
UPDATE: Eureka! Burnt it - and its booting! I'll get back to you with whether PC runs better after scan - and new DDS logExcellent news!
I was not ignoring your prior posts by the way(though missed the email notification(s)), merely partaking in one of mine my favourite pastimes that involves my garden and young toddler son attempting to assist with such! :laugh:
OK levity aside if able post the prior logs I requested when ready and we will go from there so to speak, thank you.
wingreen
2010-06-06, 01:48
Ok - no problem. I appreciate that life goes on outside of this forum. Hope you (and your son) enjoyed the sun
Scan completed. Records 41, Suspect 0, Warnings 294 (I think the warnings were about files that couldn't be scanned).
However, I can't send the logs you requested as, when I boot up without the CD, it just takes me to the dreaded black screen again.
Dakeyras
2010-06-06, 02:13
Hi. :)
Ok - no problem. I appreciate that life goes on outside of this forum. Hope you (and your son) enjoyed the sun
Thank you, no idea how too address you in the manner I do(my style of posting). IE: Lass/lad, though aware you are probably Welsh.
Scan completed. Records 41, Suspect 0, Warnings 294 (I think the warnings were about files that couldn't be scanned).
However, I can't send the logs you requested as, when I boot up without the CD, it just takes me to the dreaded black screen again. OK let myself have a think about this before we proceed any further. :bigthumb:
Dakeyras
2010-06-06, 02:25
Hi. :)
Please do this......
Download OTLPE Network from either location and save it to your desktop:
http://oldtimer.geekstogo.com/OTLPENet.exe
http://ottools.noahdfear.net/OTLPENet.exe
Double click the OTLPENet icon on your desktop
"Do you want to burn the CD?" choose Yes
ImgBurn will automatically extract and load the OTLPENet Iso to be burned to CD
Place a blank CD in your CD-Rom
Click http://i232.photobucket.com/albums/ee245/dlsdo/imgbrn.png to start the burn process
You will see a dialog "Operation successfully completed"
Boot the non-working computer using the boot CD you just created
In order to do so, the computer must be set to boot from the CD first
Note : For information click here (http://www.hiren.info/pages/bios-boot-cdrom)
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word "Code"
Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
Push http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png
When finished, the file will be saved in drive C:\OTL.txt
Please post the contents of the C:\OTL.txt file in your next reply.
Copy this file to your USB drive if you do not have an internet connection.
wingreen
2010-06-06, 02:37
You think fast! (btw, I'm male and, yes, in Wales)
It's late here (no idea what it is where you are) and I'd have to disturb others to download on other PC (can't on this laptop as its work one and it doesn't let me download executables) - so I'll have to do it later tomorrow.
Many thanks
Dakeyras
2010-06-06, 11:55
Hi. :)
You think fast! (btw, I'm male and, yes, in Wales)My wife would very probably beg to differ! I'm Irish but I have lived in mainland Britain for nigh on a decade and a half now.
Let myself know the outcome RE OTLPE and bare in mind my prior advice may be the only suitable course of action. IE: Slaving the Hard-Drive and or taking your machine to a reputable local IT repair centre.
In the mean time I have asked for a second opinion from a well respected colleague of mine just in-case I have missed something obvious that we can try.
wingreen
2010-06-06, 20:43
Thanks. Sorry for delay ('family' day!) and this bit rushed.
I tried posting otl.txt file contents (which is very long) but it came back saying it was TOO big! So I have split it into two parts. First part:
OTL logfile created on: 6/6/2010 8:00:42 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 37.98 Gb Free Space | 26.34% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 103.41 Gb Free Space | 22.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (SlingAgentService)
SRV - File not found [Auto] -- -- (MSWU-f36decbb)
SRV - File not found [Auto] -- -- (MSWU-a23c7763)
SRV - [2010/03/14 14:43:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/17 06:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/05 10:39:52 | 000,052,224 | ---- | M] (tzuk) [On_Demand] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2007/10/09 11:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/09/11 12:10:18 | 000,184,504 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/09/11 12:10:08 | 001,265,856 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 15:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 18:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
SRV - [2005/07/08 19:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (UimBus)
DRV - File not found [Kernel | System] -- -- (Uim_IM)
DRV - File not found [Kernel | System] -- -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (hpn)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (asfm)
DRV - [2010/06/04 13:53:10 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\djwsgvto.sys -- (djwsgvto)
DRV - [2010/04/21 03:53:46 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 14:43:09 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 14:42:59 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/14 12:56:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/14 12:56:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/30 06:32:58 | 000,023,168 | ---- | M] (SlingMedia Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SlingAudioBus.sys -- (SlingAudioBusenum)
DRV - [2009/04/30 06:32:58 | 000,019,072 | ---- | M] (SlingMedia Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SlingAudio.sys -- (Sling_Audio)
DRV - [2009/01/25 10:51:47 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/01/05 10:39:52 | 000,103,936 | ---- | M] (tzuk) [Kernel | On_Demand] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2008/08/26 06:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/18 11:25:00 | 000,040,464 | ---- | M] (Paragon Software Group) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/27 07:39:26 | 000,032,256 | ---- | M] () [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/11/15 12:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/10/10 08:53:48 | 000,005,632 | ---- | M] () [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/06/27 13:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/06/14 06:04:12 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/27 00:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/16 12:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/09/26 12:02:50 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2005/07/08 19:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\system32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/07/08 19:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 19:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 17:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/06/28 07:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/03/21 06:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2004/11/15 06:15:18 | 000,088,080 | ---- | M] (Jetico, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\BCSwap.sys -- (BCSWAP)
DRV - [2004/09/15 09:05:00 | 000,064,512 | ---- | M] (Digital Blue ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STVqx5.sys -- (STVqx5) Digital Blue QX5(tm)
DRV - [2004/09/15 09:05:00 | 000,006,144 | ---- | M] (Digital Blue ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STVqx5m.sys -- (STVqx5m) Digital Blue QX5(tm)
DRV - [2004/08/04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/05/17 14:25:05 | 000,029,696 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\Family\Local Settings\Temp\bfastfao.sys -- (bfastfao)
DRV - [2003/12/05 12:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/10/15 12:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/24 08:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/04/17 16:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
DRV - [2001/08/18 08:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 08:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 08:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 08:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 08:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/18 07:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/18 07:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/18 07:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/18 07:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/18 07:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 07:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 07:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/18 07:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/18 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/18 07:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savastore.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Family_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\Family_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Family_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Joe_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Joe_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Joe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Joe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
IE - HKU\John_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\John_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\John_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savastore.com/
IE - HKU\Maggie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=uk&done=http://uk.yahoo.com
IE - HKU\Maggie_ON_C\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll File not found
IE - HKU\Maggie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Maggie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Maggie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savastore.com/
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com/?searchonly=true
IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 05:25:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 09:53:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 09:53:40 | 000,000,000 | ---D | M]
[2009/01/11 09:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 23:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/21 23:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/21 23:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/21 23:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2009/02/14 11:08:41 | 000,292,983 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10088 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WebCGMHlprObj Class) - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (EyeOnIE Class) - {F081D70D-477F-11D9-95EC-004095356F63} - C:\PROGRA~1\AVAILA~1\ASANTI~1\AhBho.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Family_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Joe_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Maggie_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Maggie_ON_C\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll File not found
O3 - HKU\Sam_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.)
O4 - HKU\Family_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\Family_ON_C..\Run: [PowerBar] File not found
O4 - HKU\Family_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Joe_ON_C..\Run: [PowerBar] File not found
O4 - HKU\Joe_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\John_ON_C..\Run: [PowerBar] File not found
O4 - HKU\Maggie_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Sam_ON_C..\Run: [PowerBar] File not found
O4 - HKU\Sam_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Sam_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Sam\Start Menu\Programs\Startup\Wallpapers from MSN.lnk = C:\Documents and Settings\Sam\Application Data\Microsoft\Installer\{5C1178ED-7A1D-4EA6-A78D-FE526091DC4B}\_AD40422860A612C0AA07CA.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\Family_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Family_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\Joe_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Joe_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\John_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\John_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maggie_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Maggie_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sam_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Sam_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} http://www.couponreport.net/ftp/v3123/csauie1.cab (csauie1 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103587301578 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178104577323 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222563451466&h=ab142d0f223045041e6febda072d1ee7/&filename=jinstall-6u7-windows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} file:///C:/Program%20Files/InterCAP/ActiveCGM/ActiveX/Acgm.cab (ActiveCGM Control)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.43,93.188.166.178
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\fnpipe: DllName - fnpipe.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/21 02:48:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 09:48:16 | 000,000,040 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
wingreen
2010-06-06, 20:45
(rest of report)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/10/20 23:54:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "InCDsrv"
MsConfig - Services: "KService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\WPN111.exe - (NETGEAR)
MsConfig - StartUpFolder: C:^Documents and Settings^John^Start Menu^Programs^Startup^Calendar.lnk - C:\Program Files\Calendar\Calendar.exe - (Glenn Delahoy)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: basicsmssmenu - hkey= - key= - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
MsConfig - StartUpReg: BCWipeTM Startup - hkey= - key= - C:\Program Files\Jetico\BCWipe\BCWipeTM.exe (Jetico, Inc.)
MsConfig - StartUpReg: btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
MsConfig - StartUpReg: btbb_wcm_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
MsConfig - StartUpReg: Camera Detector - hkey= - key= - C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: H2O - hkey= - key= - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files\lg_fwupdate\fwupdate.exe File not found
MsConfig - StartUpReg: MsgCenterExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaMusic FastStart - hkey= - key= - C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe File not found
MsConfig - StartUpReg: Omnipage - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\Control.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: UVS10 Preload - hkey= - key= - C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
MsConfig - StartUpReg: WireLessKeyboard - hkey= - key= - C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe File not found
MsConfig - StartUpReg: WireLessMouse - hkey= - key= - C:\Program Files\Multimedia Combo Set\MouseDrv.exe File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5EAACC1A-D0A8-696A-33CB-26B2BE3C79D0} - DirectX
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {76C19B35-F0C8-11cf-87CC-0020AFEECF20} - Thai Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{8B135DEC-4426-4D1C-A950-2850EFB045A1} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2010/06/01 13:06:20 | 000,000,000 | ---D | C] -- C:\Malware May 10
[2010/06/01 12:51:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/01 12:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/29 15:59:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/29 07:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/29 07:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/27 11:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maggie\Local Settings\Application Data\sjbrdxcks
[2006/02/18 23:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Joe\My Documents\*.tmp files -> C:\Documents and Settings\Joe\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/06/06 20:04:12 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/04 13:53:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\djwsgvto.sys
[2010/06/04 12:26:32 | 060,691,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/04 12:25:09 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\John\ntuser.dat
[2010/06/04 12:23:24 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/04 12:21:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/04 12:21:49 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/04 12:21:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/04 12:21:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 12:21:28 | 3479,687,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 12:15:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John\Desktop\57vbdic1.exe
[2010/06/04 12:15:41 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\John\Desktop\rkill.exe
[2010/06/01 15:34:29 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/06/01 15:34:29 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/06/01 15:34:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/06/01 14:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/01 12:50:11 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2010/05/31 20:47:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/31 20:39:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini
[2010/05/31 20:39:24 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Joe\NTUSER.DAT
[2010/05/31 18:44:40 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Sam\NTUSER.DAT
[2010/05/31 15:50:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sam\ntuser.ini
[2010/05/31 14:42:01 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Sam\Start Menu\Programs\Startup\Wallpapers from MSN.lnk
[2010/05/30 08:38:51 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Spybot.lnk
[2010/05/30 08:37:17 | 000,000,874 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/30 08:37:17 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/05/30 08:37:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/30 02:43:55 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Maggie\NTUSER.DAT
[2010/05/30 02:43:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Maggie\ntuser.ini
[2010/05/29 16:16:39 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Maggie\Desktop\Spybot - Search & Destroy.lnk
[2010/05/29 14:04:20 | 000,003,786 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/21 18:40:04 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Family\NTUSER.DAT
[2010/05/21 18:40:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Family\ntuser.ini
[2010/05/21 09:47:48 | 000,089,736 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/20 11:47:12 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Maggie\Desktop\Microsoft Office Publisher 2003.lnk
[2010/05/16 13:35:18 | 000,178,176 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 19:14:31 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\Level select.doc
[2010/05/14 13:54:26 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Microsoft Office Word 2003.lnk
[2010/05/13 18:49:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/11 05:41:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Microsoft Office Word 2003.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Joe\My Documents\*.tmp files -> C:\Documents and Settings\Joe\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/04 12:24:51 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\John\Desktop\rkill.exe
[2010/06/04 12:24:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\57vbdic1.exe
[2010/06/01 12:50:11 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2010/05/31 20:50:29 | 3479,687,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/30 08:38:51 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Spybot.lnk
[2010/05/29 16:16:39 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Maggie\Desktop\Spybot - Search & Destroy.lnk
[2010/05/27 11:05:12 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/27 11:04:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\djwsgvto.sys
[2010/05/14 19:14:30 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\Level select.doc
[2010/04/12 11:48:27 | 000,392,704 | ---- | C] () -- C:\Documents and Settings\Joe\contents page joe.doc
[2010/04/12 11:48:27 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Joe\cover for project joe.doc
[2010/04/12 11:48:27 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Joe\tally graphs joe.xls
[2010/03/30 15:48:53 | 027,193,281 | ---- | C] () -- C:\Documents and Settings\Sam\Jake's Composition 1.wma
[2010/03/30 15:48:51 | 022,527,813 | ---- | C] () -- C:\Documents and Settings\Sam\Jake's Composition 2.wma
[2010/01/31 08:14:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/01/31 08:14:59 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/12/29 20:13:45 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/10 14:12:27 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/13 15:15:57 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\d3d9caps.dat
[2009/06/30 09:16:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/04/30 13:41:14 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/04/27 15:35:57 | 000,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/12/15 10:18:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/11/14 14:56:09 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Sam\jagex_runescape_preferences.dat
[2008/11/06 20:04:54 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\John\Install.log
[2008/11/02 11:03:23 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/11/02 11:03:23 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/10/07 11:07:57 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/03 19:55:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/03 19:55:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/04/11 13:35:58 | 000,002,268 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/02/18 13:27:52 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/01/03 09:14:47 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Family\NTUSER.DAT
[2008/01/03 09:14:46 | 007,340,032 | ---- | C] () -- C:\Documents and Settings\Joe\NTUSER.DAT
[2007/12/10 18:52:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/12/06 23:13:59 | 006,533,120 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer.dll
[2007/12/06 23:13:59 | 002,568,192 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageMeter.dll
[2007/12/06 23:12:21 | 008,278,016 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
[2007/12/06 23:12:21 | 008,151,040 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
[2007/12/06 22:48:20 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2007/12/06 17:42:53 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Maggie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/17 06:16:06 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Maggie\USB001
[2007/10/15 13:18:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/10/14 13:49:04 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\Maggie\NTUSER.DAT
[2007/10/08 18:24:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sys
[2007/09/24 17:26:14 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/12 19:27:01 | 013,107,200 | ---- | C] () -- C:\Documents and Settings\John\ntuser.dat
[2007/07/11 18:28:56 | 000,003,786 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2007/04/10 17:24:47 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/03/02 14:31:13 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/02/20 18:51:57 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HPSU_48BitScanUpdate.log
[2007/02/20 18:51:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/20 18:50:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007/02/20 18:50:14 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007/02/20 18:50:14 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/02/20 18:49:36 | 000,002,814 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PatchUpdate_InstantShareJPG.log
[2007/02/20 18:49:36 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/02/20 18:46:43 | 000,003,594 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PatchUpdate_IZClosingDiscError.log
[2007/02/20 18:46:43 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/02/20 18:45:24 | 000,035,624 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2007/02/20 18:45:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/02/19 17:25:45 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/05 13:34:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2007/02/05 13:34:04 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Family\ntuser.dat.LOG
[2007/02/05 13:34:04 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Family\ntuser.ini
[2007/01/17 19:58:15 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/14 18:18:06 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\Maggie\Artikel.csv
[2007/01/12 19:44:22 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\John\Artikel.csv
[2006/12/31 14:49:31 | 000,178,176 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/30 11:41:54 | 000,000,569 | ---- | C] () -- C:\WINDOWS\superwmacutterjoiner.ini
[2006/12/29 20:22:13 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/12/29 20:14:29 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/21 14:51:52 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2006/12/21 14:51:51 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\Sam\NTUSER.DAT
[2006/12/21 14:51:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Sam\ntuser.dat.LOG
[2006/12/21 14:51:51 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Sam\ntuser.ini
[2006/12/20 19:41:53 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\John\results.txt
[2006/12/20 19:36:23 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/20 19:36:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/20 18:05:11 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat
[2006/12/20 18:05:10 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Joe\ntuser.dat.LOG
[2006/12/20 18:05:10 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Joe\ntuser.ini
[2006/12/20 18:04:03 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Maggie\Local Settings\Application Data\fusioncache.dat
[2006/12/20 18:04:01 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Maggie\ntuser.dat.LOG
[2006/12/20 18:04:01 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Maggie\ntuser.ini
[2006/12/20 14:40:33 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2006/12/20 14:40:32 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\John\ntuser.dat.LOG
[2006/12/20 14:40:32 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\John\ntuser.ini
[2006/10/18 00:23:11 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2006/10/18 00:23:11 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2006/10/17 20:23:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/17 19:43:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/10/17 19:31:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2006/10/17 19:25:31 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/10/17 16:27:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ctrldll.dll
[2006/10/13 07:30:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/09/15 08:40:48 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoController.dll
[2005/09/15 08:40:48 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoAnalyser.dll
[2005/09/15 08:40:48 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\PSP PseudoStereo.dll
[2005/09/15 08:40:48 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoEnhancer.dll
[2005/09/11 15:12:23 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\pspsedx.dll
[2005/09/11 15:12:02 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\pspsadx.dll
[2005/09/11 15:09:57 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\pspscdx.dll
[2005/09/11 14:49:43 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\psppsdx.dll
[2005/08/12 06:04:45 | 004,059,136 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll
[2005/08/05 10:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/24 14:21:16 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pspmcdx.dll
[2004/12/21 11:34:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/21 09:56:10 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2004/12/21 09:56:07 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2004/12/21 09:55:26 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/12/21 09:55:25 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/12/21 09:55:24 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/12/21 09:55:24 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/12/21 08:17:58 | 000,001,010 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/21 08:16:08 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/12/21 02:56:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/12/21 02:55:26 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/12/21 02:55:25 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2003/08/07 09:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 10:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 08:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 08:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 08:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 08:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 08:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 08:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 08:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 17:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 17:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 17:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 17:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 17:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
[2001/07/06 11:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/05/11 03:52:22 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\Indounin.dll
[1997/08/18 20:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/18 20:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== LOP Check ==========
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\ispnews
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ispnews
[2007/02/06 18:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\ispnews
[2009/10/13 16:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Azureus
[2006/12/21 13:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ispnews
[2010/03/25 18:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\LimeWire
[2009/12/29 15:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\PC Suite
[2009/02/11 12:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ScanSoft
[2010/05/05 12:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Spotify
[2007/09/29 09:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\TomTom
[2008/10/07 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Ulead Systems
[2006/12/29 09:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ACD Systems
[2010/01/17 19:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Amazon
[2010/01/17 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Azureus
[2007/11/16 18:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Cakewalk
[2007/10/09 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Canon
[2006/12/20 17:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\F-Secure
[2009/02/04 18:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\HandBrake
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\InterTrust
[2007/06/09 19:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\iolo
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ispnews
[2008/05/13 04:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MSNInstaller
[2009/01/25 10:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NCH Swift Sound
[2009/12/29 12:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Nokia
[2008/02/17 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\OfficeUpdate12
[2007/12/06 23:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Opera
[2009/12/29 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\PC Suite
[2007/06/23 14:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Renegade Minds
[2007/01/03 20:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\RootsMagic
[2007/10/07 11:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Sandbox
[2006/12/29 20:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ScanSoft
[2007/01/09 08:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Snapfish
[2007/12/06 22:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Steinberg
[2007/09/20 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\SuperAdBlocker.com
[2007/09/17 08:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\TomTom
[2008/10/04 16:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Ulead Systems
[2008/11/02 11:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2007/09/03 07:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\ACD Systems
[2008/11/02 15:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\agi
[2007/02/14 07:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\Canon
[2006/12/28 07:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\InterTrust
[2007/02/04 21:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\ispnews
[2007/10/22 08:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\Sandbox
[2007/06/28 09:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\ScanSoft
[2007/09/17 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\TomTom
[2008/10/04 15:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\Ulead Systems
[2010/05/31 14:43:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sam\Application Data\.#
[2008/11/02 11:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\agi
[2009/11/14 18:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Azureus
[2006/12/21 14:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\ispnews
[2010/03/31 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\LimeWire
[2008/06/02 12:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\ScanSoft
[2010/05/26 16:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Spotify
[2008/10/04 12:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ulead Systems
[2010/05/31 14:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\uTorrent
[2008/10/29 13:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Wallpapers from MSN
[2010/06/04 12:21:49 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
========== Purity Check ==========
========== Custom Scans ==========
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
Invalid Environment Variable: %APPDATA%\*.
Invalid Environment Variable: %APPDATA%\*.exe
< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/08 21:13:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/05/08 21:13:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/08 21:13:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/05/08 21:13:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/10 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USERINIT.EXE >
[2004/08/10 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/12/20 18:28:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/12/20 18:28:57 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/12/20 18:28:57 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/02/25 06:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< CREATERESTOREPOINT >
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:690E9362FA01FC72
< End of report >
Dakeyras
2010-06-07, 21:59
Hi. :)
I apologise for the delay. Anyway both myself and colleague concur your machine is in quite a mess/badly comprimised and it would be prudent to either perform a reformat and reinstallation of the Windows operating system and or take your machine to a local IT repair centre.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
I can offer no further assistance apart from my prior advice sadly as only so much I can do without physical access to the machine.
wingreen
2010-06-07, 23:31
Oh - sounds bad. I changed all my relevant passwords (from a clean PC) when I realised there was problem (and have checked that nothing untoward has been happening with my financial accounts).
I appreciate your help and the time you have put into it. I'm guessing that (as it seems to be in quite a mess) it won't be cheap to get professional repair so it might make more sense for me to scrap it and buy another. Although I might be tempted to try a "reformat and re-installation" - but I'm assuming that's relatively straighforward and that I can get advice on that from an ordinary "how to" site.
Thanks again anyway.
wingreen
2010-06-08, 01:50
Don't want to pester you but, just to check - I'm going to explore the option of reformatting/reinstalling (I made a "back up" on my external hard disk before I got these problems). All I have are the Product Recovery CD Roms and/or (I think) a recovery partition (?) on my internal hard disk.
Should I explore which and how to do this here with you? or go to another forum that focuses on that sort of thing (rather than malware)?
Thanks
Dakeyras
2010-06-08, 14:04
Hi. :)
The below tutorials for the process are excellent for advising the exact procedure:-
How to Reformat and Reinstall your Operating System (http://forums.whatthetech.com/How_Reformat_Reinstall_your_Operating_System_t91962.html)
Windows XP - Reformat And Re-Install Guide (http://forum.securitycadets.com/index.php?showforum=65)
what programs will i have to find and restore to it?Below is some advice about what to install/safety advice after the format and the reinstallation of the Windows operating system.
Reformat and Reinstallation Advice:
This is a excellent resource I recommend reading:- How to prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
Here are some free Anti Virus programs which I recommend to use:
Antivir PersonalEditionClassic (http://www.free-av.com/)
Free anti-virus software for Windows.
Detects and removes more than 50,000 viruses. Free support. avast! Home Edition (http://www.avast.com/eng/avast_4_home.html)
Anti-virus program for Windows.
The home edition is freeware for noncommercial users.
Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
Here are some free Firewalls which I recommend to use:
(Use only one, and disable your Windows Firewall)
Sunbelt Kerio (http://www.sunbelt-software.com/Kerio.cfm)
Outpost (http://www.agnitum.com/products/outpostfree/download.php)
Jetico Personal Firewall (http://www.jetico.com/) Note: Only ever have installed/use one Anti-Virus application and Software Firewall. Otherwise a system conflict will occur and this also lessens overall online protection!
Keep your system updated- Microsoft releases patches for Windows and other products regularly:
I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
Install the Active X
Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
Start >> All Programs >> Microsoft Updates
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page.
Malwarebytes' Anti-Malware - Download it from here (http://www.malwarebytes.org/mbam-download.php)
The tutorial on how to use MBAM is located here (http://thespykiller.co.uk/index.php?PHPSESSID=12a63a8f9a27c9b153f67c04a5c10955&topic=5946.0)
Install WinPatrol - Download it from here (http://www.winpatrol.com/download.html)
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
The tutorial on how to use Spyware Blaster is located here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well after the format and the reinstallation of the Windows operating system.
Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Also so is this:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
wingreen
2010-06-08, 14:34
OK, thanks for getting back to me and thanks for all your help
wingreen
2010-06-08, 14:51
Sorry - just before I go (!). You mentioned earlier possibility that hard drive had a recovery partition (?). When I boot the infected CD, I get an option to "Press F10 to start recovery" (this comes up for a couple seconds after Boot from CD? and before it moves onto the black screen).
Will Pressing F10 help me to recover from hard disk?
Dakeyras
2010-06-08, 15:01
Aye it may very well do and at this stage I see no harm what so ever investigating this particular avenue so to speak. :)
Dakeyras
2010-06-09, 15:19
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.