Page 1 of 4 1234 LastLast
Results 1 to 10 of 35

Thread: Zlob.DNSChanger

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default Zlob.DNSChanger

    I've looked at a ton of forums and tried solving the problem myself following instructions, but SpyBot is still finding the Zlob.dnschanger and Zlob.dnschanger.rtk

    Here is the HijackThis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:04:29 PM, on 9/27/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\LClock\LClock.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\regedit.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Matthew\Local Settings\Temp\jkos-Matthew\binaries\ScanningProcess.exe
    C:\Documents and Settings\Matthew\Local Settings\Temp\jkos-Matthew\binaries\ScanningProcess.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdher.exe] C:\WINDOWS\system32\kdher.exe
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}: NameServer = 85.255.116.27,85.255.112.70
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10715 bytes

  2. #2
    Senior Member
    Join Date
    Jun 2008
    Location
    Finland
    Posts
    120

    Default

    Welcome to the Safer Networking. My name is muuli. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

    1. If you don't know, stop and ask! Don't keep going on.
    2. Please reply to this thread. Do not start a new topic. Please stay at one forum for help.
    3. Please continue reading posts until I give the All Clear. It is important to note this, as a clean looking HijackThis is not always a sign your system is clean.

    Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

  3. #3
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Thanks so much. If it helps spybot points to this file as one of the problems. But I can't find it in this location even by unhiding protected operating system files, and it just reappears if I have spybot try and delete it.

    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdher.exe] C:\WINDOWS\system32\kdher.exe

  4. #4
    Senior Member
    Join Date
    Jun 2008
    Location
    Finland
    Posts
    120

    Default

    Hi,

    Step 1

    You don't have a firewall on your computer so start windows firewall if not running yet. Press Start -> Controlpanel -> Windows Firewall, then make sure that tap is ON (recommended). Don't install any third party firewall yet.

    Step 2

    1. If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
    2. Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
    3. Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
    4. Click on Mode > Advanced Mode. When it prompts you, click Yes.
    5. On the left hand side, click on Tools.
    6. Check (tick) this box if it is not yet ticked: Resident.
    7. You will notice that Resident is now added under Tools. Click on Resident.
    8. Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
    9. Exit Spybot Search & Destroy.
    10. Restart your computer for the changes to take effect.


    Step 3

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/file...Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin;
    follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    At the end of the fix, you may need to restart your computer again.

    Post back the contents of the logfile C:\fixwareout\report.txt.

    Now lets check some settings on your system.
    (2000/XP) Only
    In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
    Press OK twice to get out of the properties screen and reboot if it asks.
    That option might not be available on some systems.

    Step 4

    1. Please download random's system information tool (RSIT) and save it to your desktop.
    2. Double click on RSIT.exe to run it. RSIT will start running.
    3. Please read through the disclaimer and click on Continue.
    4. RSIT will start running. When done, 2 logs will be produced. The first one, log.txt, will be maximized, the second one, info.txt, will be minimized.
    5. Please post both logs in your next reply.


    Step 5

    Please post a fixwareout log and RSIT logs(log.txt and info.txt).

  5. #5
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    OK, so here is the fixwareout.exe log below.

    However when I ran RSIT.exe I got an error saying : Error parsing function call, and then the program just quit. Also when I go to change the Internet Protocol (TCP/IP) item to 'Obtain DNS servers automatically', I am able to change it and click ok and close the window, and then when I go back into the settings it is unchecked and back using some random assigned DNS server addresses. I repeated the process a few times just to check and same thing each time.

    fixwareout log file:


    Username "Matthew" - 09/29/2008 16:19:54 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdher.exe"

    Successfully flushed the DNS Resolver Cache.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LClock"="C:\\Program Files\\LClock\\LClock.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
    "Adobe_ID0EYTHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "nmapp"="\"C:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
    "basicsmssmenu"="\"C:\\Program Files\\Seagate\\Basics\\Basics Status\\MaxMenuMgrBasics.exe\""
    "C:\\WINDOWS\\system32\\kdher.exe"="C:\\WINDOWS\\system32\\kdher.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~

  6. #6
    Senior Member
    Join Date
    Jun 2008
    Location
    Finland
    Posts
    120

    Default

    Hi,

    Quote Originally Posted by mattc
    Also when I go to change the Internet Protocol (TCP/IP) item to 'Obtain DNS servers automatically', I am able to change it and click ok and close the window, and then when I go back into the settings it is unchecked and back using some random assigned DNS server addresses. I repeated the process a few times just to check and same thing each time.
    Okay, we will back to this later.

    Step 1

    Download Gmer to your Desktop and unzip it to your Desktop.
    http://www.gmer.net/gmer.zip

    Disconnect from internet and close running programs.
    There is a small chance this application may crash your computer so save any work you have open.
    Double click gmer.exe.
    Let the gmer.sys driver load if asked.
    If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
    If no warning....
    Click the rootkit tab
    To the right of the program you will see a bunch of boxes that have been checked... leave everything checked. Then click the Scan button. Wait for the scan to finish.
    Once done click the Copy button.
    Open Notepad and hit ctrl+v to paste the log. Save the log to your desktop please.

    Click the >>> tab. This will open up all available tabs for you.
    Click the Autostart tab then the scan button. Once its done click the Copy button and paste it into a new notepad document. Save that document to your desktop please.

    Step 2

    1. Please download OTViewIt by OldTimer and save it to your Desktop.
    2. Close all applications and windows.
    3. Double-click on the OTViewIt.exeto start OTViewIt.
    4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
    5. Click the blue Run Scan button.
    6. OTViewIt will now start its scan.
    7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
    8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.


    Step 3

    Please post a fresh HijackThis log, Gmer log and OTViewIt logs.

  7. #7
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    OK so here are the log files you asked for:

    GMER log:

    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-10-30 17:25:58
    Windows 5.1.2600 Service Pack 3


    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\Explorer.EXE[268] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
    .text C:\WINDOWS\Explorer.EXE[268] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
    .text C:\WINDOWS\Explorer.EXE[268] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
    .text C:\WINDOWS\Explorer.EXE[268] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
    .text C:\Documents and Settings\Matthew\Desktop\gmer\gmer.exe[416] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
    .text C:\Documents and Settings\Matthew\Desktop\gmer\gmer.exe[416] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
    .text C:\Documents and Settings\Matthew\Desktop\gmer\gmer.exe[416] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
    .text C:\WINDOWS\system32\NOTEPAD.EXE[556] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 000A6992
    .text C:\WINDOWS\system32\NOTEPAD.EXE[556] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6AAF
    .text C:\WINDOWS\system32\NOTEPAD.EXE[556] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A6751
    .text C:\WINDOWS\system32\NOTEPAD.EXE[556] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 000A6894
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[580] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[580] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[580] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[580] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
    .text C:\Program Files\LClock\LClock.exe[660] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
    .text C:\Program Files\LClock\LClock.exe[660] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
    .text C:\Program Files\LClock\LClock.exe[660] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
    .text C:\Program Files\LClock\LClock.exe[660] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
    .text C:\WINDOWS\system32\RUNDLL32.EXE[704] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
    .text C:\WINDOWS\system32\RUNDLL32.EXE[704] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
    .text C:\WINDOWS\system32\RUNDLL32.EXE[704] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
    .text C:\WINDOWS\system32\RUNDLL32.EXE[704] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[756] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[756] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[756] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[756] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
    .text C:\WINDOWS\system32\winlogon.exe[848] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00D16992
    .text C:\WINDOWS\system32\winlogon.exe[848] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D16AAF
    .text C:\WINDOWS\system32\winlogon.exe[848] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D16751
    .text C:\WINDOWS\system32\winlogon.exe[848] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00D16894
    .text C:\Program Files\iTunes\iTunesHelper.exe[868] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
    .text C:\Program Files\iTunes\iTunesHelper.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
    .text C:\Program Files\iTunes\iTunesHelper.exe[868] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
    .text C:\Program Files\iTunes\iTunesHelper.exe[868] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
    .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00F36992
    .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F36AAF
    .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F36751
    .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00F36894
    .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00F56992
    .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F56AAF
    .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F56751
    .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00F56894
    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[988] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[988] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[988] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[988] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
    .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00F56992
    .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F56AAF
    .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F56751
    .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00F56894
    .text C:\WINDOWS\system32\RunDll32.exe[1128] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
    .text C:\WINDOWS\system32\RunDll32.exe[1128] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
    .text C:\WINDOWS\system32\RunDll32.exe[1128] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
    .text C:\WINDOWS\system32\RunDll32.exe[1128] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
    .text C:\Program Files\Winamp\winampa.exe[1168] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00086992
    .text C:\Program Files\Winamp\winampa.exe[1168] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00086AAF
    .text C:\Program Files\Winamp\winampa.exe[1168] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00086751
    .text C:\Program Files\Winamp\winampa.exe[1168] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00086894
    .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00F66992
    .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F66AAF
    .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F66751
    .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00F66894
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1816] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1816] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1816] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
    .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1816] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
    .text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1860] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
    .text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1860] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
    .text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1860] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
    .text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[1860] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
    .text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1888] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
    .text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1888] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
    .text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1888] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
    .text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1888] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
    .text C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[1932] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
    .text C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[1932] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
    .text C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[1932] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
    .text C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[1932] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
    .text C:\WINDOWS\system32\ctfmon.exe[1952] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 000A6992
    .text C:\WINDOWS\system32\ctfmon.exe[1952] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6AAF
    .text C:\WINDOWS\system32\ctfmon.exe[1952] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A6751
    .text C:\WINDOWS\system32\ctfmon.exe[1952] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 000A6894
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1996] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1996] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1996] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1996] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
    .text C:\Program Files\AIM\aim.exe[2164] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
    .text C:\Program Files\AIM\aim.exe[2164] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
    .text C:\Program Files\AIM\aim.exe[2164] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
    .text C:\Program Files\AIM\aim.exe[2164] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
    .text C:\WINDOWS\system32\spoolsv.exe[2388] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
    .text C:\WINDOWS\system32\spoolsv.exe[2388] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
    .text C:\WINDOWS\system32\spoolsv.exe[2388] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
    .text C:\WINDOWS\system32\spoolsv.exe[2388] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
    .text C:\WINDOWS\System32\svchost.exe[2640] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
    .text C:\WINDOWS\System32\svchost.exe[2640] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
    .text C:\WINDOWS\System32\svchost.exe[2640] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
    .text C:\WINDOWS\System32\svchost.exe[2640] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3140] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00146992
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3140] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00146AAF
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3140] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00146751
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3140] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00146894
    .text C:\Program Files\iPod\bin\iPodService.exe[3388] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00156992
    .text C:\Program Files\iPod\bin\iPodService.exe[3388] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156AAF
    .text C:\Program Files\iPod\bin\iPodService.exe[3388] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00156751
    .text C:\Program Files\iPod\bin\iPodService.exe[3388] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00156894
    .text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtDeleteValueKey 7C90D250 5 Bytes JMP 00096992
    .text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096AAF
    .text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00096751
    .text C:\WINDOWS\System32\alg.exe[3524] ntdll.dll!NtSetValueKey 7C90DDB0 5 Bytes JMP 00096894

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT \WINDOWS\system32\hal.dll[ntoskrnl.exe!IoReadPartitionTable] [F77199BA] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
    IAT \WINDOWS\system32\hal.dll[ntoskrnl.exe!IoWritePartitionTable] [F7719B66] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
    IAT ftdisk.sys[ntoskrnl.exe!IoReadPartitionTableEx] [F7719AA8] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
    IAT dmio.sys[ntoskrnl.exe!IoWritePartitionTableEx] [F7719B8A] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
    IAT dmio.sys[ntoskrnl.exe!IoReadPartitionTableEx] [F7719AA8] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
    IAT PartMgr.sys[ntoskrnl.exe!IoReadPartitionTableEx] [F7719AA8] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
    IAT disk.sys[ntoskrnl.exe!IoReadPartitionTable] [F77199BA] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
    IAT disk.sys[ntoskrnl.exe!IoReadPartitionTableEx] [F7719AA8] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)
    IAT disk.sys[ntoskrnl.exe!IoWritePartitionTableEx] [F7719B8A] MDPMGRNT.sys (MacDrive partition driver/Mediafour Corporation)

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 043CA371
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 043CA184
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 043C5BD0
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 043C67A9
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 043C8543
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 043C6F75
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 043C698E
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 043C7DBE
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 043C9A18
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 043C9A48
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 043CA58B
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 043C9772
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 043C84D3
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 043C7625
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 043C6D89
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 043C72D1
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 043CA8B7
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 043C7FBD
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 043C83CF
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 043C8B01
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 043C87F1
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 043C8AAF
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 043C90EE
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 043C8C22
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 043C6B9D
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 043C7580
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 043C9AF3
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 043C88B3
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 043C8486
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 043C81FA
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 043C85C2
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 043CA597
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 043C8788
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 043CA71C
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 043CA6EA
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 043CA83F
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 043CA89B
    IAT C:\WINDOWS\Explorer.EXE[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 043CA788

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

    AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

    Device \FileSystem\Fastfat \FatCdrom MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\MRxDAV \Device\WebDavRedirector MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\MRxSmb \Device\LanmanRedirector MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\Fastfat \Fat MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

    AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    Device \FileSystem\Cdfs \Cdfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
    ---- Processes - GMER 1.0.14 ----

    Library C:\WINDOWS\system32\dll.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [2388] 0x10000000

    ---- Files - GMER 1.0.14 ----

    File C:\WINDOWS\system32\kdkfs.exe 52224 bytes executable

    ---- EOF - GMER 1.0.14 ----


    GMER AUTOSTART

    GMER 1.0.14.14536 - http://www.gmer.net
    Autostart scan 2008-10-30 17:29:55
    Windows 5.1.2600 Service Pack 3


    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
    @UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
    @Systemkdkfs.exe = kdkfs.exe

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
    dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
    WgaLogon@DLLName = WgaLogon.dll

    HKLM\SYSTEM\CurrentControlSet\Services\ >>>
    Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
    Basics Service@ = "C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe"
    Crypkey License@ = crypserv.exe
    MacDriveService@ = "C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe"
    MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
    nmservice@ = "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"
    NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
    Pml Driver HPZ12@ = C:\WINDOWS\system32\HPZipm12.exe

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @LClockC:\Program Files\LClock\LClock.exe = C:\Program Files\LClock\LClock.exe
    @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    @nwiznwiz.exe /install = nwiz.exe /install
    @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    @AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    @QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    @iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
    @Acrobat Assistant 8.0"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    @ /*file not found*/ = /*file not found*/
    @Adobe_ID0EYTHMC:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE = C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    @CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
    @WinampAgent"C:\Program Files\Winamp\winampa.exe" = "C:\Program Files\Winamp\winampa.exe"
    @Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    @HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    @nmapp"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash = "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    @SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    @basicsmssmenu"C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" = "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    @C:\WINDOWS\system32\kdher.exeC:\WINDOWS\system32\kdher.exe /*file not found*/ = C:\WINDOWS\system32\kdher.exe /*file not found*/

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    @H/PC Connection Agent"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
    @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
    @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
    @{1530f7ee-5128-43bd-9977-84a4b0fad7df} /*Photo Resizing PowerToy*/%SystemRoot%\system32\ShellExt\phototoy.dll = %SystemRoot%\system32\ShellExt\phototoy.dll
    @{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
    @{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{afc638f0-e8a4-11ce-9ade-00aa00a42d2e} /*MST TrueType File Properties*/C:\WINDOWS\system32\ShellExt\TTFExtNT.dll = C:\WINDOWS\system32\ShellExt\TTFExtNT.dll
    @{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Program Files\Unlocker\UnlockerCOM.dll = C:\Program Files\Unlocker\UnlockerCOM.dll
    @{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} /*ContextMenuExt Extension*/C:\WINDOWS\system32\CopyToSendTo.dll = C:\WINDOWS\system32\CopyToSendTo.dll
    @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
    @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
    @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
    @{B1883831-F0D8-4453-8245-EEAAD866DD6E} /*HashTab Context Menu*/(null) =
    @{8A56567E-A333-4843-B6E1-C3A262E41D8C} /*HashTab Property Page*/C:\Program Files\HashTab Shell Extension\HashTab32.dll = C:\Program Files\HashTab Shell Extension\HashTab32.dll
    @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
    @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
    @{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
    @{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
    @{13311DA7-1D24-40e5-AE07-7E3750F5DE3C} /*Right Click Image Converter Extension*/C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll = C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll
    @{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
    @{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
    @{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
    @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
    @{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
    @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
    @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
    @{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
    @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    @{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
    @{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
    @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
    @{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
    @{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} /*Mediafour Mac file columns*/C:\Program Files\Common Files\Mediafour\MACFPROP.DLL = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
    @{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0} /*Mediafour Mac file properties*/C:\Program Files\Common Files\Mediafour\MACFPROP.DLL = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
    @{C55C499D-3518-44a1-998E-796AC5FC989D} /*NetworkMagic*/C:\Program Files\Pure Networks\Network Magic\nmspce2.dll = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll
    @{33F85093-44BB-4587-B25B-FFD05D5B9916} /*NetworkMagic*/C:\Program Files\Pure Networks\Network Magic\nmspce2.dll = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll
    @{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MI3AA1~1\Wcesview.dll = C:\PROGRA~1\MI3AA1~1\Wcesview.dll

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
    Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
    CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
    Right Click Image Converter@{13311DA7-1D24-40e5-AE07-7E3750F5DE3C} = C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll
    UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{E194186F-A30A-4E7E-9457-441AC354C98C} = C:\Program Files\Mediafour\MacDrive 7\MDShell.dll

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
    CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
    UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{33F85093-44BB-4587-B25B-FFD05D5B9916} = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
    Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
    CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
    UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
    WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{33F85093-44BB-4587-B25B-FFD05D5B9916} = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
    @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    @{074C1DC5-9320-4A9A-947D-C042949C6216}C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll = C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    @{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    @{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    @{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    @{AE7CD045-E861-484f-8273-0445EE161910}C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

    HKLM\Software\Microsoft\Internet Explorer\Main >>>
    @Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
    @Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
    @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

    HKCU\Software\Microsoft\Internet Explorer\Main >>>
    @Start Pagehttp://www.google.com/ = http://www.google.com/
    @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

    HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

    HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
    dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
    its@CLSID = C:\WINDOWS\system32\itss.dll
    mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
    ms-its@CLSID = C:\WINDOWS\system32\itss.dll
    ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
    mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    pure-go@CLSID = C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll
    tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
    wia@CLSID = C:\WINDOWS\system32\wiascr.dll

    HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup = HP Digital Imaging Monitor.lnk

    ---- EOF - GMER 1.0.14 ----

  8. #8
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    OTViewIt logfile

    OTViewIt logfile created on: 10/30/2008 5:33:43 PM - Run
    OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 57.53 Gb Free Space | 77.20% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 254.32 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MATT
    Current User Name: Matthew
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Whitelist: On
    File Age = 30 Days

    ========== Processes ==========

    [2004/09/19 12:27:46 | 00,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
    [2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
    [2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
    [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    [2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
    [2008/07/09 17:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
    [2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    [2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    [2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
    [2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
    [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
    [2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    [2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    [2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    [2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    [2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    [2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
    [2008/04/14 06:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
    [2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    [2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    [2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe

    ========== (O23) Win32 Services ==========

    [2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
    [2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
    [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
    [2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
    [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
    [2008/04/14 06:42:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
    [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
    [2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe -- (Crypkey License [Auto | Running])
    [2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
    [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
    [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
    [2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
    [2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService [Auto | Running])
    [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
    [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
    [2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
    [2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
    [2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
    [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
    [2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
    [2008/04/14 06:42:40 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
    [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

    ========== Driver Services ==========

    [2005/05/12 14:39:56 | 01,287,296 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand | Running])
    [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
    [2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
    [2005/10/27 20:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
    [2005/10/27 20:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
    [2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
    [2008/04/14 01:01:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
    [2005/08/04 05:51:58 | 00,026,112 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
    [2008/07/22 14:29:46 | 00,288,768 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT [Boot | Running])
    [2007/02/28 11:15:08 | 00,019,072 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT [Boot | Running])
    [2006/01/09 22:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX [System | Running])
    [2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
    [2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
    [2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
    [2001/08/22 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
    [2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
    [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
    [2008/04/14 05:10:50 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
    [2008/04/13 23:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
    [2008/04/29 17:40:56 | 00,210,472 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (si3114r5 [Boot | Running])
    [2008/04/29 17:40:56 | 00,017,064 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
    [2008/04/29 17:40:56 | 00,012,200 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil [Boot | Running])
    [2008/04/14 01:15:36 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
    [2008/04/14 05:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
    [2005/01/06 11:18:40 | 00,310,656 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP [On_Demand | Running])
    [2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
    [2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
    [2008/04/04 04:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

    ========== (R ) Internet Explorer ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
    "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Default_Secondary_Page_URL"=
    "Extensions Off Page"=about:NoAdd-ons
    "Local Page"=%SystemRoot%\system32\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Security Risk Page"=about:SecurityRisk
    "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Local Page"=C:\WINDOWS\system32\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Start Page"=http://www.google.com/

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0
    "ProxyOverride" = *.local

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Start Page"=http://www.google.com/

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Start Page"=http://www.google.com/

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Start Page"=http://www.google.com/

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0

    [HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Local Page"=C:\WINDOWS\system32\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Start Page"=http://www.google.com/

    [HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0
    "ProxyOverride" = *.local

    ========== (O1) Hosts File ==========

    HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    First 25 entries...
    127.0.0.1 localhost

    ========== (O2) BHO's ==========

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    {074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    {AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

    ========== (O3) Toolbars ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

    [HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

    ========== (O4) Run Keys ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ""= File not found
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
    "Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
    "C:\WINDOWS\system32\kdher.exe"=C:\WINDOWS\system32\kdher.exe File not found
    "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
    "LClock"=C:\Program Files\LClock\LClock.exe ()
    "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
    "nwiz"=nwiz.exe /install ()
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)

    ========== (O4) RunOnce Keys ==========

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
    "ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
    "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
    "ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
    "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
    "ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)

    ========== (O4) Startup Folders ==========

    [2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    ========== (O6 & O7) Current Version Policies ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=149

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=145

    ========== (O8) IE Context Menu Extensions ==========

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
    Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
    Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
    Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
    Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
    Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
    Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
    Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
    Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
    E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

    ========== (O9) IE Extensions ==========

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite... -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: AIM -- C:\Program Files\AIM\aim.exe (America Online, Inc.)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    {e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

    ========== (O12) Internet Explorer Plugins ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
    PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
    PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

    ========== (O13) Default Prefixes ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
    ""=http://

    ========== (O15) Trusted Sites ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    40 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    40 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    40 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    40 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    40 domain(s) and sub-domain(s) not assigned to a zone.

    ========== (O16) DPF ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
    {0D41B8C5-2599-4893-8183-00195EC8D5F9}: http://support.asus.com/common/asusTek_sys_ctrl.cab -- asusTek_sysctrl Class
    {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07

    ========== (O17) DNS Name Servers ==========

    {2758145E-4A84-4120-9748-0730EFB3919A} (Servers: 85.255.115.2,85.255.112.117 | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
    {6C6AA7EE-51C8-456F-BBAB-A10A953DE278} (Servers: 85.255.115.2,85.255.112.117 | Description: ASUS 802.11b/g Wireless LAN Card)
    {B94761F6-BF1A-4FCC-9595-BF86977FC8B6} (Servers: | Description: Windows Mobile-based Device)
    {C7B75E5E-F00D-42C6-B592-264D9251F650} (Servers: | Description: 1394 Net Adapter)
    {EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0} (Servers: 85.255.115.2,85.255.112.117 | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)

    ========== (O20) HKLM Winlogon Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=kdkfs.exe
    >File not found --


    ========== (O20) Winlogon Notify Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
    WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

    ========== (O21) SSODL Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

    ========== Safeboot Options ==========

    "AlternateShell"=cmd.exe

    ========== CDRom AutoRun Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
    "AutoRun" = 1

    ========== Autorun Files on Drives ==========

    AUTOEXEC.BAT []
    [2008/07/24 19:49:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

    autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
    [2008/10/30 17:33:47 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

    autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
    [2008/10/30 17:33:47 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

    ========== MountPoints2 ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell]
    ""=Autorun

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\AutoRun]
    ""=Auto&Play


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\AutoRun\command]
    ""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\Open\command]
    ""=G:\resycled\boot.com -- File not found

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell]
    ""=Autorun

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun]
    ""=Auto&Play


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun\command]
    ""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\Open\command]
    ""=D:\resycled\boot.com -- [2008/09/19 09:46:32 | 00,019,968 | RHS- | M] ()

    ========== Files/Folders - Created Within 30 Days ==========

    [2008/10/30 17:07:09 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
    [2008/10/30 17:07:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
    [2008/10/30 17:07:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
    [2008/10/30 17:07:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
    [2008/10/30 17:07:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
    [2008/10/30 17:05:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
    [2008/10/30 17:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\gmer
    [2008/10/30 17:03:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip


    ========== Files - Modified Within 30 Days ==========

    [1 C:\WINDOWS\System32\*.tmp files]
    [3 C:\WINDOWS\*.tmp files]
    [2008/10/30 17:33:47 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
    [2008/10/30 17:26:45 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
    [2008/10/30 17:07:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
    [2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
    [2008/10/30 17:07:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
    [2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
    [2008/10/30 17:03:20 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
    [2008/10/30 02:19:13 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    < End of report >

  9. #9
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    EXTRAS


    OTViewIt Extras logfile created on: 10/30/2008 5:33:43 PM - Run
    OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 57.53 Gb Free Space | 77.20% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 254.32 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MATT
    Current User Name: Matthew
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Whitelist: On
    File Age = 30 Days

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled"=1
    "AntiVirusDisableNotify"=0
    "FirewallDisableNotify"=0
    "UpdatesDisableNotify"=0
    "AntiVirusOverride"=0
    "FirewallOverride"=0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    [2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    [2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    [2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    [2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    [2008/07/10 10:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    [2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
    [2008/07/28 04:07:31 | 09,080,832 | ---- | M] (Final Draft Inc.) -- C:\Program Files\Final Draft 7\Final Draft.exe:*:Enabled:Final Draft
    File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
    [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    [2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    [2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    [2006/01/23 18:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    [2006/01/23 18:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    [2006/01/23 18:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    [2005/09/20 21:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
    [2005/09/20 21:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    [2006/01/23 19:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
    [2005/09/20 21:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
    [2006/01/23 18:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    [2005/09/16 00:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
    [2005/09/16 00:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
    [2006/01/23 19:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    [2005/12/15 12:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
    [2008/09/27 02:29:00 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
    [2008/06/18 14:46:56 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    [2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    ========== (O10) Winsock2 Catalogs ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
    NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    ========== HKEY_USERS Protocol Defaults ==========


    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
    @ivt -- @ivt protocol not assigned
    file -- file protocol not assigned
    ftp -- ftp protocol not assigned
    http -- http protocol not assigned
    https -- https protocol not assigned
    shell -- shell protocol not assigned

    ========== (O18) Protocol Handlers ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
    ipp: [HKLM - No CLSID value]
    [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
    msdaipp: [HKLM - No CLSID value]
    [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
    [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
    [2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
    [2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
    [2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
    [2008/08/03 14:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

    ========== (O18) Protocol Filters ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
    [2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
    "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
    "{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
    "{05C56753-F144-44BC-BA67-83CC5DBF395C}"=F300
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
    "{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
    "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
    "{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
    "{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}"=Adobe Setup
    "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
    "{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
    "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
    "{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
    "{33F09ED5-3355-470A-AD79-6DFA8FC553E3}"=MacDrive 7
    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
    "{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}"=Apple Mobile Device Support
    "{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
    "{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
    "{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
    "{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
    "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
    "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
    "{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
    "{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
    "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
    "{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
    "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
    "{71D9B000-CD43-4DE9-9729-49434415B8F7}"=F300Trb
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
    "{78D62D17-D970-42DA-B8CF-5E5576293B33}"=Final Draft 7
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
    "{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
    "{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
    "{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
    "{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
    "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
    "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
    "{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
    "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
    "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
    "{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP)
    "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
    "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
    "{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
    "{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
    "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
    "{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}"=HP Photosmart Essential
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
    "{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
    "{E1230694-33DA-4E74-82E1-06CC9D545E9B}"=Windows Vista Sounds Pack
    "{E5966E4C-0A93-4F59-A981-BD3173D4799F}"=F300_Help
    "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
    "{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
    "{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
    "{EC3B29CD-76FF-4689-9647-8CCE67AC1D25}"=Data LifeSaver
    "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}"=HP Software Update
    "{EF6C4600-306D-4F6A-A119-C2A877D25B4A}"=iTunes
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
    "{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
    "Adobe AIR"=Adobe AIR
    "Adobe Flash Player Plugin"=Adobe Flash Player Plugin
    "Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
    "Adobe_5ac697db6c6103f6f8b5198d25f73f7"=Add or Remove Adobe Creative Suite 3 Master Collection
    "AOL Instant Messenger"=AOL Instant Messenger

    "CCleaner"=CCleaner (remove only)
    "C-Media Audio Driver"=C-Media High Definition Audio Driver
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
    "Core FTP LE 2.1"=Core FTP LE 2.1
    "DamnNFOViewer"=DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
    "HijackThis"=HijackThis 2.0.2
    "HP Imaging Device Functions"=HP Imaging Device Functions 6.1
    "HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
    "IconPackager"=IconPackager
    "InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
    "Kristanix Right Click Image Converter"=Right Click Image Converter
    "LClock"=LClock
    "LimeWire"=LimeWire 4.18.3
    "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
    "Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
    "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
    "Network MagicUninstall"=Network Magic
    "NVIDIA Drivers"=NVIDIA Drivers
    "PeerGuardian_is1"=PeerGuardian 2.0
    "Resource Hacker 3.4.0"=Resource Hacker 3.4.0
    "Stellar Phoenix Windows Data Recovery_is1"=Stellar Phoenix Windows Data Recovery V3.0
    "Unlocker"=Unlocker 1.8.5
    "Winamp"=Winamp
    "Windows Media Format Runtime"=Windows Media Format 11 runtime
    "Windows Media Player"=Windows Media Player 11
    "WinRAR archiver"=WinRAR archiver
    "WMFDist11"=Windows Media Format 11 runtime
    "wmp11"=Windows Media Player 11
    "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
    "Xvid_is1"=Xvid 1.1.3 final uninstall

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/5/2008 6:24:53 PM | Computer Name = MATT | Source = Application Error | ID = 1000
    Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
    npswf32.dll, version 9.0.124.0, fault address 0x001ac648.

    Error - 8/14/2008 5:50:22 PM | Computer Name = MATT | Source = Application Error | ID = 1000
    Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
    npswf32.dll, version 9.0.124.0, fault address 0x000fa977.

    Error - 8/14/2008 5:51:02 PM | Computer Name = MATT | Source = Application Error | ID = 1000
    Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
    npswf32.dll, version 9.0.124.0, fault address 0x0014aaf6.

    Error - 8/22/2008 8:09:17 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
    Description = Hanging application MSPVIEW.EXE, version 11.0.1897.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/22/2008 8:14:19 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
    Description = Hanging application OIS.EXE, version 11.0.5510.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/9/2008 11:54:52 PM | Computer Name = MATT | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module , version 0.0.0.0, fault address 0x00000000.

    Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
    Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
    Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/26/2008 7:27:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
    Description = Faulting application firefox.exe, version 1.9.0.3180, faulting module
    npswf32.dll, version 9.0.124.0, fault address 0x0000d676.

    Error - 9/27/2008 9:33:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x01c04130.

    [ System Events ]
    Error - 9/26/2008 12:35:45 AM | Computer Name = MATT | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 9/26/2008 12:35:45 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume F:.

    Error - 9/26/2008 12:35:48 AM | Computer Name = MATT | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 9/26/2008 12:35:52 AM | Computer Name = MATT | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 9/26/2008 12:35:56 AM | Computer Name = MATT | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 9/26/2008 12:36:00 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume F:.

    Error - 10/29/2008 8:40:27 PM | Computer Name = MATT | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 10/29/2008 9:33:42 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7034
    Description = The FLEXnet Licensing Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 10/30/2008 6:36:00 AM | Computer Name = MATT | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.199 on
    the Network Card with network address 0011D8D604D3.

    Error - 10/30/2008 6:36:19 AM | Computer Name = MATT | Source = W32Time | ID = 39452706
    Description = The time service has detected that the system time needs to be changed
    by -2591995 seconds. The time service will not change the system time by more than
    -54000 seconds. Verify that your time and time zone are correct, and that the time
    source time.windows.com (ntp.m|0x1|192.168.0.199:123->207.46.232.182:123) is working
    properly.


    < End of report >


    HiJackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:45:40 PM, on 10/30/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\LClock\LClock.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdher.exe] C:\WINDOWS\system32\kdher.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}: NameServer = 85.255.115.2,85.255.112.117
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}: NameServer = 85.255.115.2,85.255.112.117
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10876 bytes

  10. #10
    Senior Member
    Join Date
    Jun 2008
    Location
    Finland
    Posts
    120

    Default

    Hi,

    Step 1

    Please remove via Add or Remove Programs (press Start -> Controlpanel -> Add or Remove Programs):
    LimeWire 4.18.3

    Step 2

    Press Start -> My Computer -> Local Disk (C)
    Locate the following folder using the path below. If found please delete.
    C:\Program Files\LimeWire

    If you can't remove that folder, please reboot the computer and try again.

    Step 3

    Please produce uninstall list:
    1. Open HijackThis.
    2. Click on the Open the Misc Tools section button.
    3. Look under System tools.
    4. Click on the Open Uninstall Manager... button.
    5. Click on the Save list... button.
    6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    7. Notepad will open. Please post this log in your next reply.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •