Zlob.DNSChanger

[mattc]

Removed Limewire and here is the uninstall list:

Acrobat.com
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alky for Applications (Windows XP)
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
CCleaner (remove only)
C-Media High Definition Audio Driver
Core FTP LE 2.1
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
Data LifeSaver
Drive Manager
Drive Manager
Final Draft 7
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
IconPackager
iTunes
Java(TM) 6 Update 7
LClock
MacDrive 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
Netflix Movie Viewer
Network Magic
NVIDIA Drivers
PDF Settings
PeerGuardian 2.0
QuickTime
Resource Hacker 3.4.0
Right Click Image Converter
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Spybot - Search & Destroy
Stellar Phoenix Windows Data Recovery V3.0
Unlocker 1.8.5
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Sounds Pack
WinRAR archiver
Xvid 1.1.3 final uninstall

[muuli]

Hi,

Step 1

Please click this link-->Jotti

Copy/paste the file into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\dll.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Step 2

Open HijackThis, press Do a system scan only, checkmark following entries:
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdher.exe] C:\WINDOWS\system32\kdher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CS2\Services\Tcpip\..\{2758145E-4A84-4120-9748-0730EFB3919A}: NameServer = 85.255.115.2,85.255.112.117
Close all other windows including browser and press Fix checked.

Step 3

Download OTMoveIt3 by Old Timer and save it to your Desktop.

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below.

Code:

:Files
C:\WINDOWS\system32\kdkfs.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

Step 4

1. Please run OTViewIt
2. Close all applications and windows.
3. Double-click on the OTViewIt.exeto start OTViewIt.
4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
5. Click the blue Run Scan button.
6. OTViewIt will now start its scan.
7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.

Step 5

Try this again now...
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems.

Step 6

Please post a fresh HijackThis log, OTViewIt logs, OTMoveIt3 log and virustotal or jotti's results.

[mattc]

I couldn't find the dll.dll file within the system32 folder. I also did a search on my entire system and couldnt find that file. All files and folders including protected operating files are being shown.

After all steps are done I tried switching the Obtain DNS again and it keeps switching back to Use the following DNS server addresses, after I close it and go back in.

Here are the log files after all other steps were ran.

OTViewIt logfile created on: 10/2/2008 9:33:33 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.32 Gb Free Space | 76.91% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 254.32 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/09/19 12:27:46 | 00,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/09 17:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/14 06:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/04/14 06:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2008/04/14 06:42:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe -- (Crypkey License [Auto | Running])
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe -- (MacDriveService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2008/04/14 06:42:40 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/05/12 14:39:56 | 01,287,296 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/27 20:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/10/27 20:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2008/04/14 01:01:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2005/08/04 05:51:58 | 00,026,112 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
[2008/07/22 14:29:46 | 00,288,768 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT [Boot | Running])
[2007/02/28 11:15:08 | 00,019,072 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT [Boot | Running])
[2006/01/09 22:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX [System | Running])
[2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2001/08/22 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/14 05:10:50 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2008/04/13 23:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/29 17:40:56 | 00,210,472 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (si3114r5 [Boot | Running])
[2008/04/29 17:40:56 | 00,017,064 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2008/04/29 17:40:56 | 00,012,200 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil [Boot | Running])
[2008/04/14 01:15:36 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/14 05:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2005/01/06 11:18:40 | 00,310,656 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP [On_Demand | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/04/04 04:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
"C:\WINDOWS\system32\kdkfs.exe"=C:\WINDOWS\system32\kdkfs.exe File not found
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LClock"=C:\Program Files\LClock\LClock.exe ()
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite... -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: AIM -- C:\Program Files\AIM\aim.exe (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0D41B8C5-2599-4893-8183-00195EC8D5F9}: http://support.asus.com/common/asusTek_sys_ctrl.cab -- asusTek_sysctrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{6C6AA7EE-51C8-456F-BBAB-A10A953DE278} (Servers: 85.255.115.2,85.255.112.117 | Description: ASUS 802.11b/g Wireless LAN Card)
{B94761F6-BF1A-4FCC-9595-BF86977FC8B6} (Servers: | Description: Windows Mobile-based Device)
{C7B75E5E-F00D-42C6-B592-264D9251F650} (Servers: | Description: 1394 Net Adapter)
{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0} (Servers: 85.255.115.2,85.255.112.117 | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=kdkfs.exe
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/07/24 19:49:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008/10/02 21:33:02 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008/10/02 21:33:02 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\Open\command]
""=G:\resycled\boot.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618105-59b4-11dd-9efe-806d6172696f}\Shell\Open\command]
""=D:\resycled\boot.com -- [2008/09/19 09:46:32 | 00,019,968 | RHS- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618107-59b4-11dd-9efe-806d6172696f}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618107-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618107-59b4-11dd-9efe-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec618107-59b4-11dd-9efe-806d6172696f}\Shell\Open\command]
""=C:\resycled\boot.com -- [2008/09/19 09:46:32 | 00,019,968 | RHS- | M] ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/31 00:33:36 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt
[2008/10/30 17:07:09 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/30 17:07:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\gmer
[2008/10/30 17:03:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/02 21:31:54 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/02 21:28:25 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:57 | 00,322,707 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 16:28:52 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/29 16:04:15 | 00,305,323 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:34 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/27 19:03:59 | 00,486,449 | ---- | C] ( ) -- C:\Documents and Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/27 17:19:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 02:59:36 | 00,000,188 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2008/09/27 02:11:54 | 00,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2008/09/27 02:02:31 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar Phoenix Windows Data Recovery.lnk
[2008/09/27 02:02:24 | 00,260,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDATGRD.OCX
[2008/09/27 02:02:24 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2008/09/27 02:00:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2008/09/27 01:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\Stellar_Phoneix_Windows_Data_Recovery_v_3.0.0.1_adi231189__CW
[2008/09/27 01:45:37 | 14,277,293 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar_Phoneix_Windows_Data_Recovery_v_3.0.0.1_adi231189__CW.rar
[2008/09/27 01:41:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ˆ
** - C:\WINDOWS\System32\?
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:59:53 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/25 23:59:53 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/25 23:59:53 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/25 23:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1
[2008/09/25 23:52:23 | 00,651,492 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar_Phoenix_FAT_and_NTFS_v2.1_by_SND.zip
[2008/09/25 23:49:34 | 00,652,169 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:40:12 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
[2008/09/25 23:40:12 | 00,000,000 | RHSD | C] -- C:\resycled
[2008/09/25 23:19:30 | 00,003,360 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/25 23:19:30 | 00,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/25 23:19:30 | 00,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/09/25 23:18:57 | 00,000,130 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/09/25 23:18:54 | 00,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2008/09/25 23:18:54 | 00,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
[2008/09/25 23:18:54 | 00,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/09/25 23:18:54 | 00,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/09/25 23:18:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/09/25 23:18:54 | 00,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/25 23:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix NTFS Data Recovery
[2008/09/25 21:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\EASIS
[2008/09/25 18:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/09/25 18:37:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/09/24 09:58:50 | 12,639,7177 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 00:47:34 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/24 00:47:34 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/18 18:52:38 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/18 18:52:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2008/09/18 18:50:30 | 00,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2008/09/18 18:50:26 | 00,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2008/09/18 18:50:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2008/09/18 18:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/09/15 22:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\retouching
[2008/09/15 22:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme
[2008/09/15 21:21:31 | 00,027,589 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/14 17:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2008/09/14 17:16:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2008/09/14 17:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2008/09/08 03:13:48 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/08 03:13:48 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 03:13:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2008/09/08 03:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2008/09/07 02:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Netflix
[2008/09/05 04:33:40 | 18,630,864 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NSMB 2.mov
[2008/09/05 04:32:01 | 21,353,142 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NSMB 1.mov

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/31 00:33:36 | 00,000,014 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt
[2008/10/31 00:33:07 | 00,065,627 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Tickets.WildWestJamboree.2008.jpg
[2008/10/30 17:26:45 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:20 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/30 02:19:13 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 21:33:02 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008/10/02 21:28:26 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:58 | 00,322,707 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 18:37:11 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/29 18:35:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/29 18:34:58 | 00,182,441 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/29 18:34:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/29 18:34:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/29 16:19:05 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Spybot - Search & Destroy.lnk
[2008/09/29 16:04:15 | 00,305,323 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:00 | 00,486,449 | ---- | M] ( ) -- C:\Documents and Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:19:15 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 09:30:34 | 00,000,188 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:11:54 | 00,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:03:11 | 00,003,360 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/27 02:03:11 | 00,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
[2008/09/27 02:02:32 | 00,000,130 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2008/09/26 23:54:33 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/26 23:54:33 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/26 23:49:59 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/26 23:49:59 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:52:23 | 00,651,492 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Stellar_Phoenix_FAT_and_NTFS_v2.1_by_SND.zip
[2008/09/25 23:49:35 | 00,652,169 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:19:30 | 00,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/24 09:58:50 | 12,639,7177 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 01:49:43 | 00,381,228 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/24 01:49:43 | 00,328,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/24 01:49:43 | 00,045,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/22 22:00:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/18 18:52:38 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/15 21:21:32 | 00,027,589 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/11 21:40:37 | 00,070,656 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\EmilySwansonResume-1.doc
[2008/09/10 04:01:22 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/09/10 03:00:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

[mattc]

EXTRAS

OTViewIt Extras logfile created on: 10/2/2008 9:33:33 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.32 Gb Free Space | 76.91% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 254.32 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/10 10:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
[2008/07/28 04:07:31 | 09,080,832 | ---- | M] (Final Draft Inc.) -- C:\Program Files\Final Draft 7\Final Draft.exe:*:Enabled:Final Draft
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/23 18:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/23 18:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/23 18:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/20 21:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/20 21:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/23 19:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/20 21:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/23 18:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/09/16 00:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/09/16 00:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/23 19:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 12:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2008/09/27 02:29:00 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[2008/08/03 14:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{05C56753-F144-44BC-BA67-83CC5DBF395C}"=F300
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}"=Adobe Setup
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{33F09ED5-3355-470A-AD79-6DFA8FC553E3}"=MacDrive 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}"=Apple Mobile Device Support
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{71D9B000-CD43-4DE9-9729-49434415B8F7}"=F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{78D62D17-D970-42DA-B8CF-5E5576293B33}"=Final Draft 7
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP)
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}"=HP Photosmart Essential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}"=Windows Vista Sounds Pack
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}"=F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{EC3B29CD-76FF-4689-9647-8CCE67AC1D25}"=Data LifeSaver
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}"=HP Software Update
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}"=iTunes
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8.1.2 Professional
"Adobe AIR"=Adobe AIR
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5ac697db6c6103f6f8b5198d25f73f7"=Add or Remove Adobe Creative Suite 3 Master Collection
"AOL Instant Messenger"=AOL Instant Messenger
"BitLord"=BitLord 1.1
"CCleaner"=CCleaner (remove only)
"C-Media Audio Driver"=C-Media High Definition Audio Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Core FTP LE 2.1"=Core FTP LE 2.1
"DamnNFOViewer"=DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
"IconPackager"=IconPackager
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}"=Drive Manager
"Kristanix Right Click Image Converter"=Right Click Image Converter
"LClock"=LClock
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall"=Network Magic
"NVIDIA Drivers"=NVIDIA Drivers
"PeerGuardian_is1"=PeerGuardian 2.0
"Resource Hacker 3.4.0"=Resource Hacker 3.4.0
"Stellar Phoenix Windows Data Recovery_is1"=Stellar Phoenix Windows Data Recovery V3.0
"Unlocker"=Unlocker 1.8.5
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Xvid_is1"=Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2008 5:50:22 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x000fa977.

Error - 8/14/2008 5:51:02 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x0014aaf6.

Error - 8/22/2008 8:09:17 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application MSPVIEW.EXE, version 11.0.1897.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/22/2008 8:14:19 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.5510.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2008 11:54:52 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/25/2008 8:48:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application PandoraRecovery.exe, version 2.0.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/26/2008 7:27:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3180, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x0000d676.

Error - 9/27/2008 9:33:09 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01c04130.

Error - 10/29/2008 9:33:51 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application Fireworks.exe, version 9.0.0.1188, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/26/2008 12:35:45 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 9/26/2008 12:35:45 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 9/26/2008 12:35:48 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 9/26/2008 12:35:52 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 9/26/2008 12:35:56 AM | Computer Name = MATT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 9/26/2008 12:36:00 AM | Computer Name = MATT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 10/29/2008 8:40:27 PM | Computer Name = MATT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/29/2008 9:33:42 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/30/2008 6:36:00 AM | Computer Name = MATT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.199 on
the Network Card with network address 0011D8D604D3.

Error - 10/30/2008 6:36:19 AM | Computer Name = MATT | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -2591995 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.0.199:123->207.46.232.182:123) is working
properly.


< End of report >

[mattc]

OTMoveit3

========== FILES ==========
File/Folder C:\WINDOWS\system32\kdkfs.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\System deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10022008_234700


HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:09 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkfs.exe] C:\WINDOWS\system32\kdkfs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}: NameServer = 85.255.115.2,85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}: NameServer = 85.255.115.2,85.255.112.117
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10598 bytes

[muuli]

Hi,

Don't install any P2P softwares! Otherwise all help will be refused. Please read this, http://forums.spybot.info/showthread.php?t=282

Which router you have (model/brand)?

Step 1

Please remove via Add or Remove Programs (press Start -> Controlpanel -> Add or Remove Programs):
BitLord 1.1

Step 2

Please produce uninstall list:

1. Open HijackThis.
2. Click on the Open the Misc Tools section button.
3. Look under System tools.
4. Click on the Open Uninstall Manager... button.
5. Click on the Save list... button.
6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
7. Notepad will open. Please post this log in your next reply.

[mattc]

I have a D-Link DIR-615 N-Router

Acrobat.com
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alky for Applications (Windows XP)
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
CCleaner (remove only)
C-Media High Definition Audio Driver
Core FTP LE 2.1
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
Data LifeSaver
Drive Manager
Drive Manager
Final Draft 7
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
IconPackager
iTunes
Java(TM) 6 Update 7
LClock
MacDrive 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
Netflix Movie Viewer
Network Magic
NVIDIA Drivers
PDF Settings
PeerGuardian 2.0
QuickTime
Resource Hacker 3.4.0
Right Click Image Converter
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Spybot - Search & Destroy
Stellar Phoenix Windows Data Recovery V3.0
Unlocker 1.8.5
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Sounds Pack
WinRAR archiver
Xvid 1.1.3 final uninstall

[muuli]

Hi,

Step 1

1) Download router manual here

2) Reset your router according to that manual.

3) Change router default password.

4) Ensure that DHCP settings are the ones your ISP uses.

Step 2

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Run Fixwareout again, you will find it on your desktop. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin;
follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Post back the contents of the logfile C:\fixwareout\report.txt.

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems.

Step 3

Please post a fresh HijackThis log and Fixwareout log.

[mattc]

Ok, so I was able to reset the modem and put a password. And I was able to change the DNS setting to automatic. So far, everything seems back to normal. Here are the logs.

Username "Matthew" - 10/05/2008 23:07:25 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdhxn.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}
"nameserver"="85.255.115.76,85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0}
"nameserver"="85.255.115.76,85.255.112.167" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6C6AA7EE-51C8-456F-BBAB-A10A953DE278}
"DhcpNameServer"="85.255.115.76,85.255.112.167" <Value cleared.

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdhxn.ren 52224 04/14/2008
C:\WINDOWS\Temp\kdkfs.ren 52224 04/14/2008

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"Adobe_ID0EYTHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"nmapp"="\"C:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"basicsmssmenu"="\"C:\\Program Files\\Seagate\\Basics\\Basics Status\\MaxMenuMgrBasics.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


HijJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:37 AM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10089 bytes

[muuli]

Hi,

Step 1

Download OTMoveIt3 by Old Timer and save it to your Desktop.

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below.

Code:

:files
C:\WINDOWS\SxsCaPendDel
C:\WINDOWS\System32\ˆ

:commands
[EmptyTemp]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

Step 2

Please open Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as Search.bat on your Desktop

Code:

@echo off
cd\
cd %windir%\system32\?
dir /a:-d /o:-d > %systemdrive%\look32.txt
start %systemdrive%\look32.txt
cls
exit

It should look like this ->

Double click on Search.bat.
look32.txt file will open, please post the contents of it in your next reply.

Step 3

1. Please run OTViewIt
2. Close all applications and windows.
3. Double-click on the OTViewIt.exeto start OTViewIt.
4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
5. Click the blue Run Scan button.
6. OTViewIt will now start its scan.
7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.

Step 4

Please post a fresh HijackThis log, OTViewIt logs, OTMoveIt3 log and contents of look32.txt.