Jump to content


Photo
- - - - -

No TaskMan/ Starting to slow down


  • Please log in to reply
18 replies to this topic

#1 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 01 October 2009 - 07:51 AM

Hi, I'll just start off like this, I use my computer for web development/school/work projects and I recently noticed that it was slowing down, and I went to look at my running processes with taskman and it doesn't show up, not even the green cpu usage icon shows up. So my question is, can someone help me fix this issue and help me speed up my computer? I also was using a software that I would mount isos to to act as a CD and didn't turn off the extra drive and now i have a virtual cd rom that does nothing and I can't figure out how to get rid of that so any help on any of these topics would be much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:27 AM, on 10/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Connor\Desktop\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.my.af.mil/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Pandora.lnk = C:\Program Files\Pandora\Pandora.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1230934463453
O18 - Protocol: bw+0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9a6d0d4e3c4b8) (gupdate1c9a6d0d4e3c4b8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 25770 bytes



#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 01 October 2009 - 08:05 AM

I'm just on my way to work, in the meantime

I'm unsure what you mean by this

and I went to look at my running processes with taskman and it doesn't show up, not even the green cpu usage icon shows up

You are talking about Windows Task Manager correct?

Does this help?
http://www.worldstar...s/tips.php/1676

Could you also do the following
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

If you get an error posting either of those logs, please upload them in a reply

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#3 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 01 October 2009 - 09:45 AM

QUOTE (guestolo @ Oct 1 2009, 09:05 AM) <{POST_SNAPBACK}>
I'm just on my way to work, in the meantime

I'm unsure what you mean by this

You are talking about Windows Task Manager correct?

Does this help?
http://www.worldstar...s/tips.php/1676

Could you also do the following
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.


If you get an error posting either of those logs, please upload them in a reply

Yes I am, when I press Ctrl+Alt+Del and get to the Windows Security and click on Task Manager it sends me to my desktop (like it normally would) but does not open the task manager.

QUOTE (OTL.Txt)
OTL logfile created on: 10/1/2009 10:17:29 AM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Connor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 304.85 Mb Available Physical Memory | 29.83% Memory free
2.40 Gb Paging File | 1.50 Gb Available in Paging File | 62.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 17.15 Gb Free Space | 15.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.28 Gb Total Space | 699.86 Gb Free Space | 75.15% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CONNOR
Current User Name: Connor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/12/04 21:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/12/04 21:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/09/21 10:13:18 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/19 15:10:54 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/12/11 20:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/05/18 16:05:40 | 00,880,640 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2005/04/04 19:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2008/06/08 19:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2005/08/25 17:25:42 | 00,737,369 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/09/16 16:01:02 | 00,557,056 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2006/02/27 19:28:16 | 16,005,120 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2004/11/02 23:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2007/12/13 17:43:22 | 02,051,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2004/08/04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2007/10/02 10:10:14 | 00,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2005/08/23 08:23:50 | 00,138,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
PRC - [2007/10/02 10:10:46 | 00,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/09/21 10:13:19 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2007/12/13 17:42:52 | 00,558,104 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2008/10/24 20:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/08/06 19:05:46 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/10 09:02:28 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/16 21:57:50 | 00,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2005/08/04 02:42:00 | 00,528,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/26 07:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/10/24 17:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2005/08/04 02:42:00 | 00,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
PRC - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
PRC - [2009/04/17 03:30:12 | 12,438,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
PRC - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
PRC - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
PRC - [2009/10/01 10:16:55 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connor\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 19:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2007/01/22 14:23:29 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/24 20:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/12/04 21:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/09/28 06:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/02/19 15:10:54 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/11 20:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/24 20:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/10 17:22:26 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 06:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/17 02:19:53 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a6d0d4e3c4b8 [Auto | Stopped])
SRV - [2008/12/22 12:01:05 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 04:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2005/04/12 14:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [On_Demand | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/09/21 10:13:18 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/02/19 15:09:53 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2006/12/09 17:24:52 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2008/10/24 20:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 04:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2008/11/03 10:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/25 23:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll -- (p2pgasvc [On_Demand | Stopped])
SRV - [2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2008/02/21 00:04:11 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2008/11/25 21:19:48 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2007/05/28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Disabled | Stopped])
SRV - [2008/01/29 17:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
SRV - [2009/05/18 16:05:40 | 00,880,640 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])
SRV - [2008/06/08 19:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/12/05 00:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/11/05 02:55:04 | 00,017,952 | ---- | M] () -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray [System | Running])
DRV - [2009/08/22 02:21:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/08/31 18:10:16 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009/08/26 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2004/10/25 21:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2009/08/26 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/09/10 15:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2005/04/12 14:07:50 | 00,099,456 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005/04/12 14:07:30 | 00,029,056 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2005/04/12 04:07:25 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2006/02/27 20:47:00 | 04,241,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/02/26 20:32:24 | 00,050,448 | ---- | M] (InterVideo) -- C:\WINDOWS\system32\DRIVERS\iviVD.sys -- (iviVD [Boot | Running])
DRV - [2009/04/23 16:09:51 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/07/22 23:41:46 | 00,026,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2005/07/22 23:41:18 | 00,036,608 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])
DRV - [2005/07/22 23:41:42 | 00,068,864 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2008/02/04 22:51:38 | 00,051,200 | ---- | M] (Magellan) -- C:\WINDOWS\System32\DRIVERS\MUD.sys -- (MUD [On_Demand | Stopped])
DRV - [2009/08/25 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091001.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/08/25 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091001.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2008/11/11 19:32:12 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\Ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
DRV - [2006/11/15 06:48:48 | 01,711,488 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
DRV - [2007/11/18 22:31:56 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\NPF.sys -- (NPF [On_Demand | Stopped])
DRV - [2003/03/07 18:46:30 | 00,016,509 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/09/30 13:11:42 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2007/05/01 17:10:02 | 00,132,232 | ---- | M] (Saitek) -- C:\WINDOWS\System32\DRIVERS\SaiH053c.sys -- (SaiH053c [On_Demand | Stopped])
DRV - [2003/04/10 11:41:46 | 00,014,720 | ---- | M] (Saitek) -- C:\WINDOWS\System32\DRIVERS\SaiMini.sys -- (SaiMini [On_Demand | Stopped])
DRV - [2007/10/05 10:19:26 | 00,035,200 | ---- | M] (Saitek) -- C:\WINDOWS\System32\drivers\SaiBus.sys -- (SaiNtBus [On_Demand | Stopped])
DRV - [2003/04/10 11:42:56 | 00,048,384 | ---- | M] (Saitek) -- C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys -- (SaiNtHid [On_Demand | Stopped])
DRV - [2007/08/06 19:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/09/16 16:09:02 | 00,846,792 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2009/03/25 20:51:02 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/08/22 02:21:19 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/08/22 02:21:19 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2007/07/03 16:54:24 | 00,080,552 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2007/07/03 16:57:24 | 00,011,944 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2007/07/03 16:58:20 | 00,106,792 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2007/07/03 16:59:10 | 00,086,824 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdserd.sys -- (sscdserd [On_Demand | Stopped])
DRV - [2009/08/22 02:21:19 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/08/31 18:11:00 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/08/22 02:21:19 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/08/22 02:21:19 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/08/22 02:21:06 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/08/22 02:21:06 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2006/12/02 09:39:30 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2009/08/22 02:21:19 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/08/22 02:21:19 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2005/08/25 17:12:56 | 00,191,168 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2009/03/05 08:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2005/04/08 07:43:26 | 00,060,928 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [Boot | Running])
DRV - [2002/11/20 22:45:50 | 00,002,218 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\vncdrv.sys -- (vncdrv [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.my.af.mil/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:02:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/04 08:10:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/19 18:35:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/29 21:19:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/03/13 22:18:57 | 00,000,000 | ---D | M]

[2009/03/29 06:18:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Extensions
[2009/03/29 06:18:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/30 23:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\z1fs3rwq.default\extensions
[2009/09/04 17:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\z1fs3rwq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/24 03:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\z1fs3rwq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/08/09 22:24:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\z1fs3rwq.default\extensions\[email protected]
[2009/08/14 19:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\z1fs3rwq.default\extensions\[email protected]
[2009/06/14 01:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\z1fs3rwq.default\extensions\[email protected]
[2009/09/29 22:43:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 09:02:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/06 01:54:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 09:00:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/07 05:21:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 09:02:27 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 09:02:27 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/05 21:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/10 09:02:29 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 05:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/09/29 20:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/29 20:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/29 20:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/29 20:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/29 20:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/29 20:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/29 20:56:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/22 19:03:15 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/22 19:03:15 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/22 19:03:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/22 19:03:16 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/22 19:03:16 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/04 17:49:23 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/08/22 19:03:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/22 19:03:17 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Connor\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.micr...42/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.micr...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1230934463453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67
O18 - Protocol\Handler\bw+0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {dbc4ba3c-4917-42b6-9353-a62235ff1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {DBC4BA3C-4917-42B6-9353-A62235FF1721} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/07 13:26:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fbe97808-bc08-11dd-b6a3-00030d4a467d}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe97808-bc08-11dd-b6a3-00030d4a467d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbe97808-bc08-11dd-b6a3-00030d4a467d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/10/01 10:16:52 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Connor\Desktop\OTL.exe
[2009/10/01 08:22:56 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Connor\Desktop\HijackThis.exe
[2009/10/01 00:37:18 | 00,010,379 | ---- | C] () -- C:\Documents and Settings\Connor\Desktop\Albums to download.xlsx
[2009/09/29 21:01:52 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/29 21:00:32 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/29 21:00:00 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/29 21:00:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/17 08:22:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connor\Desktop\stuff
[2009/09/09 15:53:53 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 15:04:46 | 70,254,592 | -HS- | C] () -- C:\NRTPage.sys
[2009/09/07 14:40:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connor\My Documents\Amber Heard
[2009/09/07 05:21:17 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/07 05:21:16 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/07 05:21:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/07 05:21:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/04 17:45:59 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/09/02 23:48:39 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Connor\Start Menu\Programs\Startup\Pandora.lnk
[2009/09/02 23:48:15 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk
[2009/09/02 23:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\Pandora
[2009/07/14 04:43:46 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2009/07/14 04:43:45 | 00,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/14 04:43:45 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/07/14 04:43:45 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/07/14 04:43:45 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/07/14 04:43:45 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll
[2009/07/14 04:43:44 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/07/14 04:43:44 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/07/14 04:43:44 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/07/14 04:43:44 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/07/14 04:43:44 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/07/14 04:43:44 | 00,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/07/14 04:43:44 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/07/14 04:43:43 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/05/15 10:11:53 | 00,050,068 | ---- | C] () -- C:\WINDOWS\php.ini
[2009/05/14 01:38:06 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\libmysqli.dll
[2009/05/13 05:49:23 | 01,069,056 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009/04/07 06:29:45 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/04/07 05:15:42 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
[2009/04/07 05:14:19 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/04/07 05:14:19 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/04/07 05:14:19 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/04/07 05:14:19 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/04/07 05:14:19 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/04/07 05:14:19 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/06 07:37:05 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/04/06 07:37:04 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/04/06 07:35:41 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/04/06 07:35:41 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/04/06 07:35:40 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/03/25 20:51:01 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/15 07:20:43 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/03/04 02:41:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\topo4.INI
[2009/02/28 00:10:17 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2009/02/28 00:10:17 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2008/12/19 10:15:58 | 03,104,256 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 00,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 06:27:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/10 23:10:51 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/18 04:02:45 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/14 13:01:31 | 00,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/07/13 14:05:09 | 00,000,025 | ---- | C] () -- C:\WINDOWS\OverlayXP.ini
[2008/05/11 16:23:46 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2008/05/10 18:34:10 | 00,002,013 | ---- | C] () -- C:\WINDOWS\asrc.ini
[2008/03/16 22:40:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\LCDMedia.INI
[2008/02/11 20:00:34 | 00,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2008/02/11 20:00:33 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2007/11/14 18:10:55 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/11/09 23:26:39 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/11 04:01:42 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/28 00:39:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/09/26 19:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/26 19:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/26 19:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/29 15:17:37 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/06/29 15:17:29 | 00,000,139 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/06/29 15:15:50 | 00,000,682 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/06/12 19:13:30 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/05/01 16:10:02 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC053C_0C.dll
[2007/05/01 16:10:02 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC053C_10.dll
[2007/05/01 16:10:02 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC053C_0A.dll
[2007/05/01 16:10:02 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC053C_09.dll
[2007/05/01 16:10:02 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC053C_11.dll
[2007/05/01 16:10:00 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\SaiC053C.Dll
[2007/05/01 16:10:00 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC053C_07.dll
[2007/05/01 16:10:00 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC053C_0402.dll
[2007/02/17 14:33:37 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/25 21:54:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/10 12:05:59 | 00,000,548 | ---- | C] () -- C:\WINDOWS\my.ini.old
[2006/11/25 18:11:08 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/25 15:52:59 | 00,000,355 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/20 12:28:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 12:14:08 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\TSRemote.dll
[2006/07/07 15:40:33 | 00,002,340 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/07 13:46:48 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/07/07 13:46:48 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/07/07 13:46:48 | 00,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/07/07 13:46:48 | 00,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/07/07 13:46:48 | 00,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/07/07 13:46:47 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/07/07 13:46:47 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/07/07 13:46:47 | 00,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/07/07 13:46:47 | 00,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/07/07 13:43:36 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/24 14:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2004/10/03 12:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 07:00:00 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/10/01 10:16:55 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connor\Desktop\OTL.exe
[2009/10/01 10:12:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/01 08:22:57 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Connor\Desktop\HijackThis.exe
[2009/10/01 03:30:01 | 00,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Connor - Full System Scan.job
[2009/10/01 00:37:18 | 00,010,379 | ---- | M] () -- C:\Documents and Settings\Connor\Desktop\Albums to download.xlsx
[2009/10/01 00:15:17 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/01 00:15:12 | 00,171,008 | ---- | M] () -- C:\Documents and Settings\Connor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 23:16:17 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/09/30 23:15:37 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/30 23:12:11 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/30 23:12:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/30 23:11:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/30 23:11:21 | 10,718,28992 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/30 23:00:10 | 00,000,808 | ---- | M] () -- C:\WINDOWS\tasks\Hosting_Soldiers.job
[2009/09/29 21:44:13 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Connor\Desktop\Microsoft Office Outlook 2007.lnk
[2009/09/29 21:31:23 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/29 17:45:10 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/29 10:13:38 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/26 12:29:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/22 21:55:34 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\Connor\Desktop\Trillian.lnk
[2009/09/17 13:09:34 | 70,254,592 | -HS- | M] () -- C:\NRTPage.sys
[2009/09/10 03:05:21 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/06 10:19:30 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Connor\Local Settings\Application Data\PUTTY.RND
[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/04 17:43:42 | 00,002,254 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/09/02 23:48:41 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Connor\Start Menu\Programs\Startup\Pandora.lnk
[2009/09/02 23:48:16 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
< End of report >

QUOTE (Extras.Txt)
OTL Extras logfile created on: 10/1/2009 10:17:29 AM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Connor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 304.85 Mb Available Physical Memory | 29.83% Memory free
2.40 Gb Paging File | 1.50 Gb Available in Paging File | 62.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 17.15 Gb Free Space | 15.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.28 Gb Total Space | 699.86 Gb Free Space | 75.15% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CONNOR
Current User Name: Connor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"3306:TCP" = 3306:TCP:*:Enabled:MySQL Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK -- File not found
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Disabled:backburner 2.3 manager -- File not found
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Disabled:backburner 2.3 monitor -- File not found
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Disabled:backburner 2.3 server -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" = C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe:*:Enabled:Symantec Service Framework -- File not found
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0201B8AB-D2AB-4782-84A4-F6532860AB43}" = MySQL Workbench 5.0 OSS
"{0523EAF4-402C-4435-A0DA-13C40193D811}" = Logitech GamePanel Software 2.02
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AE04A46-AA6D-430F-AE18-ACE1D5E59C0F}" = Logitech G-series Keyboard Software
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}" = VantagePoint
"{1EF75089-392B-4771-B791-17316E27EBA6}" = Real War Rogue States
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX™ 1.2 SDK
"{5B3FB6D4-1B88-413D-8DE7-A7E2D58DE5B2}" = TOPO! 4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72765AF7-BEA5-4C62-9EC9-A9E386305D04}" = Palm Desktop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A620E308-2124-4A35-BA95-F1CAEF538CB9}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BF4A5346-599E-E1A8-99C4-E46DA044A6A2}" = Pandora
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Destinations
"{D29D8FBE-A510-4071-834B-ADBB4C5C475C}" = ASRC
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DC6CD4F8-6AF8-4B47-A25A-9D9560D3845E}" = Saitek SD6 Programming Software 6.0.10.7
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"8663B5B9069C096791B6162C2B1B04053C00EBE6" = Windows Driver Package - Intel (w29n51) net (11/07/2006 9.0.4.27)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver (Omega 3.8.442)
"Collab" = Collab
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"CSI: Dark Motives" = CSI: Dark Motives
"Download Manager" = Download Manager 2.3.6
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FBX Plugin 2006.11.1 for Max 2008" = FBX Plugin 2006.11.1 for Max 2008
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FileZilla" = FileZilla (remove only)
"FL Studio 8" = FL Studio 8
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InCD!UninstallKey" = InCD
"InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}" = VantagePoint
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A620E308-2124-4A35-BA95-F1CAEF538CB9}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.12)" = Mozilla Thunderbird (2.0.0.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiRes (remove only)" = MultiRes (remove only)
"MyScribe" = MyScribe
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = Nero Digital
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"PowerISO" = PowerISO
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"RealVNC_is1" = VNC Free Edition 4.1.2
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.6 Beta
"TVersity Media Server Pro" = TVersity Media Server Pro 1.6 Beta
"TVUPlayer" = TVUPlayer 2.4.5.3
"Unlocker" = Unlocker 1.8.5
"VRC" = VRC
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Acrobat Reader for Palm OS" = Adobe Acrobat Reader for Palm OS 2.0
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2009 10:12:08 PM | Computer Name = CONNOR | Source = Google Update | ID = 20
Description =

Error - 9/23/2009 12:00:08 AM | Computer Name = CONNOR | Source = MySQL Administrator | ID = 1
Description =

Error - 9/24/2009 12:00:07 AM | Computer Name = CONNOR | Source = MySQL Administrator | ID = 1
Description =

Error - 9/25/2009 12:00:22 AM | Computer Name = CONNOR | Source = MySQL Administrator | ID = 1
Description =

Error - 9/26/2009 12:00:06 AM | Computer Name = CONNOR | Source = MySQL Administrator | ID = 1
Description =

Error - 9/27/2009 12:00:07 AM | Computer Name = CONNOR | Source = MySQL Administrator | ID = 1
Description =

Error - 9/29/2009 12:00:24 AM | Computer Name = CONNOR | Source = MySQL Administrator | ID = 1
Description =

Error - 9/29/2009 9:54:49 PM | Computer Name = CONNOR | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.2.1.6, faulting module
quicktime.qts, version 7.62.14.0, fault address 0x001528b4.

Error - 9/30/2009 12:01:11 AM | Computer Name = CONNOR | Source = MySQL Administrator | ID = 1
Description =

Error - 10/1/2009 12:00:09 AM | Computer Name = CONNOR | Source = MySQL Administrator | ID = 1
Description =

[ System Events ]
Error - 9/29/2009 10:08:06 PM | Computer Name = CONNOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/29/2009 10:08:06 PM | Computer Name = CONNOR | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 9/29/2009 10:13:23 PM | Computer Name = CONNOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/29/2009 10:13:23 PM | Computer Name = CONNOR | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 9/30/2009 6:05:25 AM | Computer Name = CONNOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/30/2009 6:05:26 AM | Computer Name = CONNOR | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 10/1/2009 3:59:00 AM | Computer Name = CONNOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 10/1/2009 3:59:11 AM | Computer Name = CONNOR | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 10/1/2009 10:44:38 AM | Computer Name = CONNOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 10/1/2009 10:44:38 AM | Computer Name = CONNOR | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058


< End of report >


#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 01 October 2009 - 08:29 PM

Can you do the following please
Download > ATF Cleaner < by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

Afterwards:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log from MBAM

Please run OTL.exe again and Post ONLY the new log that opens


Keep me informed how things are now running

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#5 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 02 October 2009 - 05:34 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2890
Windows 5.1.2600 Service Pack 3

10/2/2009 12:39:39 PM
mbam-log-2009-10-02 (12-39-39).txt

Scan type: Quick Scan
Objects scanned: 120264
Time elapsed: 14 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.41
Database version: 2890
Windows 5.1.2600 Service Pack 3

10/2/2009 12:39:39 PM
mbam-log-2009-10-02 (12-39-39).txt

Scan type: Quick Scan
Objects scanned: 120264
Time elapsed: 14 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)



#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 02 October 2009 - 09:45 PM

Please disable AdWatch, as it may hinder the removal of some entries.
To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both options. You can enable these after resolving your problem.

Download ComboFix from one of these locations:

Link 1
Link 2
Save it ONLY to your Desktop

--------------------------------------------------------------------
Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Also, don't forget to let me know how things are running

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#7 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 03 October 2009 - 11:10 AM

It seems to be running a little bit better, but I still can't get to the task manager.

ComboFix 09-10-01.05 - Connor 10/03/2009 11:15.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.501 [GMT -5:00]
Running from: c:\documents and settings\Connor\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Connor\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Connor\Local Settings\Temp\IadHide5.dll
c:\windows\Installer\1b1b754.msi
c:\windows\Installer\1b2fb593.msi
c:\windows\system32\Cache
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-02 03:28 . 2009-10-02 03:28 -------- d-----w- c:\documents and settings\Connor\Application Data\Malwarebytes
2009-10-02 03:28 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 03:28 . 2009-10-02 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-02 03:28 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-02 03:28 . 2009-10-02 03:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 02:00 . 2009-09-30 02:00 -------- d-----w- c:\program files\iPod
2009-09-30 02:00 . 2009-09-30 02:01 -------- d-----w- c:\program files\iTunes
2009-09-30 02:00 . 2009-09-30 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-09 20:53 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 20:04 . 2009-09-17 18:09 70254592 --sha-w- C:\NRTPage.sys
2009-09-04 22:45 . 2009-08-22 07:21 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 02:11 . 2007-11-10 19:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-01 03:56 . 2009-03-19 08:36 -------- d-----w- c:\documents and settings\Connor\Application Data\uTorrent
2009-09-30 02:35 . 2006-11-26 02:08 -------- d-----w- c:\documents and settings\Connor\Application Data\Apple Computer
2009-09-30 02:00 . 2007-07-02 11:25 -------- d-----w- c:\program files\Common Files\Apple
2009-09-30 01:56 . 2008-11-22 19:06 -------- d-----w- c:\program files\QuickTime
2009-09-27 22:25 . 2006-11-25 20:52 -------- d-----w- c:\program files\Trillian
2009-09-10 13:55 . 2008-07-24 22:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 08:03 . 2009-04-18 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-07 10:20 . 2006-12-02 15:11 -------- d-----w- c:\program files\Java
2009-09-03 04:48 . 2009-09-03 04:48 -------- d-----w- c:\program files\Pandora
2009-08-31 23:11 . 2008-11-16 21:48 -------- d-----w- c:\program files\Symantec
2009-08-31 23:11 . 2009-03-29 11:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-31 23:11 . 2009-03-29 11:52 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-31 23:11 . 2009-03-29 11:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-31 23:11 . 2009-03-29 11:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-22 12:12 . 2009-08-22 12:12 -------- d-----w- c:\documents and settings\Connor\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
2009-08-22 12:11 . 2009-08-22 12:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-15 04:45 . 2009-03-14 07:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 09:51 . 2007-07-09 04:28 -------- d-----w- c:\program files\Ubisoft
2009-08-12 09:51 . 2006-07-07 18:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 09:51 . 2009-04-27 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2008-12-04 13:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 09:43 . 2009-07-14 09:43 43453 ----a-w- c:\windows\system32\unins000.dat
2009-07-14 09:42 . 2009-07-14 09:43 691717 ----a-w- c:\windows\system32\unins000.exe
2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2008-05-12 06:19 . 2008-05-12 06:19 61 --sh--w- c:\windows\cnerolf.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-17 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-09-16 557056]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-02-28 16005120]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

c:\documents and settings\Connor\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-24 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-12-22 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-3-16 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-16 528384]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3306:TCP"= 3306:TCP:MySQL Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2009 11:13 AM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [8/31/2009 6:10 PM 310320]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [3/15/2009 7:20 AM 17952]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [8/31/2009 6:10 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [8/31/2009 6:10 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/16/2009 5:26 PM 329080]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [8/31/2009 6:10 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/6/2009 6:48 PM 102448]
S2 gupdate1c9a6d0d4e3c4b8;Google Update Service (gupdate1c9a6d0d4e3c4b8);c:\program files\Google\Update\GoogleUpdate.exe [3/17/2009 2:20 AM 133104]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Connor\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\Connor\LOCALS~1\Temp\gUSBSTOi.sys [?]
S3 MUD;Driver for Magellan Jupiter USB Device;c:\windows\system32\drivers\MUD.sys [2/27/2009 11:40 PM 51200]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [11/11/2008 7:32 PM 27904]
S3 SaiH053c;SaiH053C;c:\windows\system32\drivers\SaiH053C.sys [7/26/2004 12:54 PM 132232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:13]

2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 07:19]

2009-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 07:19]

2009-10-03 c:\windows\Tasks\Hosting_Soldiers.job
- c:\program files\MySQL\MySQL Tools for 5.0\MySQLAdministrator.exe [2007-05-09 01:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.my.af.mil/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Connor\Application Data\Mozilla\Firefox\Profiles\z1fs3rwq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Connor\Application Data\Mozilla\Firefox\Profiles\z1fs3rwq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Connor\Application Data\Mozilla\Firefox\Profiles\z1fs3rwq.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 11:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,51,1a,93,a6,c1,24,4c,8f,7a,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,51,1a,93,a6,c1,24,4c,8f,7a,be,\

[HKEY_USERS\S-1-5-21-3586619115-1169232920-3082203580-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3586619115-1169232920-3082203580-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\WININET.dll
c:\docume~1\Connor\LOCALS~1\Temp\IadHide5.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\HPZipm12.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Logitech\G-series Software\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
.
**************************************************************************
.
Completion time: 2009-10-03 11:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-03 16:50

Pre-Run: 18,344,296,448 bytes free
Post-Run: 21,735,133,184 bytes free

286 --- E O F --- 2009-09-10 08:10



#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 03 October 2009 - 12:41 PM

If you right click on the bottom taskbar and select Task manager
Does it open?

Also, try the 3 key combination (Ctrl+Shift+Esc)


What about if you go to START>>RUN
type in the following
taskmgr.exe

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#9 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 04 October 2009 - 08:40 PM

No to all the above.

#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 04 October 2009 - 08:56 PM

Can you download Doug Knox xp_emegencyutil.exe

Try running Taskmanager thru the folder it creates
C:\EmergencyUtils
Instructions are at the link, let me know if taskman will run

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#11 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 04 October 2009 - 09:34 PM

It doesn't even copy the taskman, the other two work fine though.

Edit:
I also disabled all programs that would potentially block it, IE Antivirus

Edited by ConnorStr, 04 October 2009 - 09:36 PM.


#12 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 04 October 2009 - 10:01 PM

==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as taskman.bat

Save this file on the desktop

If not Exist taskman MkDir taskman

echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System >taskman\ok1.txt

regedit /a taskman\ok1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System"


echo doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager >taskman\ok2.txt

regedit /a taskman\ok2.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager"


echo doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System >taskman\ok14.txt

regedit /a taskman\ok14.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System"

cd taskman

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt
  
Type look.txt | find  /v /i "REGEDIT4" >> compare.txt 
Type compare.txt | find  /i "doesn't exist " >> compare2.txt
Type compare.txt | find  /v /i "doesn't exist" >> compare1.txt 

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt

Double click on taskman.bat, let it finish, a folder will be placed on desktop called
'taskman'
Open the TaskMan folder and copy>>paste back here the contents of look1.txt please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#13 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 04 October 2009 - 10:11 PM

-----------------------
-----------------------
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableCAD"=dword:00000000
"DisableRegistryTools"=dword:00000000


[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager]
"Preferences"=hex:9c,02,00,00,e8,03,00,00,02,00,00,00,01,00,00,00,01,00,00,00,\
17,03,00,00,ab,00,00,00,ab,04,00,00,6b,02,00,00,00,00,00,00,00,00,00,00,02,\
00,00,00,03,00,00,00,04,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,60,00,60,00,3c,00,60,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,00,00,00,00,00,\
00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,02,\
00,00,00,03,00,00,00,04,00,00,00,06,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,6b,\
00,00,00,6b,00,00,00,46,00,00,00,23,00,00,00,46,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,00,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,47,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00
"UsrColumnSettings"=hex:1c,0c,00,00,34,04,00,00,00,00,00,00,78,00,00,00,01,00,\
00,00,1d,0c,00,00,35,04,00,00,01,00,00,00,23,00,00,00,01,00,00,00,1e,0c,00,\
00,36,04,00,00,00,00,00,00,5d,00,00,00,01,00,00,00,1f,0c,00,00,39,04,00,00,\
00,00,00,00,64,00,00,00,01,00,00,00,20,0c,00,00,37,04,00,00,00,00,00,00,78,\
00,00,00,01,00,00,00





#14 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 04 October 2009 - 10:28 PM

Delete the folder taskman on desktop

Can you right click on taskman.bat and choose EDIT>>EDIT>>Select ALL
EDIT>>Delete

Replace the contents of taskman.bat with the following in code box

If not Exist taskman MkDir taskman

echo doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options >taskman\ok1.txt

regedit /a taskman\ok1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"

cd taskman

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt
  
Type look.txt | find  /v /i "REGEDIT4" >> compare.txt 
Type compare.txt | find  /i "doesn't exist " >> compare2.txt
Type compare.txt | find  /v /i "doesn't exist" >> compare1.txt 

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt

Close the file Taskman.bat and save the changes
Double click on it again and post back look1.txt contents when created

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#15 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 04 October 2009 - 10:30 PM

-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,90,04,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,07,00,0b,00,00,00,00,\
00,07,00,0b,00,00,00,3f,00,00,00,02,00,00,00,04,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,44,00,00,00,01,00,56,00,61,00,72,00,46,00,69,\
00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00,\
72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09,\
04,e4,04,f0,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,\
6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,cc,03,00,00,01,00,30,00,34,00,30,\
00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,19,00,01,00,43,00,6f,00,6d,00,\
6d,00,65,00,6e,00,74,00,73,00,00,00,43,00,72,00,79,00,73,00,74,00,61,00,6c,\
00,20,00,53,00,51,00,4c,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,65,00,\
72,00,20,00,37,00,2e,00,30,00,00,00,00,00,88,00,34,00,01,00,43,00,6f,00,6d,\
00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,65,00,\
61,00,67,00,61,00,74,00,65,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,66,00,6f,00,72,00,6d,00,61,00,74,00,69,00,6f,00,\
6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,20,\
00,47,00,72,00,6f,00,75,00,70,00,2c,00,20,00,49,00,6e,00,63,00,2e,00,00,00,\
ae,00,45,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,\
00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,\
68,00,74,00,20,00,28,00,63,00,29,00,20,00,31,00,39,00,39,00,31,00,2d,00,31,\
00,39,00,39,00,10,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe]
"ApplicationGoo"=hex:54,09,00,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,a8,11,2e,04,00,00,02,\
00,a8,11,2e,04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,\
01,00,30,00,30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,\
67,00,6e,00,61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,\
00,42,00,11,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,\
6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,\
00,61,00,6c,00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,\
46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,\
74,00,65,00,6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,\
00,6f,00,77,00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,\
56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,32,00,30,\
00,2e,00,32,00,2e,00,30,00,2e,00,31,00,30,00,37,00,30,00,00,00,32,00,09,00,\
01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,\
00,00,00,46,00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,\
2b,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,\
00,67,00,68,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,23,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,00,53,00,5f,\
00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,\
00,00,00,00,bd,04,ef,fe,00,00,01,00,03,00,9e,11,26,04,00,00,03,00,9e,11,26,\
04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,\
00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,01,00,30,00,\
30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,00,43,00,6f,\
00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,67,00,6e,00,\
61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,42,00,11,\
00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,\
00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,00,61,00,6c,\
00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,\
6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,\
00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,\
6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,\
72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,31,00,30,00,2e,00,33,\
00,2e,00,30,00,2e,00,31,00,30,00,36,00,32,00,00,00,32,00,09,00,01,00,49,00,\
6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,\
00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,2b,00,01,00,\
4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,\
00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,\
23,00,54,02,00,00,00,02,00,00,20,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,\
00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,\
bd,04,ef,fe,00,00,01,00,00,00,04,00,f0,03,00,00,00,00,04,00,f0,03,00,00,3f,\
00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,7e,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,\
00,65,00,49,00,6e,00,66,00,6f,00,00,00,5a,02,00,00,01,00,30,00,34,00,30,00,\
39,00,30,00,34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,\
00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,\
20,00,41,00,47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,\
00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,\
53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,\
00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,\
00,00,36,00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,\
00,6f,00,6e,00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,31,00,30,00,\
30,00,38,00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,\
00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,\
00,00,5e,00,1d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,\
00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,\
67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,\
00,39,00,37,00,20,00,53,00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,\
00,00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,02,00,00,\
00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,\
65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,\
00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00,54,02,\
00,00,00,02,00,00,18,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,00,52,00,53,\
00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,bd,04,ef,fe,\
00,00,01,00,00,00,04,00,dd,03,00,00,00,00,04,00,dd,03,00,00,3f,00,00,00,00,\
00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,02,\
00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,00,65,00,49,\
00,6e,00,66,00,6f,00,00,00,54,02,00,00,01,00,30,00,34,00,30,00,39,00,30,00,\
34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,\
00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,\
47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,\
00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,53,00,41,00,\
50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,00,66,00,6f,\
00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,00,00,34,00,\
0a,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,\
00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,39,00,38,00,39,00,00,00,\
2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,\
00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,00,00,5e,00,1d,00,01,00,\
4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,\
a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,00,39,00,37,00,20,00,53,\
00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,00,00,01,00,4c,00,65,00,\
67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,02,00,00,00,00,00,00,\
00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,65,05,00,00,\
02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe]
"ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,6c,07,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,\
00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,cc,06,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,\
43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,\
72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,\
00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,\
69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,\
65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,\
00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,\
00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,\
6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9c,\
00,3c,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,\
69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,02,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
34,00,00,00,23,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe]
"ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,44,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,01,00,01,00,0c,00,00,00,01,\
00,01,00,0c,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,44,00,00,00,00,00,56,00,61,00,72,00,46,00,69,\
00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00,\
72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09,\
04,b0,04,a4,01,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,\
6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,80,01,00,00,01,00,30,00,34,00,30,\
00,39,00,30,00,34,00,42,00,30,00,00,00,40,00,20,00,01,00,43,00,6f,00,6d,00,\
70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,44,00,65,00,4c,\
00,6f,00,72,00,6d,00,65,00,20,00,4d,00,61,00,70,00,70,00,69,00,6e,00,67,00,\
00,00,44,00,22,00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,4e,00,61,\
00,6d,00,65,00,00,00,00,00,52,00,65,00,67,00,20,00,28,00,44,00,4c,00,69,00,\
62,00,62,00,79,00,5c,00,6d,00,73,00,66,00,29,00,00,00,00,00,34,00,14,00,01,\
00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,\
00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,00,00,00,38,00,14,\
00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,56,00,65,00,72,00,73,00,\
69,00,6f,00,6e,00,00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,\
00,00,00,34,00,12,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,\
4e,00,61,00,6d,00,65,00,00,00,4d,00,4e,00,47,00,52,00,45,00,47,00,33,00,32,\
00,00,00,00,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,23,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE]
"GlobalFlag"="0x00200000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE]
"GlobalFlag"="0x00200000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,b4,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,35,00,07,00,00,00,00,00,35,\
00,07,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,12,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,ee,01,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,42,00,11,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20,\
00,49,00,6e,00,63,00,2e,00,00,00,00,00,28,00,00,00,01,00,46,00,69,00,6c,00,\
65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,\
00,00,00,2a,00,05,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,\
69,00,6f,00,6e,00,00,00,00,00,37,00,2e,00,35,00,33,00,00,00,00,00,9c,00,3c,\
00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,\
67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,\
00,20,00,a9,00,20,00,31,00,39,00,38,00,38,00,2d,00,31,00,39,00,39,00,38,00,\
20,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20,\
00,49,00,6e,00,63,00,2e,00,20,00,20,00,41,00,6c,00,6c,00,20,00,52,00,69,00,\
67,00,68,00,74,00,73,00,20,00,52,00,65,00,73,00,65,00,72,00,76,00,65,00,64,\
00,00,00,3c,00,0a,00,01,00,4f,00,72,00,69,00,67,00,69,00,6e,00,61,00,6c,00,\
46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,00,00,70,00,73,00,64,00,6d,\
00,74,00,2e,00,10,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"ApplicationGoo"=hex:00,07,00,00,54,02,00,00,00,02,00,00,84,07,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,\
00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,e4,06,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,60,03,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,\
43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,\
72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,\
00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,\
69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,\
65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,\
00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,\
00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,\
6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9e,\
00,3d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,\
69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,24,00,54,02,00,00,00,02,00,00,a4,08,34,00,00,00,56,00,53,00,5f,\
00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,\
00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,\
00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,04,08,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,\
00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,f0,03,00,00,01,00,30,00,\
34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,\
00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,\
6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,\
00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,\
6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,\
00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,\
6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,\
00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,\
76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,\
00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,\
00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,\
00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,\
61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,a6,00,41,00,01,\
00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,\
68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,\
00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,\
00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,\
24,00,54,02,00,00,00,02,00,00,18,04,34,00,00,00,56,00,53,00,5f,00,56,00,45,\
00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,\
bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,00,a8,07,3f,\
00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,78,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,\
00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,01,00,30,00,34,00,30,00,\
39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,00,6d,00,6d,\
00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,6d,00,70,00,\
61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,00,63,00,72,\
00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,00,\
61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,00,6c,00,65,\
00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,\
00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,45,00,78,\
00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,65,00,\
72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,00,46,00,69,\
00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,35,00,\
2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,00,2c,00,06,\
00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,\
65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9a,00,3b,00,01,00,4c,00,65,\
00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,\
00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,02,00,00,\
00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,00,00,00,00,\
65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,00,76,00,69,\
00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,24,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,04,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,1c,00,08,00,00,00,00,00,00,\
00,08,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,64,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,40,02,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,44,00,12,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,13,00,01,00,46,00,69,00,6c,00,\
65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,\
00,00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,\
20,00,57,00,69,00,7a,00,61,00,72,00,64,00,00,00,00,00,2c,00,06,00,01,00,46,\
00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,\
38,00,2e,00,30,00,32,00,38,00,00,00,46,00,13,00,01,00,49,00,6e,00,74,00,65,\
00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,43,00,6f,00,72,00,\
65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,20,00,57,00,69,00,7a,00,61,\
00,72,00,64,00,00,00,00,00,6c,00,24,00,01,00,4c,00,65,00,67,00,61,00,6c,00,\
43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,\
00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,\
37,00,2c,00,20,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,\
00,6f,00,72,00,08,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,7c,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,09,00,26,00,00,\
00,01,00,09,00,26,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,dc,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,b8,02,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,66,00,27,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,42,00,75,00,73,00,\
69,00,6e,00,65,00,73,00,73,00,20,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,\
00,67,00,65,00,6e,00,63,00,65,00,20,00,6f,00,6e,00,20,00,45,00,76,00,65,00,\
72,00,79,00,20,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00,00,00,48,\
00,14,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,\
65,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,49,00,6e,00,63,\
00,6f,00,72,00,70,00,6f,00,72,00,61,00,74,00,65,00,64,00,00,00,60,00,1c,00,\
01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,\
00,69,00,6f,00,6e,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,\
47,00,65,00,6e,00,65,00,72,00,69,00,63,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,38,00,0c,00,01,00,46,00,\
69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,\
00,2c,00,20,00,30,00,2c,00,20,00,33,00,38,00,2c,00,20,00,39,00,00,00,30,00,\
08,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,\
00,65,00,00,00,01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
"GlobalFlag"="0x000010F0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,a4,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,01,00,00,00,00,\
00,01,00,01,00,00,00,3f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,04,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,e0,01,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,20,00,00,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,58,00,18,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,49,00,4e,00,53,00,54,00,\
41,00,4c,00,4c,00,20,00,4d,00,46,00,43,00,20,00,41,00,70,00,70,00,6c,00,69,\
00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,30,00,08,00,01,00,46,00,69,00,\
6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,00,2e,\
00,30,00,2e,00,30,00,30,00,31,00,00,00,30,00,08,00,01,00,49,00,6e,00,74,00,\
65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,49,00,4e,00,53,\
00,54,00,41,00,4c,00,4c,00,00,00,24,00,00,00,01,00,4c,00,65,00,67,00,61,00,\
6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,28,00,00,\
00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,\
61,00,72,00,6b,00,73,00,00,00,00,00,40,00,0c,00,01,00,4f,00,72,00,69,00,67,\
00,69,00,6e,00,61,00,6c,00,46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,\
00,00,49,00,4e,00,53,00,54,00,41,00,4c,00,4c,00,2e,00,45,00,58,00,45,00,00,\
00,30,00,08,00,08,00,00,00,00,00,00,00





#16 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 04 October 2009 - 10:40 PM

Can you do me a favor
Open Malwarebytes AntiMalware
Open the UPDATE tab and check for updates
Run another Quick Scan

Post back the log

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#17 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 04 October 2009 - 10:55 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2908
Windows 5.1.2600 Service Pack 3

10/4/2009 11:53:34 PM
mbam-log-2009-10-04 (23-53-34).txt

Scan type: Quick Scan
Objects scanned: 117814
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#18 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,204 posts

Posted 05 October 2009 - 09:24 PM

I see no reason so far why taskmanager may be disabled, except the Preferences are a little disturbed
Or your on a business networked computer and a Adminstrator may have disabled those privileges?

Can you also do the following
Sysprot Antirootkit
Please download Sysprot Antirootkit from the linik
and save to your Desktop

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to.
  • Open the text file and copy/paste the log here.

In addition:
Temporarily disable your realtime protection with your own Virus scanner so it won't interfere with this scan
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take awhile, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#19 ConnorStr

ConnorStr

    Newbie

  • Newbie
  • Pip
  • 10 posts

Posted 03 November 2009 - 08:18 PM

I couldn't get the ESET Scanner to work, it would just hang up half way through the load, but here is the SysProt Log

SysProt AntiRootkit v1.0.1.0
by swatkat

********************************************************************************
**********
********************************************************************************
**********

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 1020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 1092
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1128
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1184
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1372
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1464
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1508
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1572
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1728
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1920
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 364
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 856
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\WgaTray.exe
PID: 980
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
PID: 1084
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PID: 1408
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1748
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1860
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\HPZipm12.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 692
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PID: 2216
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PID: 2260
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\searchindexer.exe
PID: 2836
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PID: 3520
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\sm56hlpr.exe
PID: 2352
Hidden: No
Window Visible: No

Name: C:\Program Files\Trillian\trillian.exe
PID: 2456
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.exe
PID: 2512
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PID: 2528
Hidden: No
Window Visible: No

Name: C:\Program Files\Trillian\trillian.exe
PID: 2532
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PID: 2568
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PID: 2820
Hidden: No
Window Visible: No

Name: C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PID: 2852
Hidden: No
Window Visible: No

Name: C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PID: 2864
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 2908
Hidden: No
Window Visible: No

Name: C:\Program Files\PureEdge\Viewer 6.5\masqform.exe
PID: 3036
Hidden: No
Window Visible: No

Name: C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
PID: 3060
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
PID: 1720
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 3156
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 3180
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3228
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PID: 3252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 3260
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
PID: 3992
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PID: 4056
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PID: 4092
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\SetPoint\SetPoint.exe
PID: 2324
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PID: 256
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PID: 628
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Connor\Desktop\SysProt\SysProt\SysProt.exe
PID: 3360
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3460
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PID: 3852
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 3588
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3688
Hidden: No
Window Visible: No

********************************************************************************
**********
********************************************************************************
**********
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Connor\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A9FA4000
Module End: A9FAF000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A12000
Module End: F7A14000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7922000
Module End: F7925000
Hidden: No

Module Name: spkl.sys
Service Name: ---
Module Base: F7314000
Module End: F7411000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F7A14000
Module End: F7A16000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F72FC000
Module End: F7314000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F72CE000
Module End: F72FC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F72BD000
Module End: F72CE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F7512000
Module End: F7522000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F7522000
Module End: F7530000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7532000
Module End: F753C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7926000
Module End: F7929000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F792A000
Module End: F792E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7ADA000
Module End: F7ADB000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7792000
Module End: F7799000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7542000
Module End: F754D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F729E000
Module End: F72BD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F7A16000
Module End: F7A18000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F7278000
Module End: F729E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F792E000
Module End: F7931000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7ADB000
Module End: F7ADC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F779A000
Module End: F779F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7552000
Module End: F755F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iviVD.sys
Service Name: iviVD
Module Base: F7562000
Module End: F756D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7260000
Module End: F7278000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viamraid.sys
Service Name: viamraid
Module Base: F7572000
Module End: F7581000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7582000
Module End: F758B000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7592000
Module End: F759F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7240000
Module End: F7260000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F722E000
Module End: F7240000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: F75A2000
Module End: F75B1000
Hidden: No

Module Name: SYMEFA.SYS
Service Name: SymEFA
Module Base: F71DF000
Module End: F722E000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F71C8000
Module End: F71DF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F713B000
Module End: F71C8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F710E000
Module End: F713B000
Hidden: No

Module Name: C:\WINDOWS\system32\speedfan.sys
Service Name: speedfan
Module Base: F7A18000
Module End: F7A1A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F70F4000
Module End: F710E000
Hidden: No

Module Name: C:\WINDOWS\system32\giveio.sys
Service Name: giveio
Module Base: F7ADC000
Module End: F7ADD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: F6836000
Module End: F6839000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7622000
Module End: F762B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F682A000
Module End: F682E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F631D000
Module End: F6608000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6309000
Module End: F631D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: F6826000
Module End: F6829000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F62E1000
Module End: F6309000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
Service Name: NETw3x32
Module Base: F613F000
Module End: F62E1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F790A000
Module End: F7910000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F611B000
Module End: F613F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7912000
Module End: F791A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7632000
Module End: F763F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F791A000
Module End: F7920000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: F60EC000
Module End: F611B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7AA0000
Module End: F7AA2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F77AA000
Module End: F77B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F693A000
Module End: F6945000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F692A000
Module End: F693A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F691A000
Module End: F6929000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F60C9000
Module End: F60EC000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\InCDPass.sys
Service Name: InCDPass
Module Base: F77B2000
Module End: F77BA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\incdrm.SYS
Service Name: incdrm
Module Base: F77EA000
Module End: F77F1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F77FA000
Module End: F7800000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\a4cza4bo.SYS
Service Name: ---
Module Base: F6020000
Module End: F6085000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BC0000
Module End: F7BC1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F68CA000
Module End: F68D7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F70B4000
Module End: F70B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F5F51000
Module End: F5F68000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F68BA000
Module End: F68C5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F7612000
Module End: F761E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F78AA000
Module End: F78AF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F5F40000
Module End: F5F51000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F68AA000
Module End: F68B3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F4B76000
Module End: F4B7B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F4B6E000
Module End: F4B73000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F3F09000
Module End: F3F39000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F54D0000
Module End: F54DA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SymIM.sys
Service Name: SymIM
Module Base: F4B66000
Module End: F4B6E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7A1C000
Module End: F7A1E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F3E4F000
Module End: F3EAD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F79EA000
Module End: F79EE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F690A000
Module End: F6914000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\smserial.sys
Service Name: smserial
Module Base: AE6A2000
Module End: AE771000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F4214000
Module End: F421C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: AE270000
Module End: AE6A2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: AE24C000
Module End: AE270000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F4379000
Module End: F4388000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F4349000
Module End: F4358000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS
Service Name: SRTSP
Module Base: AE1F9000
Module End: AE24C000
Hidden: No

Module Name: \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091103.007\NAVEX15.SYS
Service Name: NAVEX15
Module Base: AE0B7000
Module End: AE1F9000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Service Name: SymEvent
Module Base: AE092000
Module End: AE0B7000
Hidden: No

Module Name: \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091103.007\NAVENG.SYS
Service Name: NAVENG
Module Base: AE07E000
Module End: AE092000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: F7832000
Module End: F7839000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\usbaapl.sys
Service Name: USBAAPL
Module Base: F75F2000
Module End: F7600000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F7842000
Module End: F784A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: F7602000
Module End: F7611000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS
Service Name: SRTSPX
Module Base: F3FB9000
Module End: F3FC3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A70000
Module End: F7A72000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7C5B000
Module End: F7C5C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A74000
Module End: F7A76000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F41F4000
Module End: F41FB000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F78C2000
Module End: F78C8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A88000
Module End: F7A8A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A8A000
Module End: F7A8C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\InCDrec.SYS
Service Name: InCDrec
Module Base: F4757000
Module End: F475A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\InCDfs.SYS
Service Name: InCDfs
Module Base: AE045000
Module End: AE05E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7862000
Module End: F7867000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F4B8E000
Module End: F4B96000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F79D6000
Module End: F79D9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AE032000
Module End: AE045000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: ADFD9000
Module End: AE032000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS
Service Name: SYMTDI
Module Base: ADFA5000
Module End: ADFD9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: ADF7F000
Module End: ADFA5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F75C2000
Module End: F75CB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS
Service Name: SYMNDIS
Module Base: F78BA000
Module End: F78C2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS
Service Name: SYMFW
Module Base: ADF6A000
Module End: ADF7F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS
Service Name: SYMIDS
Module Base: F78CA000
Module End: F78D1000
Hidden: No

Module Name: \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091102.002\IDSxpx86.sys
Service Name: IDSxpx86
Module Base: ADF16000
Module End: ADF6A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: ADEEE000
Module End: ADF16000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Service Name: Tcpip6
Module Base: ADEB6000
Module End: ADEEE000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: ADE94000
Module End: ADEB6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ip6fw.sys
Service Name: Ip6Fw
Module Base: F4359000
Module End: F4362000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F3F79000
Module End: F3F82000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Service Name: SCDEmu
Module Base: F421C000
Module End: F4224000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: ADE41000
Module End: ADE6C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: ADDD1000
Module End: ADE41000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F381B000
Module End: F381E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F5540000
Module End: F5549000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7742000
Module End: F774D000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: ADD73000
Module End: ADDD1000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Service Name: EraserUtilRebootDrv
Module Base: ADD56000
Module End: ADD73000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys
Service Name: ccHP
Module Base: ADCDB000
Module End: ADD56000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys
Service Name: BHDrvx86
Module Base: ADC99000
Module End: ADCDB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: F7087000
Module End: F708B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
Service Name: LHidKe
Module Base: F78DA000
Module End: F78E1000
Hidden: No

Module Name: \??\C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys
Service Name: atitray
Module Base: F708B000
Module End: F708F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F7077000
Module End: F707A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
Service Name: LMouKE
Module Base: ADC60000
Module End: ADC71000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: ADC3C000
Module End: ADC60000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: F7097000
Module End: F709B000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_viamraid.sys
Service Name: ---
Module Base: F7772000
Module End: F7781000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: ADE70000
Module End: ADE73000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7852000
Module End: F7857000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7B1F000
Module End: F7B20000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AB95C000
Module End: AB960000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: AB6DF000
Module End: AB6F4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: AB73C000
Module End: AB74B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: F3F99000
Module End: F3FA3000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Service Name: symlcbrd
Module Base: F780A000
Module End: F7810000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: AB79C000
Module End: AB7AC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Service Name: TDTCP
Module Base: F789A000
Module End: F78A0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: AADC3000
Module End: AADE6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: AAB91000
Module End: AABE3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: AA774000
Module End: AA79F000
Hidden: No

********************************************************************************
**********
********************************************************************************
**********
SSDT:
Function Name: ZwAlertResumeThread
Address: 85C9A790
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 85C9A870
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 85DB2778
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAssignProcessToJobObject
Address: 8521CD48
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwConnectPort
Address: 87130620
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: AE0A8130
Driver Base: AE092000
Driver End: AE0B7000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwCreateMutant
Address: 85C9A300
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 8521CB68
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 86C4F4D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDebugActiveProcess
Address: 8521CE28
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: AE0A83B0
Driver Base: AE092000
Driver End: AE0B7000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwDeleteValueKey
Address: AE0A8910
Driver Base: AE092000
Driver End: AE0B7000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwDuplicateObject
Address: 85DB3370
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwEnumerateKey
Address: F7332CA2
Driver Base: F7314000
Driver End: F7411000
Driver Name: spkl.sys

Function Name: ZwEnumerateValueKey
Address: F7333030
Driver Base: F7314000
Driver End: F7411000
Driver Name: spkl.sys

Function Name: ZwFreeVirtualMemory
Address: 85DB25D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 85C9A3F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 85C9A4D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 8712A268
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwMapViewOfSection
Address: 852A0348
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 85C9A220
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenKey
Address: F73150C0
Driver Base: F7314000
Driver End: F7411000
Driver Name: spkl.sys

Function Name: ZwOpenProcess
Address: 85C9D300
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcessToken
Address: 85DB32F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 85C9A060
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 85DB3440
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwProtectVirtualMemory
Address: 8521CC58
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryKey
Address: F7333108
Driver Base: F7314000
Driver End: F7411000
Driver Name: spkl.sys

Function Name: ZwQueryValueKey
Address: F7332F88
Driver Base: F7314000
Driver End: F7411000
Driver Name: spkl.sys

Function Name: ZwResumeThread
Address: 85DA7E38
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 85DB2300
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationProcess
Address: 85DB23C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 8521CF08
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: AE0A8B60
Driver Base: AE092000
Driver End: AE0B7000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwSuspendProcess
Address: 85C9A140
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 85C9A930
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 85DC56C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 85C9AF90
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 85DB2490
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 85DB26A8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

********************************************************************************
**********
********************************************************************************
**********
No Kernel Hooks found

********************************************************************************
**********
********************************************************************************
**********
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\drivers\iviVD.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 871641F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iviVD.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 871641F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iviVD.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 871641F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iviVD.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 871641F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iviVD.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 871641F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iviVD.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 871641F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a4cza4bo.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 86C801F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a4cza4bo.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86C801F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a4cza4bo.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86C801F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a4cza4bo.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86C801F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a4cza4bo.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 86C801F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a4cza4bo.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86C801F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7315000
Hooking Module: spkl.sys

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 871D51F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 86F02500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86F02500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 86F02500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 86F02500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86F02500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86F02500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 86F02500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86F02500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86CC01F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86CC01F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86CC01F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86CC01F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86CC01F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86CC01F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 871651F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\viamraid.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 871631F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\viamraid.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 871631F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\viamraid.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 871631F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\viamraid.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 871631F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\viamraid.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 871631F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\viamraid.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 871631F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86F24500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86F24500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86F24500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86F24500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 86F24500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86C821F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_CREATE
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_READ
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_WRITE
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_POWER
Jump To: F731CE1C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7330514
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: \Driver\PCI_PNP0416
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7356B0C
Hooking Module: spkl.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86EA0500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86EA0500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86EA0500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86EA0500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86EA0500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86EA0500
Hooking Module: _unknown_

********************************************************************************
**********
********************************************************************************
**********
Ports:
Local Address: CONNOR:50701
Remote Address: LOCALHOST:1032
Type: TCP
Process: C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
State: ESTABLISHED

Local Address: CONNOR:50701
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
State: LISTENING

Local Address: CONNOR:27015
Remote Address: LOCALHOST:1036
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: CONNOR:27015
Remote Address: LOCALHOST:1034
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: CONNOR:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: CONNOR:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: CONNOR:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: CONNOR:1036
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: CONNOR:1034
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: CONNOR:1032
Remote Address: LOCALHOST:50701
Type: TCP
Process: C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
State: ESTABLISHED

Local Address: CONNOR:1031
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
State: LISTENING

Local Address: CONNOR:1044
Remote Address: 63.251.254.131:HTTP
Type: TCP
Process: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
State: SYN_SENT

Local Address: CONNOR:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CONNOR:3703
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
State: LISTENING

Local Address: CONNOR:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CONNOR:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CONNOR:427
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
State: LISTENING

Local Address: CONNOR:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CONNOR:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CONNOR:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CONNOR:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
State: NA

Local Address: CONNOR:1039
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CONNOR:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CONNOR:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CONNOR:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CONNOR:52329
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CONNOR:9370
Remote Address: NA
Type: UDP
Process: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
State: NA

Local Address: CONNOR:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CONNOR:3703
Remote Address: NA
Type: UDP
Process: C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
State: NA

Local Address: CONNOR:3544
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CONNOR:1029
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\spoolsv.exe
State: NA

Local Address: CONNOR:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CONNOR:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CONNOR:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CONNOR:427
Remote Address: NA
Type: UDP
Process: C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
State: NA

********************************************************************************
**********
********************************************************************************
**********
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\34EB0A60.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\68A5962A.TMP
Status: Access denied

Object: C:\System Volume Information\EfaData
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{029932C0-D74E-4292-AF45-3DA84248588C}
Status: Access denied






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users