Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Sister's pc - Internet Antivirus Pro
-
29-04-2009 2:58pmMy sister (who's new to the computers) asked me to have a look at her pc. It starts up ok but then freezes for several minutes and is unresponsive. I've had a quick look at the log and all I think is wrong is something called "Internet Antivirus Pro". It pops up saying theres tons of trojans etc on the pc. I tried to uninstall it with no luck. Anyway enough waffle and here is the log (thanks in advance for all your help )
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:42, on 29/04/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\program files\Internet Antivirus Pro\IAPro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Documents and Settings\Administrator\Application Data\U3\0000183B6770FA12\LaunchPad.exe
H:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe
O4 - HKCU\..\Run: [Internet Antivirus Pro] "C:\program files\Internet Antivirus Pro\IAPro.exe" /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.babbage.ul.ie (HKLM)
O15 - Trusted Zone: http://www.desktop.ul.ie (HKLM)
O15 - Trusted Zone: http://*.inside.ul.ie (HKLM)
O15 - Trusted Zone: http://*.prometheus (HKLM)
O15 - Trusted Zone: http://ad3.ul.campus (HKLM)
O15 - Trusted Zone: http://inside.ul.campus (HKLM)
O15 - Trusted Zone: http://*.ulportal (HKLM)
O15 - Trusted Zone: http://*.ulsharepoint (HKLM)
O15 - Trusted Zone: http://download.windowsupdate.com (HKLM)
O15 - ESC Trusted Zone: http://*.inside.ul.ie (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1922012cee7ae5...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213776413968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213776386203
O16 - DPF: {8DAE7A62-4632-4691-805C-0338A5F26F9D} (Spam Arrest Email Configurator Download) - http://spamarrest.com/xcarab/10013/saclient.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedCont...c/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ul.campus
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3722D93-D250-40AC-AC2A-063066B88C65}: NameServer = 172.31.140.69 172.30.140.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ul.campus
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ul.campus
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe0
Comments
-
Moderators, Recreation & Hobbies Moderators, Social & Fun Moderators, Sports Moderators Posts: 12,804 Mod ✭✭✭✭Join Date:Posts: 11822
I was actually looking at a friends pc who had the same issuse. I used Malwarebytes ti get rid of it. Get here. I have used it before on other machines for people and always does the trick.0 -
Thanks Keano. What about this:
O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe
Is this the legitimate winlogon.exe? Hijackthis.de tells me it isn't.0 -
its not legit
- Download OTListIt2 to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under Custom Scan paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\System32\antiwpa.dll
%systemroot%\SYSTEM32\wpa.dll
%systemroot%\setup\scripts\biestart.exe
%systemroot%\system32\drivers\royal.sys
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost - Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
0 -
Moderators, Recreation & Hobbies Moderators, Social & Fun Moderators, Sports Moderators Posts: 12,804 Mod ✭✭✭✭Join Date:Posts: 11822
Run the malwarebytes program and it will remove anything that the virus has added. Just re-run the log after it is finished and see if it still there. If it is then it is ok.0 -
Ok Keano. Actorseeksjob the problem is my sister lives out in the country while I'm in the city. I was there this morning and did the hijackthis log but can't get back for a few days. Access is a problem.
If you could tell me all the programs and stuff I should collect for the next opportunity I get at the pc I would be most grateful. I only have one or two chances a month.
Thanks for your help guys!0 -
Advertisement
-
Try malwarebytes like somebody else did, probably the easiest thing for you both0
-
Thanks man but I will do what you quite kindly asked me to do next time (when I get the chance). Never heard of OTListIT2 before (or whatever it is).0
-
OTListIt logfile created on: 30/04/2009 12:49:56 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
253.99 Mb Total Physical Memory | 162.20 Mb Available Physical Memory | 63.86% Memory free
614.72 Mb Paging File | 416.55 Mb Available in Paging File | 67.76% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 24.08 Gb Free Space | 64.71% Space Free | Partition Type: NTFS
Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 12.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 2KCGVRH0JTWOMEY
Current User Name: Ann
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Computer Corporation)
PRC - C:\WINNT\System32\NMSSvc.exe (Intel Corporation)
PRC - C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\MSTask.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINNT\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINNT\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe (Roxio)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
PRC - C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (ASFAgent [Auto | Running]) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dmadmin [On_Demand | Stopped]) -- C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SRV - (Fax [On_Demand | Stopped]) -- C:\WINNT\system32\faxsvc.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Iap [Auto | Running]) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Computer Corporation)
SRV - (NMSSvc [Auto | Running]) -- C:\WINNT\System32\NMSSvc.exe (Intel Corporation)
SRV - (RemoteRegistry [Auto | Running]) -- C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
SRV - (Schedule [Auto | Running]) -- C:\WINNT\system32\MSTask.exe (Microsoft Corporation)
SRV - (UtilMan [On_Demand | Stopped]) -- C:\WINNT\System32\UtilMan.exe (Microsoft Corporation)
SRV - (WinMgmt [On_Demand | Running]) -- C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (AvgLdx86 [System | Running]) -- C:\WINNT\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINNT\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Cdr4_2K [System | Running]) -- C:\WINNT\System32\drivers\cdr4_2K.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf [System | Running]) -- C:\WINNT\System32\drivers\cdudf.sys (Roxio)
DRV - (Diskperf [Boot | Running]) -- C:\WINNT\System32\drivers\diskperf.sys (Microsoft Corporation)
DRV - (dmboot [Disabled | Stopped]) -- C:\WINNT\System32\drivers\dmboot.sys (VERITAS Software Corp.)
DRV - (dmio [Boot | Running]) -- C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
DRV - (dmload [Boot | Running]) -- C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E1000 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\e1000nt5.sys (Intel Corporation)
DRV - (EFS [Disabled | Running]) -- C:\WINNT\System32\drivers\efs.sys (Microsoft Corporation)
DRV - (EL90BC [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (fasttrak [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\fasttrak.sys (Promise Technology, Inc.)
DRV - (Fd16_700 [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\fd16_700.sys (Microsoft Corporation)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (hwdatacard [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (ichaud [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\ichaud.sys (Microsoft Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINNT\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINNT\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (mraid2k [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\mraid2k.sys (American Megatrends, Inc.)
DRV - (mraid35x [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\mraid35x.sys (American MegaTrends Inc.)
DRV - (Navcar [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\Navcar.sys (NAVMAN)
DRV - (NetAlrt [Auto | Running]) -- C:\WINNT\System32\drivers\NetAlrt.sys (Intel Corporation)
DRV - (NetDetect [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation)
DRV - (nv4 [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\nv4.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINNT\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Parallel [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\parallel.sys (Microsoft Corporation)
DRV - (PlatAlrt [Auto | Running]) -- C:\WINNT\System32\drivers\PlatAlrt.sys (Intel Corporation)
DRV - (prodrv06 [System | Running]) -- C:\WINNT\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prohlp02 [Boot | Running]) -- C:\WINNT\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prosync1 [Boot | Running]) -- C:\WINNT\System32\drivers\prosync1.sys (Protection Technology)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINNT\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RCA [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\RCA.sys (Microsoft Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINNT\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SecDrv [Auto | Running]) -- C:\WINNT\system32\drivers\SECDRV.SYS ()
DRV - (sfhlp01 [Boot | Running]) -- C:\WINNT\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (smwdm [On_Demand | Running]) -- C:\WINNT\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SVKP [Auto | Running]) -- C:\WINNT\system32\SVKP.sys (AntiCracking)
DRV - (Tpkd [Boot | Running]) -- C:\WINNT\System32\drivers\tpkd.sav (PACE Anti-Piracy, Inc.)
DRV - (UdfReadr [System | Running]) -- C:\WINNT\System32\drivers\udfreadr.sys (Roxio)
DRV - (uhcd [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\uhcd.sys (Microsoft Corporation)
DRV - (Ultra [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbhub20 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\usbhub20.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Running]) -- C:\WINNT\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINNT\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - ({E6759E0C-470B-44DC-A4A1-627E68BB3A85} [On_Demand | Running]) -- C:\WINNT\system32\drivers\A302.sys (Intel Corporation)
DRV - (NMSCFG [On_Demand | Running]) -- C:\WINNT\system32\drivers\NMSCFG.SYS (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 13:09:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 13:08:48 | 00,000,000 | ---D | M]
[2009/04/29 13:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/04/29 13:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/29 13:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\yyph9fst.default\extensions
[2009/04/29 13:13:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\yyph9fst.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/29 13:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 13:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/24 05:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 05:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/24 01:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/24 01:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/24 01:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/24 01:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/24 01:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/24 01:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/24 01:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r (Roxio)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = - UL Domain - UL Domain - UL Domain - UL Domain - UL Domain - UL Domain -
.
Your PC is now in the UL Domain.
.
Please log into the UL Domain with your usual password.
.
.
REMEMBER: In order to have your PC protected against viruses, please leave your PC turned on, with your account logged off and ALL documents saved, one night a week to receive automatic updates.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINNT\System32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: babbage.ul.ie ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: desktop.ul.ie ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: desktop.ul.ie ([www] https in Trusted sites)
O15 - HKLM\..Trusted Sites: GALILEO ([]file in Trusted sites)
O15 - HKLM\..Trusted Sites: inside.ul.ie ([]http in Trusted sites)
O15 - HKLM\..Trusted Sites: jupiter ([]file in Trusted sites)
O15 - HKLM\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKLM\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKLM\..Trusted Sites: mithras ([]file in Trusted sites)
O15 - HKLM\..Trusted Sites: prometheus ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ul.campus ([ad3] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ul.campus ([inside] http in Trusted sites)
O15 - HKLM\..Trusted Sites: ulportal ([]http in Trusted sites)
O15 - HKLM\..Trusted Sites: ulsharepoint ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKLM\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/1922012cee7ae5a8c218/netzip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213776413968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213776386203 (MUWebControl Class)
O16 - DPF: {8DAE7A62-4632-4691-805C-0338A5F26F9D} http://spamarrest.com/xcarab/10013/saclient.cab (SAEmailConfig Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37440.5864930556 (Reg Error: Key error.)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab (Symantec RuFSI Registry Information Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ul.campus
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx ()
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINNT\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.Exe) - C:\WINNT\Explorer.Exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\system32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - F:\AutoRun.exe (Huawei Technologies Co., Ltd.) - [ CDFS ]
O32 - Autorun File - F:\AUTORUN.INF () - [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: EventSystem - C:\WINNT\System32\es.dll (Microsoft Corporation)
NetSvcs: Ias -
NetSvcs: Iprip -
NetSvcs: Irmon -
NetSvcs: Netman - C:\WINNT\System32\netman.dll (Microsoft Corporation)
NetSvcs: Nwsapagent -
NetSvcs: Rasauto - C:\WINNT\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\WINNT\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\WINNT\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: SENS - C:\WINNT\system32\sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\WINNT\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: Tapisrv - C:\WINNT\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Ntmssvc - C:\WINNT\System32\NtmsSvc.dll (Microsoft Corporation)
NetSvcs: wzcsvc - C:\WINNT\System32\wzcsvc.dll (Microsoft Corporation)
SafeBootMin: AppMgmt - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - %SystemRoot%\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootMin: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootMin: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (VERITAS Software Corp.)
SafeBootMin: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootMin: dmserver - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootMin: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Netlogon - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vga.sys - Driver
SafeBootMin: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
SafeBootMin: WinMgmt - %SystemRoot%\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AFD - %SystemRoot%\System32\drivers\afd.sys (Microsoft Corporation)
SafeBootNet: AppMgmt - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Browser - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootNet: Dhcp - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootNet: dmadmin - %SystemRoot%\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootNet: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootNet: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (VERITAS Software Corp.)
SafeBootNet: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootNet: dmserver - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootNet: DnsCache - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootNet: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: LanmanServer - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootNet: LanmanWorkstation - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootNet: LmHosts - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootNet: Messenger - %SystemRoot%\System32\services.exe (Microsoft Corporation)
SafeBootNet: NBF - Service
SafeBootNet: nbf.sys - Driver
SafeBootNet: NDIS - %SystemRoot%\System32\drivers\ndis.sys (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NDISUIO - %SystemRoot%\system32\DRIVERS\ndisuio.sys (Microsoft Corporation)
SafeBootNet: NetBIOS - %SystemRoot%\System32\DRIVERS\netbios.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - %SystemRoot%\System32\DRIVERS\netbt.sys (Microsoft Corporation)
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootNet: NetMan - %SystemRoot%\System32\netman.dll (Microsoft Corporation)
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: NtLmSsp - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: ProtectedStorage - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sglfb.sys - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - %SystemRoot%\System32\DRIVERS\tcpip.sys (Microsoft Corporation)
SafeBootNet: TDI - Driver Group
SafeBootNet: tga.sys - File not found
SafeBootNet: vga.sys - Driver
SafeBootNet: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
SafeBootNet: WinMgmt - %SystemRoot%\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
SafeBootNet: WZCSVC - %SystemRoot%\System32\wzcsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08a00762-7c1e-42c2-87f0-ca3600045cd7} - KB941202
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {28023b22-f71e-43e8-8ea4-de315462878d} - KB933566
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {3628F7A7-C83E-47ba-A22D-31A7776D24C8} - HELP OCX_510065
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61E6EAE5-7821-4AC1-9BBD-AED032A8E273} - Q323759
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 7
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {706b15de-aa6d-4c4f-8699-1b0a991228b7} - KB939653
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {79844cfb-ac65-4e10-a06a-c974234f40d0} - KB883939
ActiveX: {7d16667b-0ff7-4c6b-9fcf-775578e89cc2} - KB922760
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\System32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
ActiveX: {90b0bef8-22d6-40a8-92c8-155434fc112f} - KB938127
ActiveX: {9311e53c-4c8c-4b8f-aa80-6b16de179d70} - KB925454
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {95177e6d-aaa9-44d1-bebd-b380bce3be79} - KB937143
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {a5653fdf-8d3a-451b-937f-6c7534804953} - KB923694
ActiveX: {abd13515-07e0-476a-9b25-211dbe6d1c21} - KB928090
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BB2DC990-9642-456b-8F41-44D6F8A7C00A} - OUTLCTLX_8_14_INTL_510634
ActiveX: {c1f0071f-505e-40bc-babe-3240af80b5cf} - KB950759
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D7B44F3E-77D3-44C5-8E03-4222D9A18B7B} - Q321232
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eb6ab742-eb17-446b-8ce7-dff2bc7cbf93} - KB931768
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f4de1058-dafc-4d16-b294-6ea1125bf3d3} - KB929969
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} - KB916281
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: {FF4DD9CD-F25E-425a-8B5C-A2D062781FBB} - Q328970
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE
Drivers32: aux - C:\WINNT\system32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi - C:\WINNT\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: midimapper - C:\WINNT\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINNT\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: MSACM.CEGSM - C:\WINNT\system32\mobilev.acm ()
Drivers32: msacm.iac2 - C:\WINNT\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINNT\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\system32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINNT\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINNT\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINNT\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINNT\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINNT\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINNT\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINNT\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\system32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\system32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.M261 - C:\WINNT\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINNT\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINNT\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINNT\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINNT\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINNT\system32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINNT\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINNT\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINNT\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave4 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave5 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave6 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave7 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
Drivers32: wavemapper - C:\WINNT\system32\msacm32.drv (Microsoft Corporation)
Drivers32: wdmaud.drv - C:\WINNT\system32\wdmaud.drv (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/04/30 12:42:26 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/04/30 12:42:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/30 12:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/30 12:33:58 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/30 12:15:38 | 00,223,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CrucialScan.exe
[2009/04/30 12:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/30 12:05:47 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/30 12:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/30 11:59:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/04/30 11:59:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/04/30 11:59:56 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 11:59:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/04/30 11:59:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 11:59:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 22:42:07 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_43c.dat
[2009/04/29 21:35:16 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_594.dat
[2009/04/29 18:41:13 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_59c.dat
[2009/04/29 13:17:23 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/29 13:16:01 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/04/29 13:09:53 | 00,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2009/04/29 13:09:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/04/29 13:09:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/04/29 13:08:56 | 00,001,481 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/29 13:08:46 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/29 12:56:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2009/04/28 15:52:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_584.dat
[2009/04/26 19:43:21 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3 USB Modem.lnk
[2009/04/26 19:42:33 | 00,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINNT\System32\drivers\ewusbnet.sys
[2009/04/26 19:42:33 | 00,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINNT\System32\drivers\ewusbmdm.sys
[2009/04/26 19:42:33 | 00,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINNT\System32\drivers\ewdcsc.sys
[2009/04/26 11:10:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_498.dat
[2009/04/25 20:04:06 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
[2009/04/25 17:03:47 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f0.dat
[2009/04/25 11:03:05 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5e8.dat
[2009/04/21 16:00:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_610.dat
[2009/04/20 20:04:22 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_558.dat
[2009/04/20 16:52:54 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4b4.dat
[2009/04/17 21:06:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_608.dat
[2009/04/16 20:50:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4a0.dat
[2009/04/15 11:19:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_438.dat
[2009/04/14 17:01:44 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_480.dat
[2009/04/11 17:50:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_620.dat
[2009/04/07 19:26:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_414.dat
[2009/04/07 17:16:05 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_478.dat
[2009/04/06 22:12:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_600.dat
[2009/04/05 10:31:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5c0.dat
[2009/04/04 16:54:57 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d0.dat
[2009/04/03 18:11:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_590.dat
[2009/04/02 18:26:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_650.dat
[2009/03/31 20:50:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4dc.dat
[2008/06/18 20:18:05 | 00,000,036 | ---- | C] () -- C:\WINNT\Tiny_Run.ini
[2008/06/16 21:24:54 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2008/04/27 15:34:20 | 00,029,392 | ---- | C] () -- C:\WINNT\System32\drivers\SECDRV.SYS
[2008/04/26 21:29:27 | 00,173,056 | ---- | C] () -- C:\WINNT\System32\qasf.dll
[2007/02/15 13:18:39 | 00,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI
[2003/09/17 18:13:54 | 00,815,104 | ---- | C] () -- C:\WINNT\System32\wmpcore.dll
[2003/09/11 10:20:56 | 01,290,240 | ---- | C] () -- C:\WINNT\System32\wmploc.dll
[2003/09/11 10:20:56 | 01,122,304 | ---- | C] () -- C:\WINNT\System32\wmpui.dll
[2003/09/11 10:20:56 | 00,270,336 | ---- | C] () -- C:\WINNT\System32\pdbrowse.dll
[2003/09/11 10:20:56 | 00,184,320 | ---- | C] () -- C:\WINNT\System32\wmpcd.dll
[2003/09/11 10:20:55 | 00,147,456 | ---- | C] () -- C:\WINNT\System32\CEWMDM.dll
[2002/10/09 12:55:24 | 00,000,179 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2002/07/03 11:47:58 | 00,000,851 | ---- | C] () -- C:\WINNT\WIN.INI
[2002/07/03 11:22:16 | 00,000,881 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/06/27 16:03:52 | 00,000,476 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/05/07 16:06:36 | 00,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\platmsg.dll
[2002/05/07 16:06:16 | 00,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\netamsg.dll
[2002/04/16 16:57:28 | 00,135,168 | ---- | C] () -- C:\WINNT\System32\aolninst.dll
[2002/02/06 08:04:14 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2002/01/21 14:17:18 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2001/06/19 13:00:40 | 00,000,231 | ---- | C] () -- C:\WINNT\SYSTEM.INI
[2001/05/08 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\QCUT.DLL
[2001/05/08 07:00:00 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\LVCAM.SYS
[2001/05/08 07:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\EFSADU.DLL
[2001/05/08 07:00:00 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\LVSOUND.SYS
[2001/05/08 07:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\IASPERF.INI
[2001/05/08 07:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\FAXPERF.INI
[2001/05/08 07:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\WELCOME.INI
[2000/02/24 06:03:04 | 00,061,502 | ---- | C] () -- C:\WINNT\System32\ODBCMON.DLL
[1999/01/22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 00,262,144 | ---- | C] () -- C:\WINNT\System32\shpshftr.dll
[1980/01/01 00:00:00 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\igfxdgps.dll
========== Files - Modified Within 30 Days ==========
[1 C:\WINNT\System32\*.tmp files]
[4 C:\WINNT\*.tmp files]
[2009/04/30 12:42:26 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/04/30 12:38:37 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/04/30 12:34:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/30 12:15:39 | 00,223,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CrucialScan.exe
[2009/04/30 12:05:47 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/30 11:59:56 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 22:42:07 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_43c.dat
[2009/04/29 21:35:17 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_594.dat
[2009/04/29 18:41:13 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_59c.dat
[2009/04/29 13:09:53 | 00,000,000 | ---- | M] () -- C:\WINNT\nsreg.dat
[2009/04/29 13:08:56 | 00,001,481 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/28 15:52:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_584.dat
[2009/04/26 19:43:21 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3 USB Modem.lnk
[2009/04/26 11:10:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_498.dat
[2009/04/25 20:04:06 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
[2009/04/25 17:03:47 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f0.dat
[2009/04/25 11:03:05 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5e8.dat
[2009/04/21 16:00:49 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_610.dat
[2009/04/20 20:04:22 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_558.dat
[2009/04/20 16:52:54 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4b4.dat
[2009/04/17 21:06:49 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_608.dat
[2009/04/16 20:50:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4a0.dat
[2009/04/15 11:19:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_438.dat
[2009/04/14 17:01:45 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_480.dat
[2009/04/11 17:50:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_620.dat
[2009/04/07 19:26:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_414.dat
[2009/04/07 17:16:05 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_478.dat
[2009/04/06 22:12:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_600.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/04/05 10:31:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5c0.dat
[2009/04/04 16:54:57 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d0.dat
[2009/04/03 18:11:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_590.dat
[2009/04/02 18:26:31 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_650.dat
[2009/03/31 20:50:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4dc.dat
========== LOP Check ==========
[2009/04/30 12:35:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/09/15 18:54:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/06/16 20:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google
[2009/01/06 19:07:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
[2002/06/27 16:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/06/18 09:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/04/30 11:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/12/01 16:30:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/04/29 13:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/10/26 10:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2008/10/19 00:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2009/04/30 11:58:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2008/08/24 21:18:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vghd
[2009/04/30 12:42:17 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/30 12:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008/06/18 09:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/04 10:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2004/09/10 09:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/06/18 10:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/30 11:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2003/09/11 10:20:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2003/11/25 17:20:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2005/12/02 13:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/04/30 12:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/06/18 09:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2001/05/08 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\DESKTOP.INI
[2009/04/30 12:38:37 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %systemroot%\System32\antiwpa.dll >
< %systemroot%\SYSTEM32\wpa.dll >
< %systemroot%\setup\scripts\biestart.exe >
< %systemroot%\system32\drivers\royal.sys >
< %SYSTEMDRIVE%\*. >
[2009/04/30 12:47:54 | 00,000,000 | ---D | M] -- C:
[2008/06/18 11:08:22 | 00,000,000 | -H-D | M] -- C:\$AVG8.VAULT$
[2002/07/03 12:51:32 | 00,000,000 | ---D | M] -- C:\26.08.02
[2008/04/14 14:29:22 | 00,000,000 | ---D | M] -- C:\adminshare
[2002/06/27 16:01:42 | 00,000,000 | ---D | M] -- C:\BACKUP
[2002/07/03 12:05:17 | 00,000,000 | RHSD | M] -- C:\cmdcons
[2002/06/27 16:01:42 | 00,000,000 | ---D | M] -- C:\DELL
[2002/06/27 16:01:42 | 00,000,000 | ---D | M] -- C:\DISCOVER
[2007/10/05 10:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2002/06/27 16:01:42 | 00,000,000 | ---D | M] -- C:\DOS
[2002/06/27 16:04:50 | 00,000,000 | ---D | M] -- C:\DRIVERS
[2007/02/13 11:28:25 | 00,000,000 | ---D | M] -- C:\I386
[2008/08/24 21:23:51 | 00,000,000 | ---D | M] -- C:\ltpb
[2008/08/24 21:24:03 | 00,000,000 | ---D | M] -- C:\ltpb2
[2006/05/19 19:47:54 | 00,000,000 | ---D | M] -- C:\My Downloads
[2005/10/27 09:20:48 | 00,000,000 | ---D | M] -- C:\My Music
[2009/04/30 12:42:17 | 00,000,000 | ---D | M] -- C:\Program Files
[2002/06/27 16:03:22 | 00,000,000 | -HSD | M] -- C:\RECYCLED
[2009/04/30 12:52:08 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2005/01/04 16:37:17 | 00,000,000 | ---D | M] -- C:\siapp
[2005/11/08 14:08:35 | 00,000,000 | ---D | M] -- C:\SmartDraw 7
[2007/10/11 11:24:42 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2002/07/03 12:17:14 | 00,000,000 | ---D | M] -- C:\Windows Update Setup Files
[2009/04/29 13:09:53 | 00,000,000 | ---D | M] -- C:\WINNT
[2002/10/01 09:51:52 | 00,000,000 | -H-D | M] -- C:\WUTemp
< %PROGRAMFILES%\*. >
[2009/04/30 12:42:17 | 00,000,000 | ---D | M] -- C:\Program Files
[2002/06/27 16:06:42 | 00,000,000 | ---D | M] -- C:\Program Files\Accessories
[2002/07/03 11:41:56 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/06/18 20:18:25 | 00,000,000 | ---D | M] -- C:\Program Files\Atari
[2002/08/26 16:33:41 | 00,000,000 | ---D | M] -- C:\Program Files\AvantGo Connect
[2008/06/18 09:33:39 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2005/11/25 17:04:44 | 00,000,000 | ---D | M] -- C:\Program Files\Cloudmark
[2008/06/16 21:03:43 | 00,000,000 | ---D | M] -- C:\Program Files\Codemasters
[2009/01/19 15:07:26 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2002/06/27 16:06:42 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/06/18 13:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2002/08/27 10:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2002/06/27 16:19:44 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
[2002/06/27 16:19:22 | 00,000,000 | ---D | M] -- C:\Program Files\directx
[2008/04/27 10:39:32 | 00,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2008/12/09 20:00:43 | 00,000,000 | ---D | M] -- C:\Program Files\Empire Interactive
[2008/08/24 21:23:13 | 00,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2009/04/04 10:51:32 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/04/30 12:28:16 | 00,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2008/08/21 18:54:26 | 00,000,000 | ---D | M] -- C:\Program Files\Huawei technologies
[2008/12/09 20:00:42 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2002/06/27 16:19:16 | 00,000,000 | ---D | M] -- C:\Program Files\intel
[2008/06/18 09:52:01 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/04/26 21:21:29 | 00,000,000 | ---D | M] -- C:\Program Files\Jowood
[2009/04/29 13:16:01 | 00,000,000 | ---D | M] -- C:\Program Files\Lavalys
[2009/04/30 12:04:18 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2005/11/25 16:55:03 | 00,000,000 | ---D | M] -- C:\Program Files\LeMoMan
[2007/01/11 10:31:50 | 00,000,000 | ---D | M] -- C:\Program Files\LizardTech
[2009/04/30 11:59:57 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2002/08/26 16:33:42 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2005/11/25 17:17:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2002/07/03 12:30:24 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer
[2008/06/18 09:48:32 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2002/10/09 12:19:37 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2002/10/09 12:20:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2002/07/03 11:21:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/04/30 12:43:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/07/07 09:15:44 | 00,000,000 | ---D | M] -- C:\Program Files\Navman
[2005/12/04 04:01:57 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2002/08/26 15:43:45 | 00,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate
[2008/04/22 10:35:00 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/06/25 11:18:20 | 00,000,000 | ---D | M] -- C:\Program Files\Paint Shop Pro 5
[2007/09/04 17:01:58 | 00,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2003/11/25 17:20:20 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/10/27 09:19:49 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2002/07/03 12:13:41 | 00,000,000 | ---D | M] -- C:\Program Files\Resource Kit
[2002/06/27 16:20:10 | 00,000,000 | ---D | M] -- C:\Program Files\Roxio
[2002/07/03 11:33:40 | 00,000,000 | ---D | M] -- C:\Program Files\Sip
[2004/11/26 10:24:11 | 00,000,000 | ---D | M] -- C:\Program Files\Skype
[2009/04/30 12:42:26 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/06/18 09:22:12 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/06/18 09:220 -
OTListIt Extras logfile created on: 30/04/2009 12:49:56 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
253.99 Mb Total Physical Memory | 162.20 Mb Available Physical Memory | 63.86% Memory free
614.72 Mb Paging File | 416.55 Mb Available in Paging File | 67.76% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 24.08 Gb Free Space | 64.71% Space Free | Partition Type: NTFS
Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 12.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 2KCGVRH0JTWOMEY
Current User Name: Ann
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{09131BDB-A91C-4D1C-830B-F2ADD80804E4}" = Microsoft Baseline Security Analyzer
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{10B8AAC6-FE70-42B0-A244-7C9BE740A9D8}" = Windows 2000 Professional
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20EC0DE2-07FF-4B8E-BDFA-A0A2E0E0805F}" = Cloudmark SpamNet 1.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel® PRO Network Adapters WMI Provider (2.0)
"{4CB67F83-F2FF-4542-A5EA-03082FB5B12F}" = My Little Pony
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6797B492-3814-4129-AD07-C727D23FB5BF}" = Intel® Pro Alerting Agent, Version 3.0.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BCCFFB7-97D9-40F7-9B29-0DECE6AB56E8}" = SmartST Desktop Version 3 for iCN600 Series
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) 845G Chipset Graphics Driver Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run (TM) Demo
"3 USB Modem" = 3 USB Modem
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat eBook Reader" = Adobe Acrobat eBook Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AVG8Uninstall" = AVG Free 8.0
"Chaser" = Chaser
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Paint Shop Pro 5.01" = Paint Shop Pro 5.01
"Picasa2" = Picasa 2
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ST6UNST #1" = Sip Install
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"vghd" = VirtuaGirl HD
"Windows 2000 Service Pack" = Windows 2000 Service Pack 4
"Windows CE Services" = Microsoft ActiveSync 3.5
"WinZip" = WinZip
"WMP7" = Windows Media Player 7.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29/04/2009 07:46:25 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
Description = Could not locate the script command lines in the Group Policy Object.
Error - 29/04/2009 08:28:07 | Computer Name = 2KCGVRH0JTWOMEY | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).
Error - 29/04/2009 13:39:57 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
Description = Could not locate the script command lines in the Group Policy Object.
Error - 29/04/2009 16:33:50 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
Description = Could not locate the script command lines in the Group Policy Object.
Error - 29/04/2009 17:40:35 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
Description = Could not locate the script command lines in the Group Policy Object.
Error - 30/04/2009 06:54:50 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
Description = Could not locate the script command lines in the Group Policy Object.
Error - 30/04/2009 07:36:43 | Computer Name = 2KCGVRH0JTWOMEY | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).
Error - 30/04/2009 07:38:36 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
Description = Could not locate the script command lines in the Group Policy Object.
Error - 30/04/2009 07:41:14 | Computer Name = 2KCGVRH0JTWOMEY | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 30/04/2009 07:53:51 | Computer Name = 2KCGVRH0JTWOMEY | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
[ System Events ]
Error - 30/12/2008 16:33:17 | Computer Name = 2KCGVRH0JTWOMEY | Source = Removable Storage Service | ID = 262161
Description = RSM cannot manage library PhysicalDrive3. It encountered an unspecified
error. This can be caused by a number of problems including, but not limited to,
database corruption, failure communicating with the library, or insufficient system
resources.
Error - 30/12/2008 16:33:28 | Computer Name = 2KCGVRH0JTWOMEY | Source = Removable Storage Service | ID = 262161
Description = RSM cannot manage library PhysicalDrive2. It encountered an unspecified
error. This can be caused by a number of problems including, but not limited to,
database corruption, failure communicating with the library, or insufficient system
resources.
Error - 30/12/2008 16:33:28 | Computer Name = 2KCGVRH0JTWOMEY | Source = Removable Storage Service | ID = 262161
Description = RSM cannot manage library PhysicalDrive3. It encountered an unspecified
error. This can be caused by a number of problems including, but not limited to,
database corruption, failure communicating with the library, or insufficient system
resources.
Error - 30/12/2008 17:22:10 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
Description = No Windows NT or Windows 2000 Domain Controller is available for domain
UL. The following error occurred: %%1311
Error - 04/01/2009 19:58:09 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
Description = No Windows NT or Windows 2000 Domain Controller is available for domain
UL. The following error occurred: %%1311
Error - 04/01/2009 20:00:40 | Computer Name = 2KCGVRH0JTWOMEY | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 05/01/2009 21:59:51 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
Description = No Windows NT or Windows 2000 Domain Controller is available for domain
UL. The following error occurred: %%1311
Error - 06/01/2009 05:02:24 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
Description = No Windows NT or Windows 2000 Domain Controller is available for domain
UL. The following error occurred: %%1311
Error - 06/01/2009 05:02:41 | Computer Name = 2KCGVRH0JTWOMEY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 06/01/2009 06:46:24 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
Description = No Windows NT or Windows 2000 Domain Controller is available for domain
UL. The following error occurred: %%1311
< End of report >0 -
Phew got those 2 logs files like you asked. Talk about detailed :eek:
This is what I did on the pc before I took those logs:
1) Booted up with a LiveCD and deleted the winlogon.exe file and deleted the Internet Antivirus Pro program files folder.
2) Ran HijackThis and fixed the entries pertaining to the (now deleted) winlogon.exe and Internet Antivirus Pro
3) Did another HijackThis log and ran it through Hijackthis.de and found nothing wrong.
4) Downloaded the malwarebytes Anti Malware program, updated it and ran a quick scan. It found around 30 nasties (some of which were remnants of Internet Antivirus Pro) and deleted them.
5) Downloaded OTListIt2 and did what ActorSeeksJob asked me to do and posted the logs in this thread
The only thing I'm worried about is I installed AdAware but when I clicked on it the splash screen showed and nothing else happened. Could this be an indication of a nasty stopping it from starting up?0 -
Advertisement
-
looks good, don't have the mbam log do you ?
Run OTList2.exe- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTLI PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe C:\program files\Internet Antivirus Pro :Services :Reg :Files :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
Download Rooter.exe to your desktop- Then doubleclick it to start the tool
- A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here
0 - Under the Custom Scans/Fixes box at the bottom, paste in the following
-
Damn I didn't keep the mbam log...I had it and all. I did run mbam twice and the second time it found nothing.
Thanks for your help. I'll have to wait a few days before I can do the other stuff you told me.
Is HijackThis not any good any more? Has OTListIt2 taken over from it? I posted the original HijackThis log on a few malware forums but got no replies0 -
yes pretty much
you should tell those forums you are being helped so they don't waste their time0 -
ActorSeeksJob wrote: »yes pretty much
you should tell those forums you are being helped so they don't waste their time
I'm guessing I didn't get any help because I posted a HijackThis log and its outdated. What a shame. It was a great program in its day.0
Advertisement