Had to run the GMER in safe mode, got it eventually.
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\documents\pp2000_keygen_release\instruction key.txt
c:\documents and settings\all users\documents\pp2000_keygen_release\pp2000_keygen_release.exe
c:\documents and settings\nickynew\desktop\screensavers\goldfish aquarium 1.0\goldfish keygen.url
c:\documents and settings\nickynew\desktop\screensavers\real screensaver stuff\sharks keygen.exe
c:\documents and settings\nickynew\desktop\screensavers\serene screen marine aquarium\marine aquarium keygen.url
c:\documents and settings\nickynew\desktop\screensavers\sharks, terrors of the deep v.1.0\sharks keygen.url
c:\documents and settings\nickynew\my documents\locks\lockpicking books part 1\safelocks - safecracking for the computer scientist.pdf
c:\documents and settings\nickynew\my documents\locks\lockpicking books part 2\cracking 1988-1990 master locks.doc
c:\documents and settings\nickynew\start menu\programs\winrar\rar password cracker v4.11.lnk
c:\program files\ahead\keygen\nero8x.exe
c:\program files\progs\magic dvd ripper 4.2 + crack\magic dvd ripper 4.2.rar
c:\program files\progs\magic dvd ripper 4.2 + crack\magicdvdripper42a.exe
c:\program files\progs\magic dvd ripper 4.2 + crack\paste cracks into program file enjoy\magicdvdripper.exe
c:\program files\progs\magic dvd ripper 4.2 + crack\paste cracks into program file enjoy\magicdvdripper.ini
c:\program files\winrar\rar password cracker v4.11\rarpasswordcrackerv4.11readme.txt
c:\program files\winrar\rar password cracker v4.11\rpc.exe
c:\program files\winrar\rar password cracker v4.11\special.chr
scanner sequence 3.GJ.11
----- EOF -----
OTL logfile created on: 18/05/2010 13:03:23 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\NickyNew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
959.00 Mb Total Physical Memory | 335.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 16.07 Gb Free Space | 16.45% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 12.17 Gb Free Space | 9.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 559.22 Gb Free Space | 60.03% Space Free | Partition Type: NTFS
Computer Name: NICKY_PC
Current User Name: NickyNew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\NickyNew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\APPLIC\FIREBIRD\bin\fbserver.exe (The Firebird Project)
PRC - C:\APPLIC\FIREBIRD\bin\fbguard.exe (The Firebird Project)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Belkin\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\NickyNew\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Autodata Limited License Service) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Autodata Limited)
SRV - (FirebirdServerDefaultInstance) -- C:\APPLIC\FIREBIRD\bin\fbserver.exe (The Firebird Project)
SRV - (FirebirdGuardianDefaultInstance) -- C:\APPLIC\FIREBIRD\bin\fbguard.exe (The Firebird Project)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (awhost32) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100514.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100514.005\NAVENG.SYS (Symantec Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (VCommUSB) -- C:\WINDOWS\system32\drivers\VCommUSB.sys (ACTIA)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (AW_HOST) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys (Symantec Corporation)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (awecho) -- C:\WINDOWS\system32\drivers\awechomd.sys (Symantec Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (m5287) -- C:\WINDOWS\system32\drivers\m5287.sys (ULi Electronics Inc.)
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation)
DRV - (VHidMinidrv) -- C:\WINDOWS\system32\drivers\VHIDMini.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BTNetFilter) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (FADVR800) -- C:\WINDOWS\system32\drivers\FADVR800.sys (Hyosung Inc.)
DRV - (awlegacy) -- C:\WINDOWS\System32\Drivers\awlegacy.sys (Symantec Corporation)
DRV - (bkn50USB) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (Gernuwa) -- C:\WINDOWS\system32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Windows (R) 2000 DDK provider)
DRV - (cg300Au) -- C:\WINDOWS\system32\drivers\cg300Au.sys (Daheng Imavision Inc.)
DRV - (cg300) -- C:\WINDOWS\system32\drivers\cg300vc.sys (Daheng Imavision Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (sw878b) -- C:\WINDOWS\system32\drivers\sw878b.sys ()
DRV - (Asushwio) -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS ()
DRV - (sw848b) -- C:\WINDOWS\system32\drivers\sw848b.sys ()
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://uk.red.clientapps.yahoo.com/cust ... _side.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/av ... _homepage/IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/av ... _homepage/IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-2052111302-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKU\S-1-5-21-527237240-2052111302-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/25 09:00:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 10:51:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/04/14 21:16:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/04/14 21:16:40 | 000,000,000 | ---D | M]
[2009/07/04 11:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NickyNew\Application Data\Mozilla\Extensions
[2008/05/02 20:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NickyNew\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/07/04 11:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NickyNew\Application Data\Mozilla\Extensions\mozswing@mozswing.org
O1 HOSTS File: ([2008/06/21 23:20:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-527237240-2052111302-839522115-1007\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-527237240-2052111302-839522115-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-527237240-2052111302-839522115-1007..\Run: [] File not found
O4 - HKLM..\RunServices: [AWGateway] C:\Program Files\Symantec\pcAnywhere Gateway\AWGateway.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-2052111302-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-527237240-2052111302-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-2052111302-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71}
http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}
http://download.microsoft.com/download/ ... arth3D.cab (SentinelVE3D Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED}
http://download.microsoft.com/download/ ... arth3D.cab (SentinelProxy Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupda ... 3414896609 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7}
http://80.26.142.38/cab/OCXChecker_8120.cab (OCXDownloadChecker Control)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5}
http://213.175.242.21/wpp/boots/app/opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48}
http://chat.yahoo.com/cab/yvwrctl.cab (Yahoo! Webcam Viewer Wrapper)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D}
http://by102fd.bay102.hotmail.msn.com/a ... Atchmt.ocx (Hotmail Attachments Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes
file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\NickyNew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NickyNew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/19 00:12:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/06 18:27:06 | 000,000,067 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{06e5a6d2-3b92-11dc-85af-00138fa40eb0}\Shell\AutoRun\command - "" = L:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{2ea4c7cf-d0e3-11dd-88fb-00138fa40eb0}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea4c7cf-d0e3-11dd-88fb-00138fa40eb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ea4c7cf-d0e3-11dd-88fb-00138fa40eb0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f7639684-6355-11de-89f3-00138fa40eb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f7639684-6355-11de-89f3-00138fa40eb0}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/05/18 04:58:03 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NickyNew\Desktop\OTL.exe
[2010/05/16 08:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/16 08:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/15 02:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/14 18:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/13 13:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/05/13 13:45:28 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010/05/13 13:45:28 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010/05/13 13:45:27 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/05/13 13:45:26 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/05/13 13:45:25 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2010/05/13 13:45:25 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/05/13 13:45:25 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/05/13 13:45:25 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/05/12 12:12:41 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/05/10 20:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/08 00:23:49 | 000,753,664 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Ir50_32.dll
[2010/05/08 00:23:49 | 000,413,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MPG4C32.dll
[2010/05/08 00:23:49 | 000,212,992 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\Ir50_qc.dll
[2010/05/08 00:23:49 | 000,196,608 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\Ir50_qcx.dll
[2010/05/08 00:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Peaqe
[2010/05/07 22:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\DICO-800
[2010/05/07 22:55:50 | 000,031,787 | ---- | C] (Hyosung Inc.) -- C:\WINDOWS\System32\drivers\FADVR800.sys
[2010/05/06 16:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/04/27 00:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/26 23:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\down
[2010/04/25 00:19:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\NickyNew\Desktop\HiJackThis.exe
[2010/04/24 07:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/23 12:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\avG
[2010/04/23 12:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/22 23:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/22 23:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/05/18 12:15:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/18 04:58:08 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NickyNew\Desktop\OTL.exe
[2010/05/18 04:57:49 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\NickyNew\Desktop\CKScanner.exe
[2010/05/17 16:15:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/17 13:43:27 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\NickyNew\Desktop\Microsoft AutoRoute 2007.lnk
[2010/05/17 12:19:51 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\NickyNew\NTUSER.DAT
[2010/05/17 05:19:40 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/16 18:45:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 18:44:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 18:44:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/16 18:42:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\NickyNew\ntuser.ini
[2010/05/16 13:12:39 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/16 05:10:46 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/05/16 05:10:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/16 03:27:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/05/15 12:40:38 | 003,765,694 | ---- | M] () -- C:\Documents and Settings\NickyNew\Desktop\CIMG1961.JPG
[2010/05/15 12:40:28 | 003,761,777 | ---- | M] () -- C:\Documents and Settings\NickyNew\Desktop\CIMG1960.JPG
[2010/05/15 05:08:37 | 001,104,552 | -H-- | M] () -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\IconCache.db
[2010/05/14 14:42:24 | 000,513,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/14 14:42:24 | 000,449,586 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/14 14:42:24 | 000,074,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/14 14:38:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/13 17:55:27 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\NickyNew\Desktop\HiJackThis.lnk
[2010/05/13 13:53:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/05/13 13:53:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/05/13 13:43:52 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010/05/13 05:16:54 | 000,001,192 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/13 05:13:47 | 002,000,155 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/05/12 14:58:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/12 12:27:13 | 000,506,365 | ---- | M] () -- C:\Documents and Settings\NickyNew\My Documents\voting.pdf
[2010/05/09 00:12:53 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VTV Digital Surveillance.LNK
[2010/05/05 16:24:57 | 000,007,032 | -HS- | M] () -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\N0648V7xgb7
[2010/05/05 16:24:57 | 000,007,032 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\N0648V7xgb7
[2010/04/26 23:45:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/26 23:45:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/26 23:27:05 | 001,342,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\down\5810718.exe
[2010/04/25 00:19:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\NickyNew\Desktop\HiJackThis.exe
[2010/04/25 00:18:22 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\NickyNew\Desktop\HiJackThis.msi
[2010/04/25 00:06:58 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\NickyNew\Desktop\fix.reg
[2010/04/24 07:25:25 | 000,007,604 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\O5poq8wPv8FxG
[2010/04/23 13:09:19 | 000,006,922 | -HS- | M] () -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\q841
[2010/04/23 13:09:19 | 000,006,922 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q841
[2010/04/22 23:19:12 | 000,008,932 | -HS- | M] () -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\Mi715R2
[2010/04/22 23:19:12 | 000,008,932 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Mi715R2
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/05/18 04:57:48 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\NickyNew\Desktop\CKScanner.exe
[2010/05/17 05:19:40 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 18:43:08 | 003,765,694 | ---- | C] () -- C:\Documents and Settings\NickyNew\Desktop\CIMG1961.JPG
[2010/05/15 18:43:08 | 003,761,777 | ---- | C] () -- C:\Documents and Settings\NickyNew\Desktop\CIMG1960.JPG
[2010/05/13 13:53:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/05/13 13:53:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/05/12 12:27:13 | 000,506,365 | ---- | C] () -- C:\Documents and Settings\NickyNew\My Documents\voting.pdf
[2010/05/08 00:24:04 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VTV Digital Surveillance.LNK
[2010/05/08 00:23:57 | 000,029,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\sw848b.sys
[2010/05/08 00:23:57 | 000,010,148 | ---- | C] () -- C:\WINDOWS\System32\drivers\sw878b.sys
[2010/05/08 00:23:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ComConnect.drv
[2010/05/08 00:23:49 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Logon.drv
[2010/05/08 00:23:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\DSRCfg.cpl
[2010/05/08 00:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\PTZVICON_SURVEYOR99.drv
[2010/05/08 00:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\PTZULTRAK_KD6.drv
[2010/05/08 00:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\PTZUEL_MV961A.drv
[2010/05/08 00:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\PTZUEL_MV912RS.drv
[2010/05/08 00:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\PTZPHILIPS_AUTODOME.drv
[2010/05/08 00:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\PTZPELCO_SPECTRA.drv
[2010/05/08 00:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\PTZPELCO_ASCII.drv
[2010/05/08 00:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\PTZKALATEL_KTD312.drv
[2010/05/06 16:15:32 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/04/27 00:51:36 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\NickyNew\Desktop\HiJackThis.lnk
[2010/04/27 00:17:38 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\NickyNew\Desktop\fix.reg
[2010/04/26 23:27:00 | 001,342,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\down\5810718.exe
[2010/04/26 23:26:37 | 000,007,032 | -HS- | C] () -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\N0648V7xgb7
[2010/04/26 23:26:37 | 000,007,032 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N0648V7xgb7
[2010/04/25 00:18:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\NickyNew\Desktop\HiJackThis.msi
[2010/04/24 07:22:22 | 000,007,604 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\O5poq8wPv8FxG
[2010/04/24 07:22:22 | 000,007,604 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\O5poq8wPv8FxG
[2010/04/23 12:36:03 | 000,006,922 | -HS- | C] () -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\q841
[2010/04/23 12:36:03 | 000,006,922 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q841
[2010/04/22 22:45:05 | 000,008,932 | -HS- | C] () -- C:\Documents and Settings\NickyNew\Local Settings\Application Data\Mi715R2
[2010/04/22 22:45:05 | 000,008,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mi715R2
[2009/07/03 03:42:59 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/03 03:42:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/03 03:42:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/03 03:42:54 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/03 03:42:54 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/02 02:18:23 | 000,002,937 | ---- | C] () -- C:\WINDOWS\System32\drivers\VGACard.sys
[2008/06/15 23:54:01 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/05/25 09:24:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/17 23:30:29 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/14 17:26:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SPELMATE.DLL
[2007/10/24 22:43:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/24 12:44:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\DetectIRDA.dll
[2007/09/22 09:08:04 | 000,000,964 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2007/09/15 14:47:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\pcaw.ini
[2007/08/06 12:07:30 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/06/24 23:39:32 | 000,000,461 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/13 21:49:15 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\rqddjvkv.ini
[2007/06/07 21:26:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/04/10 19:38:11 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/10 14:23:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/01/15 19:49:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/12 18:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/10/19 22:31:33 | 000,001,082 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2006/09/04 00:19:28 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/08/24 00:00:10 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/08/11 01:47:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Nicky.ini
[2006/07/19 01:51:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/07/19 01:31:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/19 01:13:23 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/19 01:06:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/08/24 13:56:04 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D
< End of report >
OTL Extras logfile created on: 18/05/2010 13:03:23 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\NickyNew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
959.00 Mb Total Physical Memory | 335.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 16.07 Gb Free Space | 16.45% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 12.17 Gb Free Space | 9.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 559.22 Gb Free Space | 60.03% Space Free | Partition Type: NTFS
Computer Name: NICKY_PC
Current User Name: NickyNew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"36603:TCP" = 36603:TCP:*:Enabled:limew
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE" = C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE:*:Enabled:pcAnywhere Main Program -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE" = C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service -- (Symantec Corporation)
"C:\Program Files\Snes9x\Snes9XW.exe" = C:\Program Files\Snes9x\Snes9XW.exe:*:Enabled:Snes9XW -- (Gary Henderson)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Peaqe\Peaqe\DSR.exe" = C:\Program Files\Peaqe\Peaqe\DSR.exe:*:Enabled:Digtial Surveillance Recorder Application -- ( )
"C:\APP\PPS\mozilla.exe" = C:\APP\PPS\mozilla.exe:*:Enabled:Mozilla -- (Mozilla, Netscape)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\APPLIC\Portail\mozilla.exe" = C:\APPLIC\Portail\mozilla.exe:*:Enabled:Mozilla -- (Mozilla, Netscape)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C98E73E-D495-CA87-EF1D-50D3A719351E}" = CCC Help Dutch
"{0FF1802B-4FE0-81D5-D28F-5095543CB57B}" = Skins
"{12018183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{173A4BD8-B1E5-252A-FE86-C84C7E7B5F2E}" = CCC Help English
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17986CD6-070C-BE3E-E4D6-C36DDEEAA37C}" = Catalyst Control Center Graphics Previews Common
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D1D37A-817B-3A45-FDF5-507BD8A79680}" = CCC Help Chinese Traditional
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21879F6C-52F6-7A6F-6736-A7C912653608}" = CCC Help Danish
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21E4AB1F-C62E-C5C1-96A3-F4378A763C5B}" = CCC Help Chinese Standard
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{272DDF13-3B89-D0D8-B668-CEC4FB34C1E7}" = Catalyst Control Center Localization All
"{2743B5EB-7C1C-36CC-FBBB-A02F2F4EC52D}" = ccc-utility
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{301BEB64-7C38-4BB5-8F94-62E6160532C8}" = Nokia Download!
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38DCE347-CE45-219E-56AD-30FCB04CF71A}" = CCC Help Hungarian
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{3F9FCFE0-4979-6377-771D-E8A3F3B197E7}" = CCC Help Portuguese
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4407ED6E-4233-4FCF-8E6E-E755907F8B10}" = PP2000
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C844F60-CFF2-33DE-FD0D-09F3C392679B}" = Catalyst Control Center HydraVision Full
"{5DE3117D-408C-43C9-A8D2-640EBA8AC3DF}" = EzRecover
"{5F723D64-4042-ABAE-2A9E-1FEBA1FE4B00}" = CCC Help Korean
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61709405-4DB8-410C-53DC-A76945D7EBC1}" = CCC Help Turkish
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDB4B41-9244-EC3F-5FBC-550A8BC697F4}" = CCC Help Japanese
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EF0B467-8FDD-845E-F168-C7F0C6124C26}" = CCC Help Finnish
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{73C0DA51-DB32-4F66-970B-7298F3CAF37F}" = Nokia Software Updater
"{74FF7813-4878-AB41-8503-22287CF11F37}" = Catalyst Control Center Graphics Light
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{79469AEF-FF16-C52B-F7F8-E1E203A036E5}" = CCC Help Italian
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E08A1E-963B-8846-8082-88B996FC060E}" = CCC Help Swedish
"{84713778-D9A9-4130-A811-DF3187827B05}" = LogMeIn
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABF04DC-A40D-B4DA-189B-89497B599AB7}" = CCC Help French
"{9D56C31A-C9C8-394C-0804-670B0D2E0E1F}" = CCC Help Norwegian
"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7646-000000000001}" = Adobe Reader 6.0
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B59A1FFA-4EE2-805D-7B48-806DE73AAE03}" = CCC Help Thai
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCB873D5-94BD-4ADC-B80A-A3B381D7E8FA}" = ITEDO IsoView 5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C37810F2-3983-B864-EB7F-DCCB67703FB0}" = Catalyst Control Center Graphics Full New
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF6D9C4-EFA6-F0EC-8E56-8C85609D267D}" = ccc-core-preinstall
"{D1C2B2A9-6FC3-69A6-DDCC-10179BD2A978}" = CCC Help German
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5C8DB90-573F-A4E4-6EBF-728B634E3E07}" = CCC Help Polish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA18FD01-4830-45D6-8408-8F20A9D89D95}" = PC Connectivity Solution
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD76E812-359A-FEA9-FB17-2E55EBB36543}" = Catalyst Control Center Core Implementation
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E83971BF-8FEE-F2A6-E0CC-5187C1ECBD4D}" = CCC Help Greek
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C6DC23-56C9-2B27-5FEC-4EEDD107D2D6}" = ccc-core-static
"{EAC31CB7-575E-8C31-468D-10D5FB31CD1A}" = Catalyst Control Center Graphics Full Existing
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F07717A3-8376-AA87-6BE2-D560F1EBABF0}" = CCC Help Spanish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F371C899-B40A-811A-2825-30BE7E941CC9}" = CCC Help Czech
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF6486A6-608F-F80C-BE5C-17D07E2D49BF}" = CCC Help Russian
"00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0.9 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"EPSON Printer and Utilities" = EPSON Printer Software
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Magic DVD Ripper_is1" = Magic DVD Ripper V4.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Peaqe" = Peaqe
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"Satellite TV for PC Elite" = Satellite TV for PC Elite 4.8.8.0
"SereneScreen Marine Aquarium 2.6_is1" = SereneScreen Marine Aquarium 2.6
"Shop for HP Supplies" = Shop for HP Supplies
"Snes9x" = Snes9x
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 3.06
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TVAnts 1.0" = TVAnts 1.0
"TvInternet" = TvInternet
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YInstHelper" = Yahoo! Install Manager
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 17/05/2010 13:38:35 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 17/05/2010 13:38:35 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 17/05/2010 13:38:35 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 17/05/2010 15:23:59 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 17/05/2010 17:54:20 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 17/05/2010 20:24:42 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 17/05/2010 22:55:04 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 18/05/2010 01:25:26 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 18/05/2010 03:55:48 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 18/05/2010 06:26:10 | Computer Name = NICKY_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
[ System Events ]
Error - 09/05/2010 03:11:12 | Computer Name = NICKY_PC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 09/05/2010 03:18:04 | Computer Name = NICKY_PC | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 09/05/2010 17:57:40 | Computer Name = NICKY_PC | Source = Service Control Manager | ID = 7000
Description = The FADVR800 service failed to start due to the following error: %%1058
Error - 10/05/2010 11:15:16 | Computer Name = NICKY_PC | Source = Service Control Manager | ID = 7000
Description = The FADVR800 service failed to start due to the following error: %%1058
Error - 10/05/2010 16:10:35 | Computer Name = NICKY_PC | Source = Service Control Manager | ID = 7000
Description = The FADVR800 service failed to start due to the following error: %%1058
Error - 11/05/2010 15:44:10 | Computer Name = NICKY_PC | Source = Service Control Manager | ID = 7000
Description = The FADVR800 service failed to start due to the following error: %%1058
Error - 12/05/2010 07:08:05 | Computer Name = NICKY_PC | Source = Service Control Manager | ID = 7000
Description = The FADVR800 service failed to start due to the following error: %%1058
Error - 15/05/2010 07:13:01 | Computer Name = NICKY_PC | Source = Service Control Manager | ID = 7000
Description = The FADVR800 service failed to start due to the following error: %%1058
Error - 16/05/2010 01:16:48 | Computer Name = NICKY_PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056
Error - 16/05/2010 13:45:25 | Computer Name = NICKY_PC | Source = Service Control Manager | ID = 7000
Description = The FADVR800 service failed to start due to the following error: %%1058
< End of report >
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-05-20 12:59:08
Windows 5.1.2600 Service Pack 3
Running: 0i74xbns.exe; Driver: C:\DOCUME~1\NickyNew\LOCALS~1\Temp\fgdoqpoc.sys
---- System - GMER 1.0.15 ----
SSDT sphr.sys ZwCreateKey [0xF76D20E0]
SSDT sphr.sys ZwEnumerateKey [0xF76EFCA2]
SSDT sphr.sys ZwEnumerateValueKey [0xF76F0030]
SSDT sphr.sys ZwOpenKey [0xF76D20C0]
SSDT sphr.sys ZwQueryKey [0xF76F0108]
SSDT sphr.sys ZwQueryValueKey [0xF76EFF88]
SSDT sphr.sys ZwSetValueKey [0xF76F019A]
INT 0x62 ? 86F65BF8
INT 0x63 ? 86DD4BF8
INT 0x73 ? 86DD4BF8
INT 0x82 ? 86F65BF8
INT 0x83 ? 86FD7BF8
INT 0xA4 ? 86DD4BF8
INT 0xB4 ? 86DD4BF8
---- Kernel code sections - GMER 1.0.15 ----
? sphr.sys The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\ftdisk.sys entry point in ".rsrc" section [0xF7677314]
.text USBPORT.SYS!DllUnload F74808AC 5 Bytes JMP 86DD41D8
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 016B000A
.text C:\WINDOWS\system32\svchost.exe[616] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 016A000A
.text C:\WINDOWS\Explorer.EXE[1160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[1160] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FD72D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F770293C] sphr.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7702990] sphr.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76D3040] sphr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76D313C] sphr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76D30BE] sphr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76D37FC] sphr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76D36D2] sphr.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86DD42D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76E2D92] sphr.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86FD31F8
Device \FileSystem\Fastfat \FatCdrom 86B70500
Device \Driver\USBSTOR \Device\0000008e 86C86500
Device \Driver\usbohci \Device\USBPDO-0 86DD21F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD51F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD51F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD51F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD51F8
Device \Driver\usbohci \Device\USBPDO-1 86DD21F8
Device \Driver\usbohci \Device\USBPDO-2 86DD21F8
Device \Driver\usbehci \Device\USBPDO-3 86DB01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F661F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F661F8
Device \Driver\Cdrom \Device\CdRom0 86DD3500
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F661F8
Device \Driver\Cdrom \Device\CdRom1 86DD3500
Device \Driver\atapi \Device\Ide\IdePort0 [F7626B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7626B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7626B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7626B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\USBSTOR \Device\00000084 86C86500
Device \Driver\USBSTOR \Device\00000085 86C86500
Device \Driver\usbohci \Device\USBFDO-0 86DD21F8
Device \Driver\usbohci \Device\USBFDO-1 86DD21F8
Device \Driver\usbohci \Device\USBFDO-2 86DD21F8
Device \Driver\usbehci \Device\USBFDO-3 86DB01F8
Device \Driver\Ftdisk \Device\FtControl 86F661F8
Device \Driver\USBSTOR \Device\0000008a 86C86500
Device \Driver\USBSTOR \Device\0000008b 86C86500
Device \Driver\USBSTOR \Device\0000008c 86C86500
Device \Driver\m5287 \Device\Scsi\m52871 86FD41F8
Device \Driver\USBSTOR \Device\0000008d 86C86500
Device \FileSystem\Fastfat \Fat 86B70500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 86BEB1F8
Device -> \Driver\m5287 \Device\Harddisk0\DR0 86E86AC8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\Implemented Categories@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ C:\Program Files\Real\RealPlayer\ierjplug.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\MiscStatus\1@ 132497
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\ProgID@ IERJCtl.IERJCtl.1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\ToolboxBitmap32@ C:\Program Files\Real\RealPlayer\ierjplug.dll, 1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\TypeLib@ {00CEDBF1-864D-11D3-908D-00C0F03B3EDC}
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\VersionIndependentProgID@ IERJCtl.IERJCtl
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\ftdisk.sys suspicious modification
File C:\WINDOWS\system32\drivers\m5287.sys suspicious modification
---- EOF - GMER 1.0.15 ----