Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Sister's pc - Internet Antivirus Pro

  • 29-04-2009 1:58pm
    #1


    My sister (who's new to the computers) asked me to have a look at her pc. It starts up ok but then freezes for several minutes and is unresponsive. I've had a quick look at the log and all I think is wrong is something called "Internet Antivirus Pro". It pops up saying theres tons of trojans etc on the pc. I tried to uninstall it with no luck. Anyway enough waffle and here is the log (thanks in advance for all your help :))

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:01:42, on 29/04/2009
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\program files\Internet Antivirus Pro\IAPro.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Documents and Settings\Administrator\Application Data\U3\0000183B6770FA12\LaunchPad.exe
    H:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe
    O4 - HKCU\..\Run: [Internet Antivirus Pro] "C:\program files\Internet Antivirus Pro\IAPro.exe" /s
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.babbage.ul.ie (HKLM)
    O15 - Trusted Zone: http://www.desktop.ul.ie (HKLM)
    O15 - Trusted Zone: http://*.inside.ul.ie (HKLM)
    O15 - Trusted Zone: http://*.prometheus (HKLM)
    O15 - Trusted Zone: http://ad3.ul.campus (HKLM)
    O15 - Trusted Zone: http://inside.ul.campus (HKLM)
    O15 - Trusted Zone: http://*.ulportal (HKLM)
    O15 - Trusted Zone: http://*.ulsharepoint (HKLM)
    O15 - Trusted Zone: http://download.windowsupdate.com (HKLM)
    O15 - ESC Trusted Zone: http://*.inside.ul.ie (HKLM)
    O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1922012cee7ae5...ip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213776413968
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213776386203
    O16 - DPF: {8DAE7A62-4632-4691-805C-0338A5F26F9D} (Spam Arrest Email Configurator Download) - http://spamarrest.com/xcarab/10013/saclient.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedCont...c/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ul.campus
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3722D93-D250-40AC-AC2A-063066B88C65}: NameServer = 172.31.140.69 172.30.140.69
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ul.campus
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ul.campus
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe


Comments

  • Moderators, Recreation & Hobbies Moderators, Social & Fun Moderators, Sports Moderators Posts: 12,808 Mod ✭✭✭✭Keano


    I was actually looking at a friends pc who had the same issuse. I used Malwarebytes ti get rid of it. Get here. I have used it before on other machines for people and always does the trick.




  • Thanks Keano. What about this:

    O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe

    Is this the legitimate winlogon.exe? Hijackthis.de tells me it isn't.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    its not legit
    • Download OTListIt2 to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %systemroot%\System32\antiwpa.dll
      %systemroot%\SYSTEM32\wpa.dll
      %systemroot%\setup\scripts\biestart.exe
      %systemroot%\system32\drivers\royal.sys
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.
      HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


  • Moderators, Recreation & Hobbies Moderators, Social & Fun Moderators, Sports Moderators Posts: 12,808 Mod ✭✭✭✭Keano


    Run the malwarebytes program and it will remove anything that the virus has added. Just re-run the log after it is finished and see if it still there. If it is then it is ok.




  • Ok Keano. Actorseeksjob the problem is my sister lives out in the country while I'm in the city. I was there this morning and did the hijackthis log but can't get back for a few days. Access is a problem.

    If you could tell me all the programs and stuff I should collect for the next opportunity I get at the pc I would be most grateful. I only have one or two chances a month.

    Thanks for your help guys!


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Try malwarebytes like somebody else did, probably the easiest thing for you both




  • Thanks man but I will do what you quite kindly asked me to do next time (when I get the chance). Never heard of OTListIT2 before (or whatever it is).




  • OTListIt logfile created on: 30/04/2009 12:49:56 - Run 1
    OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2800.1106)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    253.99 Mb Total Physical Memory | 162.20 Mb Available Physical Memory | 63.86% Memory free
    614.72 Mb Paging File | 416.55 Mb Available in Paging File | 67.76% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768;

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 24.08 Gb Free Space | 64.71% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 12.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: 2KCGVRH0JTWOMEY
    Current User Name: Ann
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
    PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Computer Corporation)
    PRC - C:\WINNT\System32\NMSSvc.exe (Intel Corporation)
    PRC - C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
    PRC - C:\WINNT\system32\MSTask.exe (Microsoft Corporation)
    PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\WINNT\Explorer.EXE (Microsoft Corporation)
    PRC - C:\WINNT\System32\hkcmd.exe (Intel Corporation)
    PRC - C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe (Roxio)
    PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
    PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
    PRC - C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe (Huawei Technologies)
    PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (ASFAgent [Auto | Running]) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
    SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (dmadmin [On_Demand | Stopped]) -- C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
    SRV - (Fax [On_Demand | Stopped]) -- C:\WINNT\system32\faxsvc.exe (Microsoft Corporation)
    SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (Iap [Auto | Running]) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Computer Corporation)
    SRV - (NMSSvc [Auto | Running]) -- C:\WINNT\System32\NMSSvc.exe (Intel Corporation)
    SRV - (RemoteRegistry [Auto | Running]) -- C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
    SRV - (Schedule [Auto | Running]) -- C:\WINNT\system32\MSTask.exe (Microsoft Corporation)
    SRV - (UtilMan [On_Demand | Stopped]) -- C:\WINNT\System32\UtilMan.exe (Microsoft Corporation)
    SRV - (WinMgmt [On_Demand | Running]) -- C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (AvgLdx86 [System | Running]) -- C:\WINNT\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86 [System | Running]) -- C:\WINNT\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Cdr4_2K [System | Running]) -- C:\WINNT\System32\drivers\cdr4_2K.sys (Sonic Solutions)
    DRV - (Cdralw2k [System | Running]) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
    DRV - (cdudf [System | Running]) -- C:\WINNT\System32\drivers\cdudf.sys (Roxio)
    DRV - (Diskperf [Boot | Running]) -- C:\WINNT\System32\drivers\diskperf.sys (Microsoft Corporation)
    DRV - (dmboot [Disabled | Stopped]) -- C:\WINNT\System32\drivers\dmboot.sys (VERITAS Software Corp.)
    DRV - (dmio [Boot | Running]) -- C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
    DRV - (dmload [Boot | Running]) -- C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
    DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio)
    DRV - (E1000 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\e1000nt5.sys (Intel Corporation)
    DRV - (EFS [Disabled | Running]) -- C:\WINNT\System32\drivers\efs.sys (Microsoft Corporation)
    DRV - (EL90BC [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
    DRV - (fasttrak [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\fasttrak.sys (Promise Technology, Inc.)
    DRV - (Fd16_700 [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\fd16_700.sys (Microsoft Corporation)
    DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (hwdatacard [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (ialm [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
    DRV - (ichaud [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\ichaud.sys (Microsoft Corporation)
    DRV - (mdmxsdk [Auto | Running]) -- C:\WINNT\system32\DRIVERS\mdmxsdk.sys (Conexant)
    DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio)
    DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINNT\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
    DRV - (MPE [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\MPE.sys (Microsoft Corporation)
    DRV - (mraid2k [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\mraid2k.sys (American Megatrends, Inc.)
    DRV - (mraid35x [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\mraid35x.sys (American MegaTrends Inc.)
    DRV - (Navcar [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\Navcar.sys (NAVMAN)
    DRV - (NetAlrt [Auto | Running]) -- C:\WINNT\System32\drivers\NetAlrt.sys (Intel Corporation)
    DRV - (NetDetect [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation)
    DRV - (nv4 [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\nv4.sys (NVIDIA Corporation)
    DRV - (omci [System | Running]) -- C:\WINNT\System32\DRIVERS\omci.sys (Dell Computer Corporation)
    DRV - (Parallel [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\parallel.sys (Microsoft Corporation)
    DRV - (PlatAlrt [Auto | Running]) -- C:\WINNT\System32\drivers\PlatAlrt.sys (Intel Corporation)
    DRV - (prodrv06 [System | Running]) -- C:\WINNT\System32\drivers\prodrv06.sys (Protection Technology)
    DRV - (prohlp02 [Boot | Running]) -- C:\WINNT\System32\drivers\prohlp02.sys (Protection Technology)
    DRV - (prosync1 [Boot | Running]) -- C:\WINNT\System32\drivers\prosync1.sys (Protection Technology)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (pwd_2k [System | Running]) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio)
    DRV - (PxHelp20 [Boot | Running]) -- C:\WINNT\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (RCA [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\RCA.sys (Microsoft Corporation)
    DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINNT\System32\Drivers\RootMdm.sys (Microsoft Corporation)
    DRV - (SecDrv [Auto | Running]) -- C:\WINNT\system32\drivers\SECDRV.SYS ()
    DRV - (sfhlp01 [Boot | Running]) -- C:\WINNT\System32\drivers\sfhlp01.sys (Protection Technology)
    DRV - (smwdm [On_Demand | Running]) -- C:\WINNT\system32\drivers\smwdm.sys (Analog Devices, Inc.)
    DRV - (Sparrow [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (SVKP [Auto | Running]) -- C:\WINNT\system32\SVKP.sys (AntiCracking)
    DRV - (Tpkd [Boot | Running]) -- C:\WINNT\System32\drivers\tpkd.sav (PACE Anti-Piracy, Inc.)
    DRV - (UdfReadr [System | Running]) -- C:\WINNT\System32\drivers\udfreadr.sys (Roxio)
    DRV - (uhcd [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\uhcd.sys (Microsoft Corporation)
    DRV - (Ultra [Boot | Stopped]) -- C:\WINNT\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (usbhub20 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\usbhub20.sys (Microsoft Corporation)
    DRV - (winachsf [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Running]) -- C:\WINNT\system32\drivers\ialmsbw.sys (Intel Corporation)
    DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINNT\system32\drivers\ialmkchw.sys (Intel Corporation)
    DRV - ({E6759E0C-470B-44DC-A4A1-627E68BB3A85} [On_Demand | Running]) -- C:\WINNT\system32\drivers\A302.sys (Intel Corporation)
    DRV - (NMSCFG [On_Demand | Running]) -- C:\WINNT\system32\drivers\NMSCFG.SYS (Intel Corporation)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 13:09:51 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 13:08:48 | 00,000,000 | ---D | M]

    [2009/04/29 13:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
    [2009/04/29 13:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/04/29 13:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\yyph9fst.default\extensions
    [2009/04/29 13:13:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\yyph9fst.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/04/29 13:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/04/29 13:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/04/24 05:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/04/24 05:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/04/24 01:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/04/24 01:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/04/24 01:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/04/24 01:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/04/24 01:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/04/24 01:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/04/24 01:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
    O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r (Roxio)
    O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
    O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation)
    O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = - UL Domain - UL Domain - UL Domain - UL Domain - UL Domain - UL Domain -
    .
    Your PC is now in the UL Domain.
    .
    Please log into the UL Domain with your usual password.
    .
    .
    REMEMBER: In order to have your PC protected against viruses, please leave your PC turned on, with your account logged off and ALL documents saved, one night a week to receive automatic updates.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
    O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm ()
    O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINNT\System32\rnr20.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKLM\..Trusted Domains: babbage.ul.ie ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: desktop.ul.ie ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: desktop.ul.ie ([www] https in Trusted sites)
    O15 - HKLM\..Trusted Sites: GALILEO ([]file in Trusted sites)
    O15 - HKLM\..Trusted Sites: inside.ul.ie ([]http in Trusted sites)
    O15 - HKLM\..Trusted Sites: jupiter ([]file in Trusted sites)
    O15 - HKLM\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
    O15 - HKLM\..Trusted Sites: mithras ([]file in Trusted sites)
    O15 - HKLM\..Trusted Sites: prometheus ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: ul.campus ([ad3] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: ul.campus ([inside] http in Trusted sites)
    O15 - HKLM\..Trusted Sites: ulportal ([]http in Trusted sites)
    O15 - HKLM\..Trusted Sites: ulsharepoint ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/1922012cee7ae5a8c218/netzip/RdxIE601.cab (RdxIE Class)
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213776413968 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213776386203 (MUWebControl Class)
    O16 - DPF: {8DAE7A62-4632-4691-805C-0338A5F26F9D} http://spamarrest.com/xcarab/10013/saclient.cab (SAEmailConfig Class)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37440.5864930556 (Reg Error: Key error.)
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab (Symantec RuFSI Registry Information Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ul.campus
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx ()
    O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINNT\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.Exe) - C:\WINNT\Explorer.Exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\system32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\system32\wzcdlg.dll (Microsoft Corporation)
    O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - Autorun File - F:\AutoRun.exe (Huawei Technologies Co., Ltd.) - [ CDFS ]
    O32 - Autorun File - F:\AUTORUN.INF () - [ CDFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    NetSvcs: EventSystem - C:\WINNT\System32\es.dll (Microsoft Corporation)
    NetSvcs: Ias -
    NetSvcs: Iprip -
    NetSvcs: Irmon -
    NetSvcs: Netman - C:\WINNT\System32\netman.dll (Microsoft Corporation)
    NetSvcs: Nwsapagent -
    NetSvcs: Rasauto - C:\WINNT\System32\rasauto.dll (Microsoft Corporation)
    NetSvcs: Rasman - C:\WINNT\System32\rasmans.dll (Microsoft Corporation)
    NetSvcs: Remoteaccess - C:\WINNT\System32\mprdim.dll (Microsoft Corporation)
    NetSvcs: SENS - C:\WINNT\system32\sens.dll (Microsoft Corporation)
    NetSvcs: Sharedaccess - C:\WINNT\System32\ipnathlp.dll (Microsoft Corporation)
    NetSvcs: Tapisrv - C:\WINNT\System32\tapisrv.dll (Microsoft Corporation)
    NetSvcs: Ntmssvc - C:\WINNT\System32\NtmsSvc.dll (Microsoft Corporation)
    NetSvcs: wzcsvc - C:\WINNT\System32\wzcsvc.dll (Microsoft Corporation)
    SafeBootMin: AppMgmt - %SystemRoot%\system32\services.exe (Microsoft Corporation)
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: dmadmin - %SystemRoot%\System32\dmadmin.exe (VERITAS Software Corp.)
    SafeBootMin: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (VERITAS Software Corp.)
    SafeBootMin: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (VERITAS Software Corp.)
    SafeBootMin: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (VERITAS Software Corp.)
    SafeBootMin: dmserver - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootMin: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: Netlogon - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: sglfb.sys - File not found
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: tga.sys - File not found
    SafeBootMin: vga.sys - Driver
    SafeBootMin: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
    SafeBootMin: WinMgmt - %SystemRoot%\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: AFD - %SystemRoot%\System32\drivers\afd.sys (Microsoft Corporation)
    SafeBootNet: AppMgmt - %SystemRoot%\system32\services.exe (Microsoft Corporation)
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: Browser - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootNet: Dhcp - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootNet: dmadmin - %SystemRoot%\System32\dmadmin.exe (VERITAS Software Corp.)
    SafeBootNet: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (VERITAS Software Corp.)
    SafeBootNet: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (VERITAS Software Corp.)
    SafeBootNet: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (VERITAS Software Corp.)
    SafeBootNet: dmserver - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootNet: DnsCache - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootNet: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: LanmanServer - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootNet: LanmanWorkstation - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootNet: LmHosts - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootNet: Messenger - %SystemRoot%\System32\services.exe (Microsoft Corporation)
    SafeBootNet: NBF - Service
    SafeBootNet: nbf.sys - Driver
    SafeBootNet: NDIS - %SystemRoot%\System32\drivers\ndis.sys (Microsoft Corporation)
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NDISUIO - %SystemRoot%\system32\DRIVERS\ndisuio.sys (Microsoft Corporation)
    SafeBootNet: NetBIOS - %SystemRoot%\System32\DRIVERS\netbios.sys (Microsoft Corporation)
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetBT - %SystemRoot%\System32\DRIVERS\netbt.sys (Microsoft Corporation)
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Netlogon - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
    SafeBootNet: NetMan - %SystemRoot%\System32\netman.dll (Microsoft Corporation)
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: nm - File not found
    SafeBootNet: nm.sys - File not found
    SafeBootNet: NtLmSsp - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: ProtectedStorage - %SystemRoot%\system32\services.exe (Microsoft Corporation)
    SafeBootNet: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: sglfb.sys - File not found
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: Tcpip - %SystemRoot%\System32\DRIVERS\tcpip.sys (Microsoft Corporation)
    SafeBootNet: TDI - Driver Group
    SafeBootNet: tga.sys - File not found
    SafeBootNet: vga.sys - Driver
    SafeBootNet: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
    SafeBootNet: WinMgmt - %SystemRoot%\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
    SafeBootNet: WZCSVC - %SystemRoot%\System32\wzcsvc.dll (Microsoft Corporation)
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
    ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
    ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
    ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
    ActiveX: {08a00762-7c1e-42c2-87f0-ca3600045cd7} - KB941202
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
    ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
    ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
    ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
    ActiveX: {28023b22-f71e-43e8-8ea4-de315462878d} - KB933566
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
    ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
    ActiveX: {3628F7A7-C83E-47ba-A22D-31A7776D24C8} - HELP OCX_510065
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
    ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {61E6EAE5-7821-4AC1-9BBD-AED032A8E273} - Q323759
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
    ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
    ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 7
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {706b15de-aa6d-4c4f-8699-1b0a991228b7} - KB939653
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
    ActiveX: {79844cfb-ac65-4e10-a06a-c974234f40d0} - KB883939
    ActiveX: {7d16667b-0ff7-4c6b-9fcf-775578e89cc2} - KB922760
    ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\System32\ie4uinit.exe
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
    ActiveX: {90b0bef8-22d6-40a8-92c8-155434fc112f} - KB938127
    ActiveX: {9311e53c-4c8c-4b8f-aa80-6b16de179d70} - KB925454
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {95177e6d-aaa9-44d1-bebd-b380bce3be79} - KB937143
    ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
    ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
    ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
    ActiveX: {a5653fdf-8d3a-451b-937f-6c7534804953} - KB923694
    ActiveX: {abd13515-07e0-476a-9b25-211dbe6d1c21} - KB928090
    ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {BB2DC990-9642-456b-8F41-44D6F8A7C00A} - OUTLCTLX_8_14_INTL_510634
    ActiveX: {c1f0071f-505e-40bc-babe-3240af80b5cf} - KB950759
    ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {D7B44F3E-77D3-44C5-8E03-4222D9A18B7B} - Q321232
    ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
    ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
    ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {eb6ab742-eb17-446b-8ce7-dff2bc7cbf93} - KB931768
    ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
    ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
    ActiveX: {f4de1058-dafc-4d16-b294-6ea1125bf3d3} - KB929969
    ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
    ActiveX: {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} - KB916281
    ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
    ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
    ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
    ActiveX: {FF4DD9CD-F25E-425a-8B5C-A2D062781FBB} - Q328970
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE
    Drivers32: aux - C:\WINNT\system32\mmdrv.dll (Microsoft Corporation)
    Drivers32: aux1 - File not found
    Drivers32: aux2 - File not found
    Drivers32: aux3 - File not found
    Drivers32: aux4 - File not found
    Drivers32: aux5 - File not found
    Drivers32: aux6 - File not found
    Drivers32: aux7 - File not found
    Drivers32: aux8 - File not found
    Drivers32: aux9 - File not found
    Drivers32: midi - C:\WINNT\system32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - File not found
    Drivers32: midi2 - File not found
    Drivers32: midi3 - File not found
    Drivers32: midi4 - File not found
    Drivers32: midi5 - File not found
    Drivers32: midi6 - File not found
    Drivers32: midi7 - File not found
    Drivers32: midi8 - File not found
    Drivers32: midi9 - File not found
    Drivers32: midimapper - C:\WINNT\system32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINNT\system32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - File not found
    Drivers32: mixer2 - File not found
    Drivers32: mixer3 - File not found
    Drivers32: mixer4 - File not found
    Drivers32: mixer5 - File not found
    Drivers32: mixer6 - File not found
    Drivers32: mixer7 - File not found
    Drivers32: mixer8 - File not found
    Drivers32: mixer9 - File not found
    Drivers32: MSACM.CEGSM - C:\WINNT\system32\mobilev.acm ()
    Drivers32: msacm.iac2 - C:\WINNT\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINNT\system32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINNT\system32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\WINNT\system32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.msadpcm - C:\WINNT\system32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINNT\system32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINNT\system32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINNT\system32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINNT\system32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINNT\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINNT\system32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINNT\system32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINNT\system32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINNT\system32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINNT\system32\ir32_32.dll ()
    Drivers32: vidc.iv50 - C:\WINNT\system32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.M261 - C:\WINNT\system32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINNT\system32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINNT\system32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINNT\system32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINNT\system32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.WMV3 - C:\WINNT\system32\wmv9vcm.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\WINNT\system32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINNT\system32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINNT\system32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave2 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave3 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave4 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave5 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave6 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave7 - C:\WINNT\system32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave8 - File not found
    Drivers32: wave9 - File not found
    Drivers32: wavemapper - C:\WINNT\system32\msacm32.drv (Microsoft Corporation)
    Drivers32: wdmaud.drv - C:\WINNT\system32\wdmaud.drv (Microsoft Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/04/30 12:42:26 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
    [2009/04/30 12:42:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2009/04/30 12:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2009/04/30 12:33:58 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
    [2009/04/30 12:15:38 | 00,223,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CrucialScan.exe
    [2009/04/30 12:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    [2009/04/30 12:05:47 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2009/04/30 12:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2009/04/30 11:59:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2009/04/30 11:59:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
    [2009/04/30 11:59:56 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/04/30 11:59:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
    [2009/04/30 11:59:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/04/30 11:59:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/04/29 22:42:07 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_43c.dat
    [2009/04/29 21:35:16 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_594.dat
    [2009/04/29 18:41:13 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_59c.dat
    [2009/04/29 13:17:23 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
    [2009/04/29 13:16:01 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
    [2009/04/29 13:09:53 | 00,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
    [2009/04/29 13:09:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2009/04/29 13:09:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2009/04/29 13:08:56 | 00,001,481 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2009/04/29 13:08:46 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2009/04/29 12:56:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
    [2009/04/28 15:52:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_584.dat
    [2009/04/26 19:43:21 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3 USB Modem.lnk
    [2009/04/26 19:42:33 | 00,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINNT\System32\drivers\ewusbnet.sys
    [2009/04/26 19:42:33 | 00,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINNT\System32\drivers\ewusbmdm.sys
    [2009/04/26 19:42:33 | 00,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINNT\System32\drivers\ewdcsc.sys
    [2009/04/26 11:10:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_498.dat
    [2009/04/25 20:04:06 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
    [2009/04/25 17:03:47 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f0.dat
    [2009/04/25 11:03:05 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5e8.dat
    [2009/04/21 16:00:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_610.dat
    [2009/04/20 20:04:22 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_558.dat
    [2009/04/20 16:52:54 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4b4.dat
    [2009/04/17 21:06:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_608.dat
    [2009/04/16 20:50:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4a0.dat
    [2009/04/15 11:19:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_438.dat
    [2009/04/14 17:01:44 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_480.dat
    [2009/04/11 17:50:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_620.dat
    [2009/04/07 19:26:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_414.dat
    [2009/04/07 17:16:05 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_478.dat
    [2009/04/06 22:12:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_600.dat
    [2009/04/05 10:31:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5c0.dat
    [2009/04/04 16:54:57 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d0.dat
    [2009/04/03 18:11:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_590.dat
    [2009/04/02 18:26:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_650.dat
    [2009/03/31 20:50:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4dc.dat
    [2008/06/18 20:18:05 | 00,000,036 | ---- | C] () -- C:\WINNT\Tiny_Run.ini
    [2008/06/16 21:24:54 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
    [2008/04/27 15:34:20 | 00,029,392 | ---- | C] () -- C:\WINNT\System32\drivers\SECDRV.SYS
    [2008/04/26 21:29:27 | 00,173,056 | ---- | C] () -- C:\WINNT\System32\qasf.dll
    [2007/02/15 13:18:39 | 00,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI
    [2003/09/17 18:13:54 | 00,815,104 | ---- | C] () -- C:\WINNT\System32\wmpcore.dll
    [2003/09/11 10:20:56 | 01,290,240 | ---- | C] () -- C:\WINNT\System32\wmploc.dll
    [2003/09/11 10:20:56 | 01,122,304 | ---- | C] () -- C:\WINNT\System32\wmpui.dll
    [2003/09/11 10:20:56 | 00,270,336 | ---- | C] () -- C:\WINNT\System32\pdbrowse.dll
    [2003/09/11 10:20:56 | 00,184,320 | ---- | C] () -- C:\WINNT\System32\wmpcd.dll
    [2003/09/11 10:20:55 | 00,147,456 | ---- | C] () -- C:\WINNT\System32\CEWMDM.dll
    [2002/10/09 12:55:24 | 00,000,179 | ---- | C] () -- C:\WINNT\hpbafd.ini
    [2002/07/03 11:47:58 | 00,000,851 | ---- | C] () -- C:\WINNT\WIN.INI
    [2002/07/03 11:22:16 | 00,000,881 | ---- | C] () -- C:\WINNT\ODBC.INI
    [2002/06/27 16:03:52 | 00,000,476 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
    [2002/05/07 16:06:36 | 00,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\platmsg.dll
    [2002/05/07 16:06:16 | 00,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\netamsg.dll
    [2002/04/16 16:57:28 | 00,135,168 | ---- | C] () -- C:\WINNT\System32\aolninst.dll
    [2002/02/06 08:04:14 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
    [2002/01/21 14:17:18 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
    [2001/06/19 13:00:40 | 00,000,231 | ---- | C] () -- C:\WINNT\SYSTEM.INI
    [2001/05/08 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\QCUT.DLL
    [2001/05/08 07:00:00 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\LVCAM.SYS
    [2001/05/08 07:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\EFSADU.DLL
    [2001/05/08 07:00:00 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\LVSOUND.SYS
    [2001/05/08 07:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\IASPERF.INI
    [2001/05/08 07:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\FAXPERF.INI
    [2001/05/08 07:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\WELCOME.INI
    [2000/02/24 06:03:04 | 00,061,502 | ---- | C] () -- C:\WINNT\System32\ODBCMON.DLL
    [1999/01/22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
    [1980/01/01 00:00:00 | 00,262,144 | ---- | C] () -- C:\WINNT\System32\shpshftr.dll
    [1980/01/01 00:00:00 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\igfxdgps.dll

    ========== Files - Modified Within 30 Days ==========

    [1 C:\WINNT\System32\*.tmp files]
    [4 C:\WINNT\*.tmp files]
    [2009/04/30 12:42:26 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
    [2009/04/30 12:38:37 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
    [2009/04/30 12:34:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
    [2009/04/30 12:15:39 | 00,223,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CrucialScan.exe
    [2009/04/30 12:05:47 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2009/04/30 11:59:56 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/04/29 22:42:07 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_43c.dat
    [2009/04/29 21:35:17 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_594.dat
    [2009/04/29 18:41:13 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_59c.dat
    [2009/04/29 13:09:53 | 00,000,000 | ---- | M] () -- C:\WINNT\nsreg.dat
    [2009/04/29 13:08:56 | 00,001,481 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2009/04/28 15:52:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_584.dat
    [2009/04/26 19:43:21 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3 USB Modem.lnk
    [2009/04/26 11:10:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_498.dat
    [2009/04/25 20:04:06 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
    [2009/04/25 17:03:47 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f0.dat
    [2009/04/25 11:03:05 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5e8.dat
    [2009/04/21 16:00:49 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_610.dat
    [2009/04/20 20:04:22 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_558.dat
    [2009/04/20 16:52:54 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4b4.dat
    [2009/04/17 21:06:49 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_608.dat
    [2009/04/16 20:50:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4a0.dat
    [2009/04/15 11:19:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_438.dat
    [2009/04/14 17:01:45 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_480.dat
    [2009/04/11 17:50:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_620.dat
    [2009/04/07 19:26:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_414.dat
    [2009/04/07 17:16:05 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_478.dat
    [2009/04/06 22:12:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_600.dat
    [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
    [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
    [2009/04/05 10:31:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5c0.dat
    [2009/04/04 16:54:57 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d0.dat
    [2009/04/03 18:11:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_590.dat
    [2009/04/02 18:26:31 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_650.dat
    [2009/03/31 20:50:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4dc.dat

    ========== LOP Check ==========

    [2009/04/30 12:35:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
    [2008/09/15 18:54:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
    [2008/06/16 20:50:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google
    [2009/01/06 19:07:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
    [2002/06/27 16:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
    [2008/06/18 09:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
    [2009/04/30 11:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2008/12/01 16:30:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
    [2009/04/29 13:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2008/10/26 10:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
    [2008/10/19 00:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
    [2009/04/30 11:58:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
    [2008/08/24 21:18:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vghd
    [2009/04/30 12:42:17 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/04/30 12:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    [2008/06/18 09:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
    [2009/04/04 10:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
    [2004/09/10 09:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
    [2008/06/18 10:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2009/04/30 11:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2003/09/11 10:20:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2003/11/25 17:20:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
    [2005/12/02 13:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
    [2009/04/30 12:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2008/06/18 09:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
    [2001/05/08 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\DESKTOP.INI
    [2009/04/30 12:38:37 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

    ========== Purity Check ==========


    ========== Custom Scans ==========


    < %systemroot%\System32\antiwpa.dll >

    < %systemroot%\SYSTEM32\wpa.dll >

    < %systemroot%\setup\scripts\biestart.exe >

    < %systemroot%\system32\drivers\royal.sys >

    < %SYSTEMDRIVE%\*. >
    [2009/04/30 12:47:54 | 00,000,000 | ---D | M] -- C:
    [2008/06/18 11:08:22 | 00,000,000 | -H-D | M] -- C:\$AVG8.VAULT$
    [2002/07/03 12:51:32 | 00,000,000 | ---D | M] -- C:\26.08.02
    [2008/04/14 14:29:22 | 00,000,000 | ---D | M] -- C:\adminshare
    [2002/06/27 16:01:42 | 00,000,000 | ---D | M] -- C:\BACKUP
    [2002/07/03 12:05:17 | 00,000,000 | RHSD | M] -- C:\cmdcons
    [2002/06/27 16:01:42 | 00,000,000 | ---D | M] -- C:\DELL
    [2002/06/27 16:01:42 | 00,000,000 | ---D | M] -- C:\DISCOVER
    [2007/10/05 10:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings
    [2002/06/27 16:01:42 | 00,000,000 | ---D | M] -- C:\DOS
    [2002/06/27 16:04:50 | 00,000,000 | ---D | M] -- C:\DRIVERS
    [2007/02/13 11:28:25 | 00,000,000 | ---D | M] -- C:\I386
    [2008/08/24 21:23:51 | 00,000,000 | ---D | M] -- C:\ltpb
    [2008/08/24 21:24:03 | 00,000,000 | ---D | M] -- C:\ltpb2
    [2006/05/19 19:47:54 | 00,000,000 | ---D | M] -- C:\My Downloads
    [2005/10/27 09:20:48 | 00,000,000 | ---D | M] -- C:\My Music
    [2009/04/30 12:42:17 | 00,000,000 | ---D | M] -- C:\Program Files
    [2002/06/27 16:03:22 | 00,000,000 | -HSD | M] -- C:\RECYCLED
    [2009/04/30 12:52:08 | 00,000,000 | -HSD | M] -- C:\RECYCLER
    [2005/01/04 16:37:17 | 00,000,000 | ---D | M] -- C:\siapp
    [2005/11/08 14:08:35 | 00,000,000 | ---D | M] -- C:\SmartDraw 7
    [2007/10/11 11:24:42 | 00,000,000 | -HSD | M] -- C:\System Volume Information
    [2002/07/03 12:17:14 | 00,000,000 | ---D | M] -- C:\Windows Update Setup Files
    [2009/04/29 13:09:53 | 00,000,000 | ---D | M] -- C:\WINNT
    [2002/10/01 09:51:52 | 00,000,000 | -H-D | M] -- C:\WUTemp

    < %PROGRAMFILES%\*. >
    [2009/04/30 12:42:17 | 00,000,000 | ---D | M] -- C:\Program Files
    [2002/06/27 16:06:42 | 00,000,000 | ---D | M] -- C:\Program Files\Accessories
    [2002/07/03 11:41:56 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2008/06/18 20:18:25 | 00,000,000 | ---D | M] -- C:\Program Files\Atari
    [2002/08/26 16:33:41 | 00,000,000 | ---D | M] -- C:\Program Files\AvantGo Connect
    [2008/06/18 09:33:39 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
    [2005/11/25 17:04:44 | 00,000,000 | ---D | M] -- C:\Program Files\Cloudmark
    [2008/06/16 21:03:43 | 00,000,000 | ---D | M] -- C:\Program Files\Codemasters
    [2009/01/19 15:07:26 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2002/06/27 16:06:42 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
    [2008/06/18 13:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2002/08/27 10:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
    [2002/06/27 16:19:44 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
    [2002/06/27 16:19:22 | 00,000,000 | ---D | M] -- C:\Program Files\directx
    [2008/04/27 10:39:32 | 00,000,000 | ---D | M] -- C:\Program Files\EA GAMES
    [2008/12/09 20:00:43 | 00,000,000 | ---D | M] -- C:\Program Files\Empire Interactive
    [2008/08/24 21:23:13 | 00,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
    [2009/04/04 10:51:32 | 00,000,000 | ---D | M] -- C:\Program Files\Google
    [2009/04/30 12:28:16 | 00,000,000 | ---D | M] -- C:\Program Files\HijackThis
    [2008/08/21 18:54:26 | 00,000,000 | ---D | M] -- C:\Program Files\Huawei technologies
    [2008/12/09 20:00:42 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2002/06/27 16:19:16 | 00,000,000 | ---D | M] -- C:\Program Files\intel
    [2008/06/18 09:52:01 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2008/04/26 21:21:29 | 00,000,000 | ---D | M] -- C:\Program Files\Jowood
    [2009/04/29 13:16:01 | 00,000,000 | ---D | M] -- C:\Program Files\Lavalys
    [2009/04/30 12:04:18 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
    [2005/11/25 16:55:03 | 00,000,000 | ---D | M] -- C:\Program Files\LeMoMan
    [2007/01/11 10:31:50 | 00,000,000 | ---D | M] -- C:\Program Files\LizardTech
    [2009/04/30 11:59:57 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2002/08/26 16:33:42 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
    [2005/11/25 17:17:14 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
    [2002/07/03 12:30:24 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer
    [2008/06/18 09:48:32 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2002/10/09 12:19:37 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2002/10/09 12:20:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2002/07/03 11:21:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
    [2009/04/30 12:43:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2006/07/07 09:15:44 | 00,000,000 | ---D | M] -- C:\Program Files\Navman
    [2005/12/04 04:01:57 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2002/08/26 15:43:45 | 00,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate
    [2008/04/22 10:35:00 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2007/06/25 11:18:20 | 00,000,000 | ---D | M] -- C:\Program Files\Paint Shop Pro 5
    [2007/09/04 17:01:58 | 00,000,000 | ---D | M] -- C:\Program Files\Picasa2
    [2003/11/25 17:20:20 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2005/10/27 09:19:49 | 00,000,000 | ---D | M] -- C:\Program Files\Real
    [2002/07/03 12:13:41 | 00,000,000 | ---D | M] -- C:\Program Files\Resource Kit
    [2002/06/27 16:20:10 | 00,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2002/07/03 11:33:40 | 00,000,000 | ---D | M] -- C:\Program Files\Sip
    [2004/11/26 10:24:11 | 00,000,000 | ---D | M] -- C:\Program Files\Skype
    [2009/04/30 12:42:26 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
    [2008/06/18 09:22:12 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec
    [2008/06/18 09:22




  • OTListIt Extras logfile created on: 30/04/2009 12:49:56 - Run 1
    OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2800.1106)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    253.99 Mb Total Physical Memory | 162.20 Mb Available Physical Memory | 63.86% Memory free
    614.72 Mb Paging File | 416.55 Mb Available in Paging File | 67.76% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768;

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 24.08 Gb Free Space | 64.71% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 12.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: 2KCGVRH0JTWOMEY
    Current User Name: Ann
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
    "{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000
    "{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
    "{09131BDB-A91C-4D1C-830B-F2ADD80804E4}" = Microsoft Baseline Security Analyzer
    "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
    "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
    "{10B8AAC6-FE70-42B0-A244-7C9BE740A9D8}" = Windows 2000 Professional
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{20EC0DE2-07FF-4B8E-BDFA-A0A2E0E0805F}" = Cloudmark SpamNet 1.1
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
    "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
    "{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel® PRO Network Adapters WMI Provider (2.0)
    "{4CB67F83-F2FF-4542-A5EA-03082FB5B12F}" = My Little Pony
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{6797B492-3814-4129-AD07-C727D23FB5BF}" = Intel® Pro Alerting Agent, Version 3.0.0
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6BCCFFB7-97D9-40F7-9B29-0DECE6AB56E8}" = SmartST Desktop Version 3 for iCN600 Series
    "{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) 845G Chipset Graphics Driver Software
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run (TM) Demo
    "3 USB Modem" = 3 USB Modem
    "Ad-Aware" = Ad-Aware
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Acrobat eBook Reader" = Adobe Acrobat eBook Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "AVG8Uninstall" = AVG Free 8.0
    "Chaser" = Chaser
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "HijackThis" = HijackThis 2.0.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
    "Paint Shop Pro 5.01" = Paint Shop Pro 5.01
    "Picasa2" = Picasa 2
    "PROSet" = Intel(R) PRO Ethernet Adapter and Software
    "RealPlayer 6.0" = RealPlayer
    "Shockwave" = Shockwave
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "ST6UNST #1" = Sip Install
    "Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
    "vghd" = VirtuaGirl HD
    "Windows 2000 Service Pack" = Windows 2000 Service Pack 4
    "Windows CE Services" = Microsoft ActiveSync 3.5
    "WinZip" = WinZip
    "WMP7" = Windows Media Player 7.1

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 29/04/2009 07:46:25 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
    Description = Could not locate the script command lines in the Group Policy Object.

    Error - 29/04/2009 08:28:07 | Computer Name = 2KCGVRH0JTWOMEY | Source = Userenv | ID = 1000
    Description = Windows cannot unload your registry file. If you have a roaming profile,
    your settings are not replicated. Contact your administrator. DETAIL - Access
    is denied. , Build number ((2195)).

    Error - 29/04/2009 13:39:57 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
    Description = Could not locate the script command lines in the Group Policy Object.

    Error - 29/04/2009 16:33:50 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
    Description = Could not locate the script command lines in the Group Policy Object.

    Error - 29/04/2009 17:40:35 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
    Description = Could not locate the script command lines in the Group Policy Object.

    Error - 30/04/2009 06:54:50 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
    Description = Could not locate the script command lines in the Group Policy Object.

    Error - 30/04/2009 07:36:43 | Computer Name = 2KCGVRH0JTWOMEY | Source = Userenv | ID = 1000
    Description = Windows cannot unload your registry file. If you have a roaming profile,
    your settings are not replicated. Contact your administrator. DETAIL - Access
    is denied. , Build number ((2195)).

    Error - 30/04/2009 07:38:36 | Computer Name = 2KCGVRH0JTWOMEY | Source = UserInit | ID = 1001
    Description = Could not locate the script command lines in the Group Policy Object.

    Error - 30/04/2009 07:41:14 | Computer Name = 2KCGVRH0JTWOMEY | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 30/04/2009 07:53:51 | Computer Name = 2KCGVRH0JTWOMEY | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    [ System Events ]
    Error - 30/12/2008 16:33:17 | Computer Name = 2KCGVRH0JTWOMEY | Source = Removable Storage Service | ID = 262161
    Description = RSM cannot manage library PhysicalDrive3. It encountered an unspecified
    error. This can be caused by a number of problems including, but not limited to,
    database corruption, failure communicating with the library, or insufficient system
    resources.

    Error - 30/12/2008 16:33:28 | Computer Name = 2KCGVRH0JTWOMEY | Source = Removable Storage Service | ID = 262161
    Description = RSM cannot manage library PhysicalDrive2. It encountered an unspecified
    error. This can be caused by a number of problems including, but not limited to,
    database corruption, failure communicating with the library, or insufficient system
    resources.

    Error - 30/12/2008 16:33:28 | Computer Name = 2KCGVRH0JTWOMEY | Source = Removable Storage Service | ID = 262161
    Description = RSM cannot manage library PhysicalDrive3. It encountered an unspecified
    error. This can be caused by a number of problems including, but not limited to,
    database corruption, failure communicating with the library, or insufficient system
    resources.

    Error - 30/12/2008 17:22:10 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
    Description = No Windows NT or Windows 2000 Domain Controller is available for domain
    UL. The following error occurred: %%1311

    Error - 04/01/2009 19:58:09 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
    Description = No Windows NT or Windows 2000 Domain Controller is available for domain
    UL. The following error occurred: %%1311

    Error - 04/01/2009 20:00:40 | Computer Name = 2KCGVRH0JTWOMEY | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 05/01/2009 21:59:51 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
    Description = No Windows NT or Windows 2000 Domain Controller is available for domain
    UL. The following error occurred: %%1311

    Error - 06/01/2009 05:02:24 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
    Description = No Windows NT or Windows 2000 Domain Controller is available for domain
    UL. The following error occurred: %%1311

    Error - 06/01/2009 05:02:41 | Computer Name = 2KCGVRH0JTWOMEY | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 06/01/2009 06:46:24 | Computer Name = 2KCGVRH0JTWOMEY | Source = NETLOGON | ID = 5719
    Description = No Windows NT or Windows 2000 Domain Controller is available for domain
    UL. The following error occurred: %%1311


    < End of report >




  • Phew got those 2 logs files like you asked. Talk about detailed :eek:

    This is what I did on the pc before I took those logs:

    1) Booted up with a LiveCD and deleted the winlogon.exe file and deleted the Internet Antivirus Pro program files folder.

    2) Ran HijackThis and fixed the entries pertaining to the (now deleted) winlogon.exe and Internet Antivirus Pro

    3) Did another HijackThis log and ran it through Hijackthis.de and found nothing wrong.

    4) Downloaded the malwarebytes Anti Malware program, updated it and ran a quick scan. It found around 30 nasties (some of which were remnants of Internet Antivirus Pro) and deleted them.

    5) Downloaded OTListIt2 and did what ActorSeeksJob asked me to do and posted the logs in this thread

    The only thing I'm worried about is I installed AdAware but when I clicked on it the splash screen showed and nothing else happened. Could this be an indication of a nasty stopping it from starting up?


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    looks good, don't have the mbam log do you ?

    Run OTList2.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTLI
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe
      C:\program files\Internet Antivirus Pro
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done



    Download Rooter.exe to your desktop
    • Then doubleclick it to start the tool
    • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here




  • :( Damn I didn't keep the mbam log...I had it and all. I did run mbam twice and the second time it found nothing.

    Thanks for your help. I'll have to wait a few days before I can do the other stuff you told me.

    Is HijackThis not any good any more? Has OTListIt2 taken over from it? I posted the original HijackThis log on a few malware forums but got no replies :(


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    yes pretty much

    you should tell those forums you are being helped so they don't waste their time




  • yes pretty much

    you should tell those forums you are being helped so they don't waste their time
    Will do. I posted on the bleepingcomputer and techguy forums yesterday early but didn't get a single reply. They're well swallowed up by the other threads by now but I will add a post saying I'm being looked after.

    I'm guessing I didn't get any help because I posted a HijackThis log and its outdated. What a shame. It was a great program in its day.


Advertisement