Virus affecting sound =(

I think a virus is affecting my sound driver. Its called PxHelp20.sys is it bad if I delete it from Registry?

- It's found in C:\Windows/System32/Drivers folder.
- Its not registered with microsoft or anything.
- Its affecting my ATAP CDRW 52X32 devie.
- Its affecting my SJ5491L CD device also.
- Just now its affected microsoft word I believe (not 100% sure) Since MS Word keeps closing on me every 5 minutes

Please help me. Thank you for your time.

 

Welcome to Computer Help Forums!

Please only post in one forum, if it needs to be moved later that is easily done.
http://computerhelpforums.net/malware-removal/46793-preparation-for-malware-removal-help.html

May I suggest that you follow the procedure outlined below prior to it being addressed. I will remove the other post.

 

Hi sorry bout that, could u answer my question though? Should i just delete the file from my registrar?

 

It would seem that on some its problem on others its OK, so deleting it is your choice. here is a link to more info about it, from what I have read I think that removal is advisable

PxHelp20.sys Windows process - What is it?

 

I am afraid that simply removing the file from my registry will have a negative effect on my PC. I Have already seen that link you sent me. I have logs available and have run all the tests required shown through the Malware Prevention link. Any other help would be useful.

 

Please post the logs one at a time to this thread so they can be reviewed.

 

UPDATE: My sound was back when my brother went on the computer. However, its not working at the moment. I want to get rid of this PxHelp20.sys file. Here are my logs, I have run malware and all tests specified. Please help me get rid of this file.

- AND NO I have not downloaded or installed ANYTHING belonging to Sonic Solutions CD software.

 

OTL Extras logfile created on: 10/22/2009 10:07:43 PM - Run 1
OTL by OldTimer - Version 3.0.22.0 Folder = C:\Documents and Settings\Rahman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.80 Mb Total Physical Memory | 147.66 Mb Available Physical Memory | 28.97% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.38% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 10.93 Gb Free Space | 14.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHAMIM-225Q1OCG
Current User Name: Rahman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"14321:TCP" = 14321:TCP:*:Enabled:utorrent
"14321:UDP" = 14321:UDP:*:Enabled:utorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Call -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent -- ()
"C:\Program Files\Call of Duty\CoDMP.exe" = C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"C:\Documents and Settings\Rahman\Local Settings\Apps\2.0\AG4J6YJ2.6PP\OO9MRGDZ.OLC\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2DF FreePlay Client.exe" = C:\Documents and Settings\Rahman\Local Settings\Apps\2.0\AG4J6YJ2.6PP\OO9MRGDZ.OLC\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2DF FreePlay Client.exe:*:Enabled:2DF FreePlay Client -- (Damdai)
"C:\Documents and Settings\Rahman\Application Data\Damdai\2DF\FreePlay\freeplay_emu.exe" = C:\Documents and Settings\Rahman\Application Data\Damdai\2DF\FreePlay\freeplay_emu.exe:*:Enabled:2DF FreePlay Emulator -- (Damdai)
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe" = C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\rahman2000\day of defeat\hl.exe" = C:\Program Files\Steam\steamapps\rahman2000\day of defeat\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Steam\steamapps\rahman2000\team fortress classic\hl.exe" = C:\Program Files\Steam\steamapps\rahman2000\team fortress classic\hl.exe:*isabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:EnabledPLive -- ( )
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Rahman\Desktop\Server.exe" = C:\Documents and Settings\Rahman\Desktop\Server.exe:*:Enabled:Server -- File not found
"C:\Program Files\Xming\Xming.exe" = C:\Program Files\Xming\Xming.exe:*:Enabled:Xming X Server -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe" = C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:EnabledurpleBean.exe -- ()
"C:\Program Files\Steam\steamapps\rahman2000\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\rahman2000\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B533F34-22BA-4301-BAF8-EA1CEDB06F9E}" = Quake Live Mozilla Plugin
"{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{155C490A-CDDC-4C05-B5FF-633DE4784B85}" = Ready to Program with Java Technology
"{17B4506C-737C-458E-B7D6-5C0ED8221996}" = Game Vindicator
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1DC02E08-5098-42CD-81E3-4A5C877C7902}" = UFile 2006
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28E24092-3BAE-4D38-A57B-F830862E3A31}" = QuickTax 2003 for Small Business
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2998FC3C-E41C-41D7-8527-D51B10363120}" = UFile Updater 2005
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{329ABF30-0376-40AE-A8D2-231BF6AC605C}" = UFile Updater 2006
"{32A3A4F4-B792-11D6-A78A-00B0D0160020}" = Java(TM) SE Development Kit 6 Update 2
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{52D8773C-20C6-4FA9-8C6B-1058FAAC0B44}" = Math Advantage Pre-Calculus&Calculus
"{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}" = QuickTax 2004
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{55DC7C8C-1586-4FB7-BC82-3191B377C68F}" = SFO
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EE6730-DA82-4544-B1E0-C280225D9621}" = H&R Block Tax 2008
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}" = NHL Eastside Hockey Manager 2007
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro version 1.18.1.16
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A98BEA7A-5F50-45C9-AB8C-751BBBC661C6}" = Quake Live Internet Explorer Plugin
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BC4EF602-67C3-498A-94C7-3A9BE9116AC8}" = Microsoft DirectX 9.0 SDK Update (December 2004)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9B59DAD-86AC-456C-80A7-B665E77AA325}" = SigmaTel MSCN Audio Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC14EB37-7EF8-4628-8867-7BA82D2C7735}" = H&R Block Tax Updater 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D41FDB53-F56A-4F32-8A5D-9C99E255F7EE}" = QuickTax Tracker
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E9BC3D94-0FE4-4C4F-BEE8-26CE0AA89D80}" = VirtuPet
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel(R) PROSet
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F86AAA85-32B4-4686-9B42-8D4C3766BC73}" = UFile 2005
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat Reader 3.02" = Adobe Acrobat Reader 3.02
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"AdwarePro" = AdwarePro 1.0
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 3.0.2
"Any Video Converter_is1" = Any Video Converter 2.7.0
"AVG8Uninstall" = AVG Free 8.5
"AVI Movie Player" = AVI Movie Player
"Azureus" = Azureus
"Birth of the Federation" = Birth of the Federation
"BitTorrent" = BitTorrent 5.0.9
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"Brainfuse Participant QuickConnect" = Brainfuse Participant QuickConnect
"Call of Duty" = Call of Duty
"Chilton's Vehicle Library" = Chilton's Vehicle Library
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crimson Editor" = Crimson Editor (remove only)
"CyberSnacks" = MathAtWork: CyberSnacks
"Digital Media Converter_is1" = Digital Media Converter 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DLDIrc" = DLDIrc
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FINAL FANTASY VIII" = FINAL FANTASY VIII
"Fraps" = Fraps
"Fx Joiner and Splitter" = Fx Joiner and Splitter
"GoogleVideoPlayer" = Google Video Player
"Graboid Video" = Graboid Video 1.65
"Gunz" = MAIET entertainment - Gunz
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"Halo Trial" = Microsoft Halo Trial
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"HP-LaserJet 1020 series" = LaserJet 1020 series
"InstallShield_{D41FDB53-F56A-4F32-8A5D-9C99E255F7EE}" = QuickTax Tracker
"Internet Update" = Internet Update
"JAMktSetup" = JAM KT v3
"KartRider" = KartRider
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.75 Full
"LiveReg" = LiveReg (Symantec Corporation)
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaJoin" = MediaJoin
"Metal Gear Solid" = Metal Gear Solid
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MPEG Converter" = MPEG Converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Need2FindBar Uninstall" = Need2Find Bar
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeuLion Adaptive Plugin" = NeuLion Adaptive Plugin
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PC Wizard 2008_is1" = PC Wizard 2008.1.86
"PicasaNet" = Hello (remove only)
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PPLive" = PPLive 2.2.21
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"PunkBusterSvc" = PunkBuster Services
"QuickTime 3.0" = QuickTime 3.0
"Quran_AR" = Quran Auto Reciter 1.0
"ReaJPEG Pro_is1" = ReaJPEG Pro 3.9
"RealPlayer 6.0" = RealPlayer
"Risk®" = Risk®
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Shockwave" = Shockwave
"SopCast" = SopCast 3.0.0
"ST6UNST #1" = WebDeployerSupport
"ST6UNST #2" = Chilton's Total Car Care
"ST6UNST #3" = Chilton's Total Car Care (C:\Program Files\Chilton's Total Car Care\)
"Steam" = Steam
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TTPlat" = Typing Tutor Platinum
"Unichat 2" = Unichat 2
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com" = ijji
"Neo Final Burn Alpha" = Neo Final Burn Alpha
"Steam App 300" = Day of Defeat: Source
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2009 5:18:46 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 5:18:57 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 5:19:02 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 5:19:10 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 5:19:35 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 5:19:41 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 5:21:46 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 5:32:07 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 5:32:30 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

Error - 10/22/2009 7:34:42 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0,
fault address 0x00012afb.

[ OSession Events ]
Error - 10/22/2009 5:18:45 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 5:18:57 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 5:19:01 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 5:19:10 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 5:19:34 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 5:19:40 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 5:21:45 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 5:32:06 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 612
seconds with 540 seconds of active time. This session ended with a crash.

Error - 10/22/2009 5:32:29 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 7:34:36 PM | Computer Name = SHAMIM-225Q1OCG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/22/2009 6:26:36 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/22/2009 6:28:18 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 10/22/2009 9:58:22 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 10/22/2009 9:58:22 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip
service which failed to start because of the following error: %%31

Error - 10/22/2009 9:58:22 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus Auto-Protect Service service failed to start
due to the following error: %%2

Error - 10/22/2009 9:58:22 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7000
Description = The SAVRTPEL service failed to start due to the following error: %%2

Error - 10/22/2009 9:58:22 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NetBT

Error - 10/22/2009 9:58:22 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/22/2009 9:59:29 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/22/2009 10:00:48 PM | Computer Name = SHAMIM-225Q1OCG | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

 

OTL logfile created on: 10/22/2009 10:07:43 PM - Run 1
OTL by OldTimer - Version 3.0.22.0 Folder = C:\Documents and Settings\Rahman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.80 Mb Total Physical Memory | 147.66 Mb Available Physical Memory | 28.97% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.38% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 10.93 Gb Free Space | 14.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHAMIM-225Q1OCG
Current User Name: Rahman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rahman\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\runservice.exe ()
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (C-Dilla Ltd)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Software 2000 Limited)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (bgsvcgen [Auto | Running]) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (C-DillaSrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (C-Dilla Ltd)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LicCtrlService [Auto | Running]) -- C:\WINDOWS\runservice.exe ()
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (navapsvc [Auto | Stopped]) -- File not found
SRV - (NetSvc [On_Demand | Stopped]) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NPFMntor [Auto | Stopped]) -- File not found
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PinnacleUpdateSvc [Auto | Stopped]) -- C:\Documents and Settings\Rahman\Desktop\IMPORTANT STUFF\Misc\Sf 3rd strike\Joystick Config\pinnacle_updater.exe (KALiNKOsoft)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (SAVScan [On_Demand | Stopped]) -- File not found
SRV - (SBService [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe (Symantec Corporation)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ac97ich4.sys (Intel Corporation)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (C-Dilla [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CDANT.SYS (Macrovision)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (NAL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\iqvw32.sys (Intel Corporation )
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040811.020\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040811.020\NAVEX15.SYS (Symantec Corporation)
DRV - (Ndisprot [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Ndisprot.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\OVCD.sys (Microsoft Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SymEvent [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (tap0901 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV - (xusb21 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\xusb21.sys (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rahman\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = swagbucks.com Search & Win
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/30 17:04:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/17 22:12:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/28 11:24:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 16:14:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/09 11:29:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/09 11:29:31 | 00,000,000 | ---D | M]

[2009/02/09 16:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Extensions
[2008/09/01 14:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/09 16:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/22 15:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Firefox\Profiles\5ocjej3h.Default User\extensions
[2007/10/26 17:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Firefox\Profiles\5ocjej3h.Default User\extensions\{1368F36C-0370-419a-A408-28F94FD35974}
[2009/09/02 13:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Firefox\Profiles\5ocjej3h.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/15 13:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Firefox\Profiles\5ocjej3h.Default User\extensions\FFClickOnce@softwarepunk.com
[2009/06/03 15:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Firefox\Profiles\5ocjej3h.Default User\extensions\moveplayer@movenetworks.com
[2007/12/05 20:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Firefox\Profiles\k38dcmw9.default\extensions
[2005/06/11 18:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Firefox\Profiles\k38dcmw9.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/05 20:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\mozilla\Firefox\Profiles\k38dcmw9.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/10/22 15:07:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 14:54:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/02 11:26:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/06/16 16:00:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/12/30 17:05:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/09/11 14:54:29 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 14:54:29 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2005/07/16 08:41:00 | 00,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2009/01/26 21:34:38 | 01,044,480 | ---- | M] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2006/07/28 10:32:54 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2006/10/02 23:59:57 | 00,040,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2007/08/15 20:05:00 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2008/12/30 17:04:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/01/26 21:34:16 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/03 00:34:44 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2005/05/28 19:15:00 | 00,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/09/11 14:54:38 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/06/30 23:02:00 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/03/04 22:22:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/04 22:22:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/04 22:22:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/04 22:22:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/04 22:22:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/04 22:22:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/04 22:22:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/04/27 16:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/01/26 21:34:38 | 00,200,704 | ---- | M] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/09/01 14:17:34 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/01 14:17:34 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/01 14:17:34 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 17:10:38 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/10/08 17:50:05 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/10/08 17:50:05 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2008/09/01 14:17:34 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/01 14:17:34 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (21 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CIEExtension Object) - {B51DC573-E998-4834-9B45-BAB7C2AE0A75} - C:\Program Files\Ad-Protect\ADPIEmonitor.dll File not found
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe File not found
O4 - HKLM..\Run: [C:\WINDOWS\system32\kdjdy.exe] C:\WINDOWS\System32\kdjdy.exe File not found
O4 - HKLM..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NAV CfgWiz] C:\Program Files\Norton AntiVirus\CfgWiz.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Quran_AR] C:\Program Files\Quran_AR\Quran_AR.exe File not found
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [ScanAndRepair] C:\Program Files\Scan&Repair Utilities 2006\Scan&Repair2006.Exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\RunOnce: [UniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster 2010\launcher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\Rahman\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Rahman\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ( )
O9 - Extra Button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\NewDotNet\newdotnet7_22.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Key error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} http://gamingzone.ubisoft.com/dev/packages/GSManager.cab (CoGSManager Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} ijji - Where Gamers Unite! (ijjiPlugin2 Class)
O16 - DPF: {60246658-5626-449F-8701-66D278AD2EB2} http://www.brainfuse.com/downloads/QCDetector/BrainfuseQuickConnectDetector.CAB (QCDetector.Base)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} ijji - Where Gamers Unite! (HGPlugin9USA Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} ijji - Where Gamers Unite! (HGPlugin10USA Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/21 21:38:48 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{39cd7c00-b808-11dd-ab44-000cf1c1d850}\Shell - "" = AutoRun
O33 - MountPoints2\{39cd7c00-b808-11dd-ab44-000cf1c1d850}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85b7ce5e-d5eb-11dc-a788-000cf1c1d850}\Shell - "" = AutoRun
O33 - MountPoints2\{85b7ce5e-d5eb-11dc-a788-000cf1c1d850}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c041f37c-6e76-11de-9ba3-000cf1c1d850}\Shell - "" = AutoRun
O33 - MountPoints2\{c041f37c-6e76-11de-9ba3-000cf1c1d850}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9a86736-a30f-11de-9c5e-000cf1c1d850}\Shell - "" = AutoRun
O33 - MountPoints2\{f9a86736-a30f-11de-9c5e-000cf1c1d850}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/03 19:42:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rahman\Application Data\NeuLion
[2009/09/23 18:41:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rahman\Application Data\ReaSoft
[2009/09/23 18:42:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rahman\Local Settings\Application Data\ReaJPEG
[2009/10/02 11:29:40 | 00,000,000 | ---D | C] -- C:\Program Files\Crimson Editor
[2009/10/01 17:30:55 | 00,000,000 | ---D | C] -- C:\Program Files\DLDIrc
[2009/10/22 18:33:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/08 17:50:13 | 00,000,000 | ---D | C] -- C:\Program Files\Fast Browser Search
[2009/10/09 11:29:19 | 00,000,000 | ---D | C] -- C:\Program Files\ijji
[2009/09/23 18:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\ReaSoft
[2009/10/08 17:50:39 | 00,000,000 | ---D | C] -- C:\Program Files\SGPSA
[2009/10/02 11:26:26 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/10/20 14:15:13 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/10/01 16:36:35 | 00,000,000 | ---D | C] -- C:\Program Files\Xming
[2009/10/22 22:06:39 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rahman\Desktop\OTL.exe
[2009/10/22 22:03:13 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Rahman\Desktop\RootRepeal.exe
[2009/10/22 18:37:43 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rahman\Desktop\mbam-setup.exe
[2009/10/22 18:34:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/22 18:32:44 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Rahman\Desktop\erunt-setup.exe
[2009/10/22 18:17:07 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rahman\Desktop\TFC.exe
[2009/10/09 11:30:11 | 00,075,264 | ---- | C] (<NHN USA Inc>.) -- C:\WINDOWS\System32\uc_holybeast_launching.dll
[2009/10/09 11:29:29 | 00,208,384 | ---- | C] (<YNK Intractive>) -- C:\WINDOWS\System32\uc_rohan_launching.dll
[2009/10/09 11:29:29 | 00,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\WINDOWS\System32\uc_sfighters_launching.dll
[2009/10/09 11:29:29 | 00,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\WINDOWS\System32\uc_atlantica_launching.dll
[2009/10/09 11:29:29 | 00,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\WINDOWS\System32\uc_luminary_launching.dll
[2009/10/09 11:29:27 | 00,058,800 | ---- | C] (NHN USA Inc.) -- C:\WINDOWS\System32\ijjiProcessRestarter.exe
[2009/10/09 11:28:16 | 00,087,472 | ---- | C] (<NHN USA Inc>.) -- C:\WINDOWS\System32\ijjiChannelingPlugin.dll
[2009/10/02 11:26:07 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/02 11:26:07 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/02 11:26:07 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/23 18:41:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rahman\My Documents\ReaJPEG
[2005/07/04 13:22:59 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/22 22:09:36 | 00,000,318 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2009/10/22 22:06:45 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rahman\Desktop\OTL.exe
[2009/10/22 22:03:24 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Rahman\Desktop\settings.dat
[2009/10/22 22:03:05 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Rahman\Desktop\RootRepeal.zip
[2009/10/22 22:01:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/22 21:58:50 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/10/22 21:58:11 | 00,000,809 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2009/10/22 21:57:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/22 20:52:59 | 00,042,370 | ---- | M] () -- C:\Documents and Settings\Rahman\Application Data\wklnhst.dat
[2009/10/22 18:39:14 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/22 18:37:43 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rahman\Desktop\mbam-setup.exe
[2009/10/22 18:34:17 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Rahman\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/22 18:33:46 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Rahman\Desktop\NTREGOPT.lnk
[2009/10/22 18:33:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Rahman\Desktop\ERUNT.lnk
[2009/10/22 18:32:55 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Rahman\Desktop\erunt-setup.exe
[2009/10/22 18:17:14 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rahman\Desktop\TFC.exe
[2009/10/22 17:45:43 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Rahman\Desktop\Microsoft Office Word 2007.lnk
[2009/10/22 14:22:45 | 00,003,788 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/22 13:03:34 | 43,454,650 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/22 13:03:34 | 00,047,385 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/22 13:01:46 | 00,119,296 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2009/10/21 20:20:57 | 01,046,078 | -H-- | M] () -- C:\Documents and Settings\Rahman\Local Settings\Application Data\IconCache.db
[2009/10/18 19:11:23 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Rahman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 22:07:18 | 00,505,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 22:07:18 | 00,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 22:07:18 | 00,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/10 15:29:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/07 12:17:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 11:22:31 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/25 01:37:11 | 00,667,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/09/25 01:37:11 | 00,667,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/09/25 01:37:11 | 00,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/09/25 01:37:11 | 00,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/09/25 01:37:10 | 03,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/09/25 01:37:10 | 03,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/09/25 01:37:10 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2009/09/25 01:37:10 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/09/25 01:37:09 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/09/25 01:37:09 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/09/24 09:41:21 | 00,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

========== Files - No Company Name ==========
[2009/10/22 22:09:36 | 00,000,318 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2009/10/22 22:03:24 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Rahman\Desktop\settings.dat
[2009/10/22 22:03:04 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Rahman\Desktop\RootRepeal.zip
[2009/10/22 18:39:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/22 18:34:17 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Rahman\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/22 18:33:46 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Rahman\Desktop\NTREGOPT.lnk
[2009/10/22 18:33:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Rahman\Desktop\ERUNT.lnk
[2009/06/29 15:11:33 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2009/04/08 15:01:24 | 00,022,858 | ---- | C] () -- C:\Program Files\faizansemab2008.u08
[2009/03/22 13:42:08 | 00,000,006 | ---- | C] () -- C:\Documents and Settings\Rahman\Application Data\dm.ini
[2009/03/22 13:42:07 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Rahman\Application Data\AdobeDLM.log
[2009/03/14 21:06:28 | 01,046,078 | -H-- | C] () -- C:\Documents and Settings\Rahman\Local Settings\Application Data\IconCache.db
[2009/02/27 19:18:51 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Rahman\Application Data\PnkBstrK.sys
[2009/02/12 19:17:54 | 00,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/02/12 19:17:54 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2009/02/12 19:17:54 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2009/01/24 13:08:49 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/12/24 19:07:22 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/11/25 18:28:07 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/10/01 11:46:01 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/06/19 14:48:18 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/03/25 22:34:29 | 00,000,809 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2008/03/25 22:34:28 | 00,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2008/02/20 21:57:30 | 00,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/02/19 20:20:40 | 00,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/02/19 20:20:39 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/02/07 11:05:18 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2008/01/22 23:52:18 | 00,000,291 | ---- | C] () -- C:\WINDOWS\ready_files.ini
[2007/11/22 21:01:32 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/10/19 20:56:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 20:54:28 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/19 19:23:16 | 00,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/09/28 20:29:26 | 00,039,690 | ---- | C] () -- C:\Documents and Settings\Rahman\Local Settings\Application Data\FASTWiz.log
[2007/09/07 11:33:25 | 00,034,818 | ---- | C] () -- C:\WINDOWS\System32\hhovwai.dll
[2007/09/07 11:33:17 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2007/08/29 19:16:03 | 00,004,306 | ---- | C] () -- C:\Program Files\faizan tax 2006.u06
[2007/08/16 18:08:01 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2007/07/03 15:02:17 | 00,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007/04/27 13:54:16 | 00,001,401 | ---- | C] () -- C:\Program Files\net06s_fakhar-un-nisa_semab.TAX
[2007/04/22 22:28:49 | 00,034,655 | ---- | C] () -- C:\Program Files\2006 nisa.u06
[2007/04/22 12:49:12 | 00,000,985 | ---- | C] () -- C:\Program Files\net06d1_rizwan_semab.TAX
[2007/04/22 12:47:48 | 00,022,056 | ---- | C] () -- C:\Program Files\rizwan 2006 taxreturn.u06
[2007/03/06 22:21:12 | 00,646,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/08/23 22:38:13 | 00,591,890 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/08/23 22:38:10 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/08/23 22:38:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/08/09 13:46:33 | 00,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2006/07/23 21:31:33 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/07/23 21:31:33 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/07/23 21:31:33 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/04/16 00:13:35 | 00,003,401 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/03/22 19:49:08 | 00,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/12/07 23:16:07 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/24 22:32:11 | 00,000,080 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/10/24 17:41:22 | 00,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/30 19:45:24 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/09/29 18:22:52 | 00,000,864 | -HS- | C] () -- C:\WINDOWS\System32\kjkmp.ini
[2005/09/16 01:48:26 | 00,060,016 | ---- | C] () -- C:\Documents and Settings\Rahman\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/04 17:10:24 | 00,000,048 | ---- | C] () -- C:\WINDOWS\mathadv.ini
[2005/08/04 17:10:12 | 00,000,127 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/08/03 19:33:08 | 00,002,197 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2005/07/20 15:45:12 | 00,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2005/06/26 16:19:49 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/06/26 16:19:49 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/06/24 18:53:08 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Rahman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/12 19:20:44 | 00,082,208 | ---- | C] () -- C:\Documents and Settings\Rahman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/06/12 15:10:30 | 00,042,370 | ---- | C] () -- C:\Documents and Settings\Rahman\Application Data\wklnhst.dat
[2005/06/11 18:41:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Rahman\Application Data\desktop.ini
[2005/05/13 21:45:31 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/03 00:07:37 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/03 00:07:12 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/04/25 20:44:42 | 00,000,307 | ---- | C] () -- C:\WINDOWS\TTPlat.ini
[2005/03/25 21:37:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/21 22:24:42 | 00,000,238 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/03/21 13:02:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/12/19 09:29:40 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 09:17:10 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/10/05 18:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/10/01 20:33:46 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/04 00:56:50 | 00,027,649 | ---- | C] () -- C:\WINDOWS\System32\yhsutli.dll
[2004/08/04 00:56:50 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\twunpub.dll
[2004/08/03 20:56:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/10 15:48:18 | 00,000,359 | ---- | C] () -- C:\Program Files\Read Me.txt
[2003/08/07 15:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/10/07 22:15:36 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/10/06 14:42:56 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:24 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 19:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 19:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 10:23:26 | 00,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 09:51:04 | 00,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2001/10/04 03:16:36 | 00,001,763 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/10/04 03:16:20 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/07/23 16:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 13:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/08/23 12:33:24 | 00,022,064 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll

========== LOP Check ==========

[2009/06/23 12:02:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/04 22:25:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/23 20:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{9E3A8735-9ABB-468A-A982-A50862FC9AB3}
[2009/10/20 14:14:56 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2007/11/19 18:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2008/10/30 18:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/09/24 20:59:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/06/08 14:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/06/20 14:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bib mags roam four
[2005/03/21 22:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/02/27 19:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2005/11/24 22:31:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/03/07 18:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit Canada
[2009/06/11 19:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2005/03/24 01:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/11/26 17:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2005/08/25 20:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2009/06/11 19:48:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2008/10/08 17:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2008/10/08 17:20:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVAPPLiveVAShareFlv
[2009/02/03 19:41:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/30 18:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/22 20:59:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rahman\Application Data
[2008/10/30 18:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\acccore
[2009/01/24 13:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Any Video Converter
[2008/09/24 20:59:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\AVS4YOU
[2009/06/08 15:06:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Azureus
[2008/12/21 21:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\BitTorrent
[2005/08/23 21:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Block Checker
[2009/09/01 15:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/15 13:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Damdai
[2008/07/26 20:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\FUJIFILM
[2005/06/26 16:32:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Gearbox Software
[2006/01/29 21:22:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\ICAClient
[2009/02/27 19:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\id Software
[2009/10/09 11:38:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rahman\Application Data\ijjigame
[2008/03/07 18:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Intuit Canada
[2008/06/08 15:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\iWin
[2009/02/12 19:18:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\KALiNKOsoft
[2005/09/09 21:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Keyhole
[2009/07/11 13:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\LimeWire
[2009/06/03 15:54:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rahman\Application Data\Move Networks
[2007/08/26 17:45:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Moyea
[2005/06/11 20:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\MSN6
[2009/10/03 19:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\NeuLion
[2007/08/26 19:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\NewsLeecher
[2009/06/11 19:59:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\PPLive
[2008/10/07 16:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\PPLiveVA
[2009/09/23 18:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\ReaSoft
[2009/01/23 20:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Seven Zip
[2007/10/04 17:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\SopCast
[2006/05/06 00:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\teamspeak2
[2006/03/22 19:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\ubi.com
[2009/10/20 14:15:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Uniblue
[2009/10/14 19:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\uTorrent
[2009/04/14 15:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Viewpoint
[2008/02/27 19:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rahman\Application Data\Xfire
[2009/10/10 15:29:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/10/04 03:15:16 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/22 22:09:36 | 00,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\HP WEP.job
[2009/10/22 22:01:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/22 21:58:50 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
< End of report >

 

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 15:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: am6bjt29.SYS
Image Path: C:\WINDOWS\System32\Drivers\am6bjt29.SYS
Address: 0xF795E000 Size: 303104 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF57F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C60000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP1520
Image Path: \Driver\PCI_NTPNP1520
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEDC12000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf85be0b0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf85c3a92

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf85c3e20

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf85be090

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf85c3ef8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf85c3d78

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf85c3f8a

==EOF==