It's the Sentinel Again! [HJT Included]

weepy · 2008/09/22

I've been experienced jerking and massive lagging with my computer for the past year, even my sound card is affected and will stutter when there's slightly higher PC activity. I also noticed I've been infected with the Sentinel **** again. Even though I've uninstalled Sentinel Systems Driver and deleted the registry key from LocalMachine, The problem still persists. From what I've searched in my regedit, I still have traces of it left:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_SENTINEL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_SENTINEL\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Enum\Root\LEGACY_SENTINEL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Enum\Root\LEGACY_SENTINEL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENTINEL

I can't seem to delete them as they keep coming back after deletion.
And here's a copy of my Hijackthis log:

Logfile of HijackThis v1991
Scan saved at 14:08:27, on 22/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7006 (700600016640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\62064\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\CMMON32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\62064\Desktop\Unused Desktop Icons\Hijack This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myrp.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\62064\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3960FED7-8129-46AA-8DD4-ABCB0F74AE05} (FFChocoMotion Class) - http://www.monolith-prime.co.jp/morph/smart_morph_ax.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaimtest.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166545413530
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A9ECE670-4652-4763-98F0-8A3EADA7FDBF} (FrameFree Web Player-5) - http://download.framefree.com/load_ffwp_activex-3,3,18,2_id5.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CCS\Services\Tcpip\..\{199BA327-DBB4-434E-887B-FEF5AF620651}: NameServer = 10.60.20.11 10.60.20.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS12\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: Domain = rp.edu.sg
O18 - Protocol: bw+0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Please help me out! Thank you!

noahdfear · 2008/09/22

Welcome to WindowsBBS weepy.

We need to use another tool that will give us a better look at things.

Download RSIT by random/random and save it to your desktop.

Double click RSIT.exe to start the tool.

At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.

If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.

When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.

Please post the contents of log.txt here in your next reply.

For what it's worth, I would be surprised if you were able to delete those Legacy keys without first adjusting the permissions on them. Have you done that?

weepy · 2008/09/23

As the log contains too many characters, I'll split them into different posts:

Logfile of random's system information tool 1.02 (written by random/random)
Run by 62064 at 2008-09-23 13:39:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (24%) free of 48 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:59, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\nipalsm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\62064\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\62064\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\62064\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\62064\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\62064\Desktop\RSIT.exe
C:\Program Files\trend micro\62064.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myrp.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\62064\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3960FED7-8129-46AA-8DD4-ABCB0F74AE05} (FFChocoMotion Class) - http://www.monolith-prime.co.jp/morph/smart_morph_ax.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaimtest.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166545413530
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A9ECE670-4652-4763-98F0-8A3EADA7FDBF} (FrameFree Web Player-5) - http://download.framefree.com/load_ffwp_activex-3,3,18,2_id5.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS12\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: Domain = rp.edu.sg
O18 - Protocol: bw+0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {FF3BB414-5A37-4E95-868F-0DF4317E18A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 25034 bytes

weepy · 2008/09/23

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2005-12-07 399424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-01 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-06-14 509592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2005-12-07 399424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LManager "=C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-04-28 483328]
"ePowerManagement "=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"epm-dm "=c:\acer\epm\epm-dm.exe [2005-04-21 188416]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AVP "=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]
"nwiz "=nwiz.exe /install []
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2005-03-25 5566464]
"Logitech Hardware Abstraction Layer "=KHALMNPR.EXE []
"AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2005-04-15 88202]
"KernelFaultCheck "=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock "=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr "=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"Google Update "=C:\Documents and Settings\62064\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-08 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-06-14 132760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-01 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^62064^Start Menu^Programs^Startup^UTAgent 3.0.lnk]
C:\PROGRA~1\REPUBL~1\UTClient\UTAgent.exe [2007-11-06 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^62064^Start Menu^Programs^Startup^winlogon.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^62064^Start Menu^Programs^Startup^Zapu Acceleration Engine.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^62064^Start Menu^Programs^Startup^Zapu.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
D:\Metacafe\METACA~1.EXE [2008-05-29 145736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent.lnk]
C:\PROGRA~1\REPUBL~1\UTClient\UTAgent.exe [2007-11-06 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"svcWRSSSDK "=2
"SDhelper "=2
"wuauserv "=3
"Schedule "=2
"RasMan "=2
"NWCWorkstation "=2
"MDM "=2
"helpsvc "=3
"ERSvc "=2
"CryptSvc "=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoAdminPage "=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe "= "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server "
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe "= "C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner "
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe "= "C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor "
"D:\O2jam\O2JamLauncher.exe "= "D:\O2jam\O2JamLauncher.exe:*:Enabled:O2Jam "
"C:\Program Files\Warcraft III\Frozen Throne.exe "= "C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne "
"C:\Program Files\Spybot - Search & Destroy\unins000.exe "= "C:\Program Files\Spybot - Search & Destroy\unins000.exe:*:Enabled:Uninstall Spybot - Search & Destroy "
"D:\BitTorrent\bittorrent.exe "= "D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\PPStream\PPStream.exe "= "C:\Program Files\PPStream\PPStream.exe:*:EnabledPStream "
"C:\Program Files\PPLive\PPLive.exe "= "C:\Program Files\PPLive\PPLive.exe:*:EnabledPLive "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox "
"C:\Program Files\Steam\SteamApps\pisces_coolboy@hotmail.com\opposing force\hl.exe "= "C:\Program Files\Steam\SteamApps\pisces_coolboy@hotmail.com\opposing force\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\SteamApps\pisces_coolboy@hotmail.com\half-life\hl.exe "= "C:\Program Files\Steam\SteamApps\pisces_coolboy@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\SteamApps\pisces_coolboy@hotmail.com\team fortress classic\hl.exe "= "C:\Program Files\Steam\SteamApps\pisces_coolboy@hotmail.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher "
"D:\Most Wanted\speed.exe "= "D:\Most Wanted\speed.exe:*:Enabled:speed "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger "
"C:\Program Files\Warcraft III\Warcraft III.exe "= "C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III "
"D:\counterstrike\hl.exe "= "D:\counterstrike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\OrCAD\OrCAD_10.5\setconfig.exe "= "C:\OrCAD\OrCAD_10.5\setconfig.exe:*:Enabled:setconfig (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\updates.exe "= "C:\OrCAD\OrCAD_10.5\updates.exe:*:Enabled:updates (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\icad.exe "= "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\icad.exe:*:Enabled:icad (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\cadopia.exe "= "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\cadopia.exe:*:Enabled:cadopia (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\installs.exe "= "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\installs.exe:*:Enabled:installs (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmdown.exe "= "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmdown.exe:*:Enabled:lmdown (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe "= "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe:*:Enabled:lmgrd (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmhostid.exe "= "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmhostid.exe:*:Enabled:lmhostid (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmtools.exe "= "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmtools.exe:*:Enabled:lmtools (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmutil.exe "= "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmutil.exe:*:Enabled:lmutil (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsdoc.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsdoc.exe:*:Enabled:cdsdoc (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsinfo.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsinfo.exe:*:Enabled:cdsinfo (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsmps.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsmps.exe:*:Enabled:cdsmps (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsMsgServer.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsMsgServer.exe:*:Enabled:cdsMsgServer (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsNameServer.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsNameServer.exe:*:Enabled:cdsNameServer (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsRemshClient.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsRemshClient.exe:*:Enabled:cdsRemshClient (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsRunHidden.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsRunHidden.exe:*:Enabled:cdsRunHidden (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsUnzip.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsUnzip.exe:*:Enabled:cdsUnzip (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdswhich.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdswhich.exe:*:Enabled:cdswhich (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cdsZip.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cdsZip.exe:*:Enabled:cdsZip (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\cds_root.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\cds_root.exe:*:Enabled:cds_root (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\clsAdminTool.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\clsAdminTool.exe:*:Enabled:clsAdminTool (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\clsbd.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\clsbd.exe:*:Enabled:clsbd (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\clu.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\clu.exe:*:Enabled:clu (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\dregprint.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\dregprint.exe:*:Enabled:dregprint (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\mpsinfo.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\mpsinfo.exe:*:Enabled:mpsinfo (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\nmp.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\nmp.exe:*:Enabled:nmp (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\nmppath.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\nmppath.exe:*:Enabled:nmppath (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\obServer.exe:*:EnabledbServer (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\switchversion.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\switchversion.exe:*:Enabled:switchversion (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\van.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\van.exe:*:Enabled:van (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\bin\versionviewer.exe "= "C:\OrCAD\OrCAD_10.5\tools\bin\versionviewer.exe:*:Enabled:versionviewer (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\capture.exe "= "C:\OrCAD\OrCAD_10.5\tools\capture\capture.exe:*:Enabled:capture (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\comp16.exe "= "C:\OrCAD\OrCAD_10.5\tools\capture\comp16.exe:*:Enabled:comp16 (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\pcadi.exe "= "C:\OrCAD\OrCAD_10.5\tools\capture\pcadi.exe:*:Enabledcadi (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\pspiceexplorersrvr.exe "= "C:\OrCAD\OrCAD_10.5\tools\capture\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\pstswp.exe "= "C:\OrCAD\OrCAD_10.5\tools\capture\pstswp.exe:*:Enabledstswp (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\regsvr32.exe "= "C:\OrCAD\OrCAD_10.5\tools\capture\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\sch2cap.exe "= "C:\OrCAD\OrCAD_10.5\tools\capture\sch2cap.exe:*:Enabled:sch2cap (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\SETBROWS.EXE "= "C:\OrCAD\OrCAD_10.5\tools\capture\SETBROWS.EXE:*:Enabled:SETBROWS (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\capture\tutorial\CAPTUTOR.EXE "= "C:\OrCAD\OrCAD_10.5\tools\capture\tutorial\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\cdsdoc\bin\cdsdocIndexer.exe "= "C:\OrCAD\OrCAD_10.5\tools\cdsdoc\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\cdsdoc\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5\tools\cdsdoc\bin\obServer.exe:*:EnabledbServer (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\fet\bin\mkdefcfg.exe "= "C:\OrCAD\OrCAD_10.5\tools\fet\bin\mkdefcfg.exe:*:Enabled:mkdefcfg (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\fet\bin\versiontool.exe "= "C:\OrCAD\OrCAD_10.5\tools\fet\bin\versiontool.exe:*:Enabled:versiontool (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\javaws-1_2_0_02-windows-i586-i.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\java.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\java.exe:*:Enabled:java (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\javaw.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\javaw.exe:*:Enabled:javaw (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\jpicpl32.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\jpicpl32.exe:*:Enabled:jpicpl32 (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\keytool.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\keytool.exe:*:Enabled:keytool (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\kinit.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\kinit.exe:*:Enabled:kinit (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\klist.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\klist.exe:*:Enabled:klist (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\ktab.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\ktab.exe:*:Enabled:ktab (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\orbd.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\orbd.exe:*:Enabledrbd (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\policytool.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\policytool.exe:*:Enabledolicytool (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\rmid.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\rmid.exe:*:Enabled:rmid (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\rmiregistry.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\rmiregistry.exe:*:Enabled:rmiregistry (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\servertool.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\servertool.exe:*:Enabled:servertool (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\jre\bin\tnameserv.exe "= "C:\OrCAD\OrCAD_10.5\tools\jre\bin\tnameserv.exe:*:Enabled:tnameserv (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\fvupdateutil.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\fvupdateutil.exe:*:Enabled:fvupdateutil (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\gcad.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\gcad.exe:*:Enabled:gcad (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\gcam.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\gcam.exe:*:Enabled:gcam (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\gcdin.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\gcdin.exe:*:Enabled:gcdin (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\idfin.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\idfin.exe:*:Enabled:idfin (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\ipc356.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\ipc356.exe:*:Enabled:ipc356 (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\layout.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\layout.exe:*:Enabled:layout (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\libcat.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\libcat.exe:*:Enabled:libcat (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\lsession.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\lsession.exe:*:Enabled:lsession (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\max2hyp.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\max2hyp.exe:*:Enabled:max2hyp (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxascb.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxascb.exe:*:Enabled:maxascb (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxascx.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxascx.exe:*:Enabled:maxascx (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxdxf.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxdxf.exe:*:Enabled:maxdxf (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxeco.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxeco.exe:*:Enabled:maxeco (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxfnetx.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxfnetx.exe:*:Enabled:maxfnetx (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxminb.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxminb.exe:*:Enabled:maxminb (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxminw.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxminw.exe:*:Enabled:maxminw (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxminx.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxminx.exe:*:Enabled:maxminx (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxorcad.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxorcad.exe:*:Enabled:maxorcad (Release OrCAD 10.5) "
"C:\OrCAD\OrCAD_10.5\tools\layout\maxp99x.exe "= "C:\OrCAD\OrCAD_10.5\tools\layout\maxp99x.exe:*:Enabled:maxp99x (Release OrCAD 10.5) "

weepy · 2008/09/23

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2008-09-23 13:39:33 ----D---- C:\Program Files\trend micro
2008-09-23 13:39:31 ----D---- C:\rsit
2008-09-19 11:01:59 ----D---- C:\Documents and Settings\62064\Application Data\Malwarebytes
2008-09-19 11:01:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 11:01:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 16:10:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-18 16:01:25 ----D---- C:\Program Files\Safer Networking
2008-09-17 00:58:53 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-17 00:58:48 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-17 00:58:48 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-17 00:58:48 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-17 00:58:47 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-17 00:58:46 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-17 00:58:45 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-17 00:58:45 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-09-17 00:58:45 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-17 00:58:44 ----A---- C:\WINDOWS\system32\swsc.exe
2008-09-17 00:58:44 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-17 00:58:43 ----A---- C:\WINDOWS\system32\swreg.exe
2008-09-17 00:58:43 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-01 06:48:20 ----D---- C:\Program Files\Maxtor
2008-09-01 06:06:49 ----D---- C:\Documents and Settings\All Users\Application Data\Maxtor
2008-09-01 06:02:59 ----D---- C:\Program Files\MSXML 6.0
2008-09-01 05:02:35 ----D---- C:\Program Files\Common Files\xing shared
2008-09-01 02:06:00 ----D---- C:\Program Files\PFConfig
2008-08-30 21:59:51 ----D---- C:\Program Files\Garena
2008-08-30 21:58:56 ----D---- C:\Documents and Settings\62064\Application Data\InstallShield
2008-08-19 03:17:21 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-19 03:16:15 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-08-17 04:17:34 ----D---- C:\Program Files\iPod
2008-08-17 04:16:43 ----D---- C:\Program Files\iTunes
2008-08-17 04:14:25 ----D---- C:\Program Files\Bonjour
2008-08-17 04:08:00 ----D---- C:\Program Files\Common Files\Apple
2008-08-17 04:07:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-04 08:45:35 ----A---- C:\WINDOWS\system32\CF1829.exe
2008-08-04 08:44:50 ----D---- C:\327882R2FWJFW
2008-08-01 00:27:56 ----D---- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-31 16:00:22 ----A---- C:\WINDOWS\system32\CF7049.exe
2008-07-30 20:30:46 ----A---- C:\WINDOWS\system32\CF7241.exe
2008-07-30 14:58:25 ----D---- C:\Documents and Settings\62064\Application Data\Friday's games
2008-07-30 02:38:36 ----D---- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-07-28 12:16:05 ----D---- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-07-28 12:16:05 ----D---- C:\Documents and Settings\62064\Application Data\Flood Light Games
2008-07-27 12:59:55 ----A---- C:\WINDOWS\system32\CF22701.exe
2008-07-27 01:45:35 ----D---- C:\Documents and Settings\62064\Application Data\MysteryStudio
2008-07-27 01:40:17 ----D---- C:\Program Files\The Lost Cases Of Sherlock Holmes
2008-07-27 01:38:36 ----D---- C:\Program Files\ReflexiveArcade
2008-07-27 01:36:05 ----A---- C:\WINDOWS\system32\CF19803.exe
2008-07-25 10:13:10 ----A---- C:\WINDOWS\system32\CF11620.exe
2008-07-24 13:54:01 ----A---- C:\WINDOWS\system32\CF6053.exe
2008-07-22 14:19:43 ----A---- C:\WINDOWS\system32\CF3889.exe
2008-07-21 15:15:50 ----A---- C:\WINDOWS\system32\CF27611.exe
2008-07-21 15:15:13 ----A---- C:\Bug.txt
2008-07-21 10:25:45 ----D---- C:\WINDOWS\erdnt
2008-07-21 09:46:39 ----D---- C:\QooBox
2008-07-21 09:35:00 ----A---- C:\WINDOWS\swreg.exe
2008-07-21 09:35:00 ----A---- C:\WINDOWS\Nircmd.exe
2008-07-21 09:34:59 ----A---- C:\WINDOWS\zip.exe
2008-07-21 09:34:59 ----A---- C:\WINDOWS\grep.exe
2008-07-21 09:34:58 ----A---- C:\WINDOWS\sed.exe
2008-07-21 09:34:58 ----A---- C:\WINDOWS\fdsv.exe
2008-07-21 09:34:57 ----A---- C:\WINDOWS\VFind.exe
2008-07-21 09:34:57 ----A---- C:\WINDOWS\swxcacls.exe
2008-07-21 09:34:57 ----A---- C:\WINDOWS\swsc.exe
2008-07-21 09:32:51 ----A---- C:\WINDOWS\system32\CF25964.exe
2008-07-16 09:52:33 ----A---- C:\WINDOWS\system32\CF27860.exe
2008-07-15 11:54:43 ----A---- C:\WINDOWS\system32\CF32062.exe
2008-07-14 16:10:10 ----A---- C:\WINDOWS\system32\CF29324.exe
2008-06-30 13:13:25 ----A---- C:\WINDOWS\matlab.ini
2008-06-30 13:13:10 ----D---- C:\Documents and Settings\62064\Application Data\MathWorks
2008-06-30 11:53:00 ----D---- C:\MATLAB
2008-06-30 10:42:11 ----D---- C:\VXIPNP
2008-06-30 10:40:45 ----D---- C:\WINDOWS\system32\cvirte
2008-06-30 10:34:44 ----D---- C:\Program Files\National Instruments
2008-06-29 14:28:09 ----A---- C:\WINDOWS\system32\CF3113.exe
2008-06-24 15:29:25 ----A---- C:\WINDOWS\system32\CF14528.exe
2008-06-24 13:58:59 ----A---- C:\WINDOWS\system32\CF29577.exe
2008-06-24 12:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-06-24 11:29:31 ----A---- C:\WINDOWS\system32\SET3B.tmp
2008-06-24 11:14:03 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-06-24 11:14:02 ----A---- C:\WINDOWS\system32\wups2.dll
2008-06-24 11:14:01 ----A---- C:\WINDOWS\system32\wups.dll
2008-06-24 11:13:50 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-06-24 11:13:44 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-06-24 11:13:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-06-24 11:13:38 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-06-24 11:13:36 ----A---- C:\WINDOWS\system32\cdm.dll

======List of files/folders modified in the last 3 months======

2008-09-23 13:39:33 ----AD---- C:\Program Files
2008-09-23 13:25:36 ----AC---- C:\WINDOWS\SMSCFG.ini
2008-09-23 13:24:33 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-23 13:24:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-23 13:23:52 ----D---- C:\Program Files\Common Files\Akamai
2008-09-23 13:23:36 ----D---- C:\WINDOWS\Temp
2008-09-23 13:23:35 ----D---- C:\WINDOWS
2008-09-23 13:22:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-23 13:17:58 ----SHD---- C:\WINDOWS\CSC
2008-09-22 22:58:57 ----D---- C:\WINDOWS\Prefetch
2008-09-22 11:36:55 ----D---- C:\Program Files\Mozilla Firefox
2008-09-22 10:54:37 ----D---- C:\WINDOWS\security
2008-09-21 16:15:40 ----D---- C:\Program Files\Warcraft III
2008-09-21 15:46:14 ----ASH---- C:\boot.ini
2008-09-21 15:46:14 ----A---- C:\WINDOWS\win.ini
2008-09-21 15:46:14 ----A---- C:\WINDOWS\system.ini
2008-09-21 15:40:37 ----D---- C:\WINDOWS\system32\ias
2008-09-20 22:41:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-19 11:01:50 ----D---- C:\WINDOWS\system32\drivers
2008-09-19 10:58:07 ----D---- C:\Documents and Settings
2008-09-19 10:33:36 ----D---- C:\WINDOWS\system32
2008-09-18 22:43:26 ----SHD---- C:\WINDOWS\Installer
2008-09-18 22:43:26 ----SHD---- C:\Config.Msi
2008-09-18 22:41:23 ----SD---- C:\WINDOWS\Tasks
2008-09-18 15:40:52 ----D---- C:\Documents and Settings\62064\Application Data\Lavasoft
2008-09-18 15:40:24 ----D---- C:\Program Files\Lavasoft
2008-09-17 12:49:56 ----D---- C:\WINDOWS\system32\config
2008-09-17 00:02:27 ----D---- C:\Program Files\Common Files
2008-09-16 23:50:15 ----D---- C:\Documents and Settings\62064\Application Data\MetaCafe
2008-09-15 09:48:20 ----D---- C:\Documents and Settings\62064\Application Data\Adobe
2008-09-14 02:48:15 ----D---- C:\Downloads
2008-09-04 09:45:57 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-04 09:45:30 ----HD---- C:\WINDOWS\inf
2008-09-03 23:33:31 ----D---- C:\WINDOWS\SxsCaPendDel
2008-09-02 08:26:45 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-01 06:52:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-01 06:51:33 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-01 06:50:34 ----D---- C:\WINDOWS\WinSxS
2008-09-01 06:28:13 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-01 05:01:46 ----D---- C:\Program Files\Common Files\Real
2008-09-01 05:01:33 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-09-01 05:01:00 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-09-01 05:01:00 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-09-01 05:00:51 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-08-19 06:38:55 ----SHD---- C:\System Volume Information
2008-08-19 06:38:55 ----D---- C:\WINDOWS\system32\Restore
2008-08-19 06:33:34 ----D---- C:\Program Files\Microsoft Office Communicator
2008-08-19 03:22:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-17 04:10:52 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-17 04:09:09 ----D---- C:\Program Files\Apple Software Update
2008-08-17 04:08:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-10 09:34:49 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-10 09:28:18 ----A---- C:\WINDOWS\system32\eRLog.ini
2008-08-05 19:12:57 ----D---- C:\Program Files\MSECache
2008-08-05 18:51:54 ----SD---- C:\Documents and Settings\62064\Application Data\Microsoft
2008-08-05 18:51:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-01 14:21:26 ----D---- C:\Program Files\Adobe
2008-06-30 10:42:58 ----RSD---- C:\WINDOWS\assembly
2008-06-28 17:02:29 ----D---- C:\WINDOWS\pss
2008-06-24 13:03:19 ----D---- C:\WINDOWS\Microsoft.NET
2008-06-24 12:49:18 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-06-24 12:40:51 ----D---- C:\Program Files\Internet Explorer
2008-06-24 12:21:28 ----D---- C:\Documents and Settings\62064\Application Data\U3
2008-06-24 11:52:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-06-24 11:14:07 ----D---- C:\WINDOWS\Help
2008-06-24 11:08:20 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ikhfile;File Security Kernel Anti-Spyware Driver; C:\WINDOWS\system32\drivers\ikhfile.sys [2006-07-10 30592]
R1 ikhlayer;Kernel Anti-Spyware Driver; C:\WINDOWS\system32\drivers\ikhlayer.sys [2006-08-24 51072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2006-08-16 225664]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-20 21275]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 7140]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 gpib420;GPIB Analyzer; C:\WINDOWS\System32\drivers\gpib420.sys [2005-07-18 31334]
R2 GpibPrtK;Gpib Port; C:\WINDOWS\System32\drivers\gpibprtk.sys [2005-07-18 199783]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 lvalarmk;lvalarmk; C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 nidimk;nidimk; C:\WINDOWS\system32\drivers\nidimk.dll [2005-09-28 141824]
R2 nidmxfk;nidmxfk; C:\WINDOWS\system32\drivers\nidmxfk.dll [2005-10-13 166912]
R2 niemrk;niemrk; C:\WINDOWS\system32\drivers\niemrk.dll [2005-10-07 346624]
R2 nifslk;nifslk; C:\WINDOWS\system32\drivers\nifslk.dll [2005-10-06 35328]
R2 nimxpk;nimxpk; C:\WINDOWS\system32\drivers\nimxpk.dll [2005-10-06 19456]
R2 nipxirmk;nipxirmk; C:\WINDOWS\system32\drivers\nipxirmk.dll [2005-09-21 55296]
R2 niswdk;niswdk; C:\WINDOWS\system32\drivers\niswdk.dll [2005-10-08 476160]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 usb6xxxk;usb6xxxk; C:\WINDOWS\system32\drivers\usb6xxxk.dll [2005-10-07 19968]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-15 1073375]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-10-11 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-01-13 57984]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-02-21 36992]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-01-26 330368]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nicdrk;nicdrk; C:\WINDOWS\system32\drivers\nicdrk.dll [2005-10-06 170496]
R3 nimdbgk;nimdbgk; C:\WINDOWS\system32\drivers\nimdbgk.dll [2005-09-28 170496]
R3 nimru2k;nimru2k; C:\WINDOWS\system32\drivers\nimru2k.dll [2005-09-28 231936]
R3 nimsdrk;nimsdrk; C:\WINDOWS\system32\drivers\nimsdrk.dll [2005-10-06 131072]
R3 nimstsk;nimstsk; C:\WINDOWS\system32\drivers\nimstsk.dll [2005-10-06 51200]
R3 nimxdfk;nimxdfk; C:\WINDOWS\system32\drivers\nimxdfk.dll [2005-09-28 212480]
R3 niorbk;niorbk; C:\WINDOWS\system32\drivers\niorbk.dll [2005-10-06 38912]
R3 niscdk;niscdk; C:\WINDOWS\system32\drivers\niscdk.dll [2005-10-06 497664]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-03-02 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-03-25 3449216]
R3 OOTextMode;OOTextMode; C:\WINDOWS\System32\drivers\oobctm.sys [2007-05-10 38160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-08 191456]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R4 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 ndisrd;ndisrd; C:\WINDOWS\system32\drivers\ndisrd.sys [2007-04-29 19712]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS); C:\WINDOWS\System32\Drivers\icd2w2k.sys [2004-03-22 12427]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-08-16 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-07-12 223128]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-06-11 25544]
S3 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys []
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2004-09-30 16880]
S3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys []
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-03-28 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 ndiscm;Motorola USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2003-08-10 14336]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nidsark;nidsark; C:\WINDOWS\system32\drivers\nidsark.dll [2005-10-06 714752]
S3 niesrk;niesrk; C:\WINDOWS\system32\drivers\niesrk.dll [2005-10-07 489984]
S3 nimslk;nimslk; C:\WINDOWS\system32\drivers\nimslk.dll [2005-10-06 14464]
S3 nimsrlk;nimsrlk; C:\WINDOWS\system32\drivers\nimsrlk.dll [2005-10-06 151683]
S3 nipalusb;NI-PAL USB Driver; C:\WINDOWS\system32\DRIVERS\nipalusb.sys [2005-09-22 106496]
S3 nisdigk;nisdigk; C:\WINDOWS\system32\drivers\nisdigk.dll [2005-10-07 233472]
S3 nisftk;nisftk; C:\WINDOWS\system32\drivers\nisftk.dll [2005-10-06 163328]
S3 nispdk;nispdk; C:\WINDOWS\system32\drivers\nispdk.dll [2005-10-06 42496]
S3 nissrk;nissrk; C:\WINDOWS\system32\drivers\nissrk.dll [2005-10-07 1058304]
S3 nistc2k;nistc2k; C:\WINDOWS\system32\drivers\nistc2k.dll [2005-10-06 163328]
S3 nistcrk;nistcrk; C:\WINDOWS\system32\drivers\nistcrk.dll [2005-10-10 110080]
S3 nitiork;nitiork; C:\WINDOWS\system32\drivers\nitiork.dll [2005-10-07 692736]
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWK.sys [2005-10-12 8704]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciK.sys [2005-10-12 37376]
S3 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiK.sys [2005-10-12 10752]
S3 niwfrk;niwfrk; C:\WINDOWS\system32\drivers\niwfrk.dll [2005-10-07 422400]
S3 nixsrk;nixsrk; C:\WINDOWS\system32\drivers\nixsrk.dll [2005-10-07 926720]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-10-10 138240]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-10-10 12800]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Akamai;Akamai; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2005-06-06 1273344]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2004-08-04 570368]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2005-10-11 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2005-10-11 53248]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2005-10-03 5728]
R2 nidevldu;nidevldu; C:\WINDOWS\system32\nipalsm.exe [2005-09-22 5728]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2005-10-11 204800]
R2 nipxirmu;nipxirmu; C:\WINDOWS\system32\nipalsm.exe [2005-09-22 5728]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2005-10-10 49152]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2005-10-11 667648]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-03-25 127042]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-22 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2005-08-25 688190]
S2 lmgrd;Flexlm; C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe []
S2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2005-09-02 913408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-19 307968]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 CADopia License Manager;CADopia License Manager; C:\OrCAD\OrCAD_10.5\INTELL~1\LicenseManager\lmgrd.exe []
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-03-19 335872]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-10-26 2799808]
S4 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]

-----------------EOF-----------------

noahdfear · 2008/09/24

I don't see anything appearing to be rogue in those logs, though there is some cleanup that needs to be done to remove remnants of tools you used previously.

Make sure you have an Internet Connection.

Right click on OTMoveit2.exe and select 'Run as Administrator')

Click on the CleanUp! button

A list of tool components used in the Cleanup of malware will be downloaded.

If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.

Click Yes to beging the Cleanup process and remove these components, including this application.

You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Do you use the Logitech Desktop Messenger? If not, you could decrease the size of your log considerably, not to mention free up some space and resources (minimal) by uninstalling it via Add/Remove programs.

Have you opened the case of the computer and cleaned the dust from the fan(s), air intake vents and cpu heatsink with compressed air lately?

RE: sentinel keys. Are you comfortable editing the registry? Are you familiar with editing permissions?

weepy · 2008/09/25

I've done the OTMoveit2.exe, as well as opened up my lappy case to clean the air vents and stuff, normally i'll clean them once every 6mths. Now my lappy has made slight progress in latency and stuttering, but the sentinel reg keys are still there.

I'm quite comfortable editing registry, just that kinda afraid i'll delete the wrong stuff. As for the permissions, as my lappy is bought from my polytechnic it's under the school's domain. I guess I have most/all the permissions, as for being familiar with editing permissions, I'm afraid I'm not quite.

noahdfear · 2008/09/25

OK, lets do the registry key that matters first.
Navigate to and select the following key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENTINEL

Right click the LEGACY_SENTINEL key and select Permissions

Click the Advanced button

Select the Owner tab

Click your username in the list to select it, check the box below labled Replace owner on subcontainers and objects, then click OK

Now back on the Permissions dialog, security tab, click the Everyone entry to select it, then check the box in the Allow column labled Full Control

Click OK to exit the permissions dialog

Right click the LEGACY_SENTINEL key again and select Delete

Click Yes to the prompt

Press the F5 key on your keyboard to refresh the registry editor and note whether the key returns

You can repeat the process for the following keys.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_SENTINEL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Enum\Root\LEGACY_SENTINEL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Enum\Root\LEGACY_SENTINEL

weepy · 2008/09/26

Finally I've managed to removed all the sentinel stuff from my com, all thanks to you! But my computer is still kinda lag, I guess I'll run a full sys AV/malware/adware scan and defragmentation. Thanks again no adhfear!

Log in or Sign up

It's the Sentinel Again! [HJT Included]

weepy Inactive Thread Starter

noahdfear Inactive

weepy Inactive Thread Starter

weepy Inactive Thread Starter

weepy Inactive Thread Starter

noahdfear Inactive

weepy Inactive Thread Starter

noahdfear Inactive

weepy Inactive Thread Starter

Share This Page

Log in or Sign up

It's the Sentinel Again! [HJT Included]

weepy Inactive Thread Starter

noahdfear Inactive

weepy Inactive Thread Starter

weepy Inactive Thread Starter

weepy Inactive Thread Starter

noahdfear Inactive

weepy Inactive Thread Starter

noahdfear Inactive

weepy Inactive Thread Starter

Share This Page

Useful Searches