# Microsoft Library Component Error



## donex (Aug 27, 2008)

Good Day,

My friends Compaq V3000 Laptop keeps having the recurring error.

"Microsoft Library Component has encountered a problem and needs to close. We are sorry for the inconvenience."

Error Signature:
EventType : clr20r3 P1 : svchost.exe P2 : 1.7.0.0 P3 : 49d4fb8c
P4 : system P5 : 2.0.0.0 P6 : 4889de7a P7 : 1cc7 P8 : 4a 
P9 : system.net.sockets.socket

Below is the hijackthis.log


> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 10:29:17 PM, on 02-Dec-09
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18702)
> ...


Please advise. Thank you for your time.


----------



## eddie5659 (Mar 19, 2001)

Hiya

Are you still having this problem? If so, can you do the following:

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

---

Download GMER from *Here*. Note the file's name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on *this link* to see a list of programs that should be disabled.
Double-click on *the downloaded file* to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "*No*", save the log and post back the results.
If not prompted, click the "*Rootkit/Malware*" tab.
On the right-side, all items to be scanned should be checked by default _except_ for "Show All". Leave that box *unchecked*.
Select all drives that are connected to your system to be scanned.
Click the *Scan* button to begin. _(Please be patient as it can take some time to complete)_
When the scan is finished, click *Save* to save the scan results to your Desktop.
Save the file as *Results.log* and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

---

Please include the *MBAM log, SAS log, Results.log and a fresh HijackThis log *in your next reply

Regards

eddie


----------



## donex (Aug 27, 2008)

Yeah, eddie. Still having the same problem. Thanks for taking time to check out the log.

Here is the MBAM Log:


> Malwarebytes' Anti-Malware 1.42
> Database version: 3337
> Windows 5.1.2600 Service Pack 3
> Internet Explorer 8.0.6001.18702
> ...


And the SAS log:


> SUPERAntiSpyware Scan Log
> http://www.superantispyware.com
> 
> Generated 12/10/2009 at 09:59 PM
> ...


The Results.log:


> GMER 1.0.15.15273 - http://www.gmer.net
> Rootkit scan 2009-12-10 23:24:03
> Windows 5.1.2600 Service Pack 3
> Running: qxtkhct9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxriikob.sys
> ...


----------



## donex (Aug 27, 2008)

And finally, the hijackthis.log:



> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 11:28:29 PM, on 10-Dec-09
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18702)
> ...


----------



## dvk01 (Dec 14, 2002)

Thus looks like a trojan to me 
O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\Paint.exe" -autocheck

I would like to examine that file please to see

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

*
C:\WINDOWS\system32\Paint.exe
*


----------



## eddie5659 (Mar 19, 2001)

Thanks Derek, I'll wait until you reply


----------



## donex (Aug 27, 2008)

Hi guys

I have already uploaded the file. please advise. thanks!

http://thespykiller.co.uk/index.php...ew?PHPSESSID=71e35130fe114a9574b531db94ab709b


----------



## dvk01 (Dec 14, 2002)

I am getting it fully examined by the antivirus companies

it appears to start the genuine MSpaint on boot but why, I can't determine 

I suspect some naughty behaviour and am waiting for full analysis results


----------



## eddie5659 (Mar 19, 2001)

Re-open HiJackThis and choose *do a system scan only*. Check the box of the entry listed below.

*O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\Paint.exe" -autocheck*

Close all applications and browser windows before you click "fix checked".

Please *download* *OTM* 

 *Save* it to your *desktop*.
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Files
C:\WINDOWS\system32\Paint.exe
:Commands
[purity]
[emptytemp]
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button.
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM* and reboot your PC.
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


----------



## donex (Aug 27, 2008)

okay, here's the OTM log:



> All processes killed
> ========== PROCESSES ==========
> No active process named explorer.exe was found!
> ========== FILES ==========
> ...


Thanks eddie!


----------



## eddie5659 (Mar 19, 2001)

Okay, lets have a look at a detailed log, to see if its looking better 


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTListIt.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


----------



## donex (Aug 27, 2008)

Hi Eddie, when booting the laptop, a virus was detected by Avira AntiVir Personal:

Virus or unwanted program 'TR/VB.zhw [trojan]'
detected in file 'C:\WINDOWS\system32\Paint.exe.
Action performed: Move file to quarantine

So i guess, it's really a trojan.

Ok, i will proceed to do the run OTL.


----------



## donex (Aug 27, 2008)

OTL logfile created on: 15-Dec-09 8:41:01 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.75% Memory free
3.84 Gb Paging File | 3.45 Gb Available in Paging File | 89.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.75 Gb Total Space | 16.87 Gb Free Space | 26.05% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 0.93 Gb Free Space | 9.47% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 584.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIAGONALPAC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Imation\ImationFlashDetect.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe ()
PRC - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe ()
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Razer\Diamondback\razerhid.exe ()
PRC - C:\Program Files\Razer\Diamondback\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\Razer\Diamondback\razertra.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\WINDOWS\system32\TaskSwitch.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Internet Download Manager\idmmkb.dll (Tonec Inc.)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (IDriverT) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (GarenaPEngine) -- C:\Documents and Settings\Administrator\Local Settings\Temp\UAN57.tmp ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (E100B) Intel(R) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (Flash1) -- C:\Program Files\SP39371\winphlash\FLASH1.sys ()
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A C3 5D 6E 06 FA C9 01 [binary data]
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-04 22:05:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-10 17:46:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-14 08:52:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-14 08:52:02 | 00,000,000 | ---D | M]

[2009-12-14 08:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009-12-14 08:52:20 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-12-14 09:17:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hn9ouxue.default\extensions
[2009-12-14 08:54:34 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hn9ouxue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-12-14 09:08:05 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hn9ouxue.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009-12-14 09:01:05 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hn9ouxue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-12-14 09:01:05 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hn9ouxue.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-12-14 09:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hn9ouxue.default\extensions\[email protected]
[2009-12-14 09:22:55 | 00,000,939 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hn9ouxue.default\searchplugins\dictionary.xml
[2009-12-14 09:17:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-14 08:52:03 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-10 17:46:49 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-04-02 19:20:38 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-06-10 16:12:25 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009-08-05 16:18:43 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009-11-08 12:33:39 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009-11-03 11:23:26 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-03 11:23:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009-10-11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009-11-03 11:23:28 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009-01-03 15:18:36 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008-07-14 16:47:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008-07-14 16:47:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008-07-14 16:47:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008-07-14 16:47:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008-07-14 16:47:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008-07-14 16:47:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008-07-14 16:47:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009-01-03 15:18:51 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009-01-03 15:18:27 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009-11-03 09:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009-11-03 09:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009-11-03 09:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009-11-03 09:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009-11-03 09:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009-11-03 09:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009-11-03 09:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mspaint] C:\WINDOWS\System32\Paint.exe File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)


----------



## donex (Aug 27, 2008)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1235057504629 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-07-27 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004-04-29 23:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004-04-08 16:53:26 | 00,000,046 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{06c8d2d4-52ef-11dd-a50b-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{06c8d2d4-52ef-11dd-a50b-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06c8d2d4-52ef-11dd-a50b-0016d31db9ef}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5fdfe70a-1bbf-11de-b08c-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{5fdfe70a-1bbf-11de-b08c-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5fdfe70a-1bbf-11de-b08c-0016d31db9ef}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-18 03:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{6355c622-b0b0-11dd-a55f-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{6355c622-b0b0-11dd-a55f-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6355c622-b0b0-11dd-a55f-0016d31db9ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6355c625-b0b0-11dd-a55f-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{6355c625-b0b0-11dd-a55f-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6355c625-b0b0-11dd-a55f-0016d31db9ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{820349e6-ada5-11de-b132-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{820349e6-ada5-11de-b132-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{820349e6-ada5-11de-b132-0016d31db9ef}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a0420c5d-d9de-11de-b156-0016d31db9ef}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{d439fce3-aacd-11de-b131-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{d439fce3-aacd-11de-b131-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d439fce3-aacd-11de-b131-0016d31db9ef}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d439fce4-aacd-11de-b131-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{d439fce4-aacd-11de-b131-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d439fce4-aacd-11de-b131-0016d31db9ef}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f200ed94-fd69-11dc-b2c7-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{f200ed94-fd69-11dc-b2c7-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f200ed94-fd69-11dc-b2c7-0016d31db9ef}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2004-04-08 16:53:26 | 00,135,203 | R--- | M] ()
O33 - MountPoints2\{fb607d86-7715-11dd-a537-0016d31db9ef}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{ff1812dd-6352-11dd-a526-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{ff1812dd-6352-11dd-a526-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff1812dd-6352-11dd-a526-0016d31db9ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff1812de-6352-11dd-a526-0016d31db9ef}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{ff1812de-6352-11dd-a526-0016d31db9ef}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009-12-15 00:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2009-12-14 09:44:02 | 00,000,000 | ---D | C] -- C:\_OTM
[2009-12-13 20:14:13 | 00,000,000 | ---D | C] -- C:\Program Files\LittleFighter2
[2009-12-10 23:25:07 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009-12-10 22:38:56 | 00,000,000 | ---D | C] -- C:\c668f238446da4f118ccfc0c5be812
[2009-12-10 21:05:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009-12-10 21:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009-12-10 21:05:29 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009-12-10 20:53:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009-12-10 20:53:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-12-05 22:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TyranO
[2009-12-05 22:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\Garena
[2009-12-05 22:15:46 | 00,560,896 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2009-12-02 19:21:20 | 00,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2009-12-02 19:19:31 | 00,000,000 | ---D | C] -- C:\Program Files\Warcraft III
[2009-12-01 07:44:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Christmas preparation
[2009-11-26 17:48:15 | 00,000,000 | ---D | C] -- C:\Program Files\CASHFLOW 202
[2009-11-26 01:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\CASHFLOW
[2009-11-22 21:16:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2009-11-19 00:35:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\System
[2009-10-31 11:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009-10-31 10:47:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009-10-31 10:47:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009-10-31 10:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2009-12-15 08:36:56 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{680BEAFC-4DC7-4392-949D-0A4E6CB6FD29}.job
[2009-12-15 08:32:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-12-15 08:32:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-12-15 08:32:21 | 21,371,16672 | -HS- | M] () -- C:\hiberfil.sys
[2009-12-15 01:29:42 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009-12-15 01:29:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009-12-15 01:29:36 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\.googlewebacchosts
[2009-12-15 01:29:34 | 04,809,872 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009-12-15 00:05:18 | 00,009,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sj.xlsx
[2009-12-15 00:00:41 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-11 22:09:39 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Garena.lnk
[2009-12-11 00:12:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Garena By-pass.lnk
[2009-12-10 23:43:02 | 00,452,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-12-10 23:43:02 | 00,074,420 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-12-10 23:43:01 | 00,535,658 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-12-10 23:28:54 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-12-09 14:28:56 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-12-09 14:20:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-12-04 13:41:39 | 00,077,561 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2009-12-02 19:23:34 | 00,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2009-12-02 19:23:34 | 00,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[2009-12-02 19:23:34 | 00,001,631 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Warcraft III - The Frozen Throne.lnk
[2009-11-26 17:52:42 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CASHFLOW® 202 THE E-GAME.lnk
[2009-11-26 01:37:02 | 00,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CASHFLOW® THE E-GAME.lnk
[2009-11-26 00:21:47 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\D3Scene.exe.lnk
[2009-11-25 01:28:44 | 17,041,2720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\005Record 05 - 21110924112009.wav
[2009-11-25 01:25:14 | 19,004,404 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\004Record 04 - 21110924112009.wav
[2009-11-21 23:51:42 | 01,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-11-21 23:51:04 | 00,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009-11-19 09:41:14 | 00,075,551 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\https___www.selfmgmt.com_cg...pdf

========== Files Created - No Company Name ==========

[2009-12-05 22:50:39 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Garena.lnk
[2009-12-02 23:25:42 | 00,009,970 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sj.xlsx
[2009-12-02 19:21:20 | 00,077,561 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009-12-02 19:21:20 | 00,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif
[2009-12-02 19:14:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Garena By-pass.lnk
[2009-12-02 19:13:18 | 00,001,631 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Warcraft III - The Frozen Throne.lnk
[2009-11-26 17:52:42 | 00,000,712 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CASHFLOW® 202 THE E-GAME.lnk
[2009-11-26 01:37:02 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CASHFLOW® THE E-GAME.lnk
[2009-11-25 01:58:34 | 19,004,404 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\004Record 04 - 21110924112009.wav
[2009-11-25 01:54:51 | 17,041,2720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\005Record 05 - 21110924112009.wav
[2009-11-19 09:41:11 | 00,075,551 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\https___www.selfmgmt.com_cg...pdf
[2009-09-20 17:21:23 | 00,003,120 | ---- | C] () -- C:\WINDOWS\System32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
[2009-07-01 13:03:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009-04-06 22:16:34 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008-08-06 07:56:05 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008-07-17 17:21:35 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
[2008-07-15 16:15:54 | 00,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008-05-25 13:41:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FnF4.txt
[2008-05-25 11:48:39 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008-05-03 07:46:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\.googlewebacchosts
[2008-04-27 23:28:24 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-04-27 23:28:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-04-25 14:23:38 | 00,001,764 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-04-04 14:30:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2008-03-31 11:30:46 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-03-29 16:39:55 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt
[2008-03-29 16:39:55 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt
[2008-03-29 16:39:55 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt
[2008-03-29 16:26:16 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-02-04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008-01-14 17:47:06 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007-03-19 06:36:31 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007-03-19 06:14:50 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006-06-30 10:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-06-30 09:49:18 | 00,003,541 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006-06-30 09:46:56 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006-06-30 09:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006-03-04 22:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005-08-03 05:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005-05-06 17:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

========== LOP Check ==========

[2008-04-19 10:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2009-12-13 13:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTyrant
[2009-07-10 22:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe_Limited
[2008-07-15 16:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2008-04-14 20:37:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2009-12-15 08:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2009-06-01 23:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2009-06-08 16:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2009-10-24 20:51:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2009-12-03 14:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2008-05-02 05:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009-04-06 22:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2009-11-13 13:47:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2008-04-13 15:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Software Informer
[2009-07-01 12:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2009-12-14 15:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeraCopy
[2008-03-31 12:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008-03-29 16:05:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009-07-30 10:34:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-12-15 08:36:56 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{680BEAFC-4DC7-4392-949D-0A4E6CB6FD29}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP97BA9A8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >


----------



## donex (Aug 27, 2008)

OTL Extras logfile created on: 15-Dec-09 8:41:01 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.75% Memory free
3.84 Gb Paging File | 3.45 Gb Available in Paging File | 89.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.75 Gb Total Space | 16.87 Gb Free Space | 26.05% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 0.93 Gb Free Space | 9.47% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 584.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIAGONALPAC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Documents and Settings\Administrator\Desktop\Program Files\Warcraft III\war3.exe" = C:\Documents and Settings\Administrator\Desktop\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\Free Music Zilla\FMZilla.exe" = C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module -- File not found
"C:\Program Files\BitTyrant\Azureus.exe" = C:\Program Files\BitTyrant\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Games\XTCS Counter-Strike 1.6 Final Release\cstrike.exe" = C:\Games\XTCS Counter-Strike 1.6 Final Release\cstrike.exe:*:Enabled:XTCS Counter-Strike 1.6 Final Release -- (XTreme-CStrike)
"C:\Documents and Settings\Administrator\Desktop\Program Files\Warcraft III\Warcraft III.exe" = C:\Documents and Settings\Administrator\Desktop\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\WIZET\MapleStory\Patcher.exe" = C:\Program Files\WIZET\MapleStory\Patcher.exe:*:Enabledatcher MFC ?? ???? -- File not found
"C:\Program Files\WIZET\MapleStory\Setup.exe" = C:\Program Files\WIZET\MapleStory\Setup.exe:*:Enabled:Setup -- File not found
"C:\Program Files\WIZET\MapleStory\MapleStory.exe" = C:\Program Files\WIZET\MapleStory\MapleStory.exe:*:Enabled:MapleStory -- File not found
"C:\Program Files\WIZET\MapleStory\NewPatcher.exe" = C:\Program Files\WIZET\MapleStory\NewPatcher.exe:*:Enabled:NewPatcher.exe -- File not found
"C:\Documents and Settings\Administrator\Desktop\Program Files\Garena\Garena.exe" = C:\Documents and Settings\Administrator\Desktop\Program Files\Garena\Garena.exe:*:Enabled:Garena -- File not found
"C:\xampp\apache\bin\apache.exe" = C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\Qnext\qnextclient.exe" = C:\Program Files\Qnext\qnextclient.exe:*:Enabled:qnextclient -- File not found
"C:\Documents and Settings\Administrator\Desktop\Program Files\Warcraft III\yawle.exe" = C:\Documents and Settings\Administrator\Desktop\Program Files\Warcraft III\yawle.exe:*:Enabled:yawle -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}" = HP User Guides 0027
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{6A1975EB-27E6-491D-94BC-6355FA25F40F}" = Google Web Accelerator
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" = 
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTyrant" = BitTyrant
"CASHFLOW® 202 THE E-GAME" = CASHFLOW® 202 THE E-GAME
"CASHFLOW® THE E-GAME" = CASHFLOW® THE E-GAME
"CCleaner" = CCleaner (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B2m" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Garena" = Garena
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Internet Download Manager" = Internet Download Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeraCopy_is1" = TeraCopy 2.0 beta 4a
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04-Jul-08 1:45:26 PM | Computer Name = DIAGONALPAC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting
module unknown, version 0.0.0.0, fault address 0x04603727.

Error - 04-Jul-08 1:46:33 PM | Computer Name = DIAGONALPAC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04-Jul-08 1:46:40 PM | Computer Name = DIAGONALPAC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05-Jul-08 12:42:22 PM | Computer Name = DIAGONALPAC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting
module firefox.exe, version 1.8.20080.62306, fault address 0x003651e8.

Error - 05-Jul-08 10:21:54 PM | Computer Name = DIAGONALPAC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 06-Jul-08 12:13:19 PM | Computer Name = DIAGONALPAC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 06-Jul-08 12:13:33 PM | Computer Name = DIAGONALPAC | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 06-Jul-08 12:14:25 PM | Computer Name = DIAGONALPAC | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 05-May-08 11:31:14 PM | Computer Name = DIAGONALPAC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13-Dec-09 9:45:32 PM | Computer Name = DIAGONALPAC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 13-Dec-09 9:45:32 PM | Computer Name = DIAGONALPAC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 13-Dec-09 9:45:32 PM | Computer Name = DIAGONALPAC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 13-Dec-09 9:45:52 PM | Computer Name = DIAGONALPAC | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 14-Dec-09 8:32:49 PM | Computer Name = DIAGONALPAC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 14-Dec-09 8:32:49 PM | Computer Name = DIAGONALPAC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 14-Dec-09 8:32:49 PM | Computer Name = DIAGONALPAC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 14-Dec-09 8:32:49 PM | Computer Name = DIAGONALPAC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 14-Dec-09 8:32:49 PM | Computer Name = DIAGONALPAC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 14-Dec-09 8:33:07 PM | Computer Name = DIAGONALPAC | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

< End of report >

Hey thanks!


----------



## donex (Aug 27, 2008)

eddie, i was leaving the laptop running, when i received a message from antivir

Virus or unwanted program 'TR/VB.zhw [trojan]'
detected in file 'C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP489\A0105835.exe.
Action performed: Move file to quarantine

Subsequently i turned off system restore.
What would you advise to me to do next?


----------



## eddie5659 (Mar 19, 2001)

In the reply you posted before the OTL log, you mentioned this one:



> Virus or unwanted program 'TR/VB.zhw [trojan]'
> detected in file 'C:\WINDOWS\system32\Paint.exe.
> Action performed: Move file to quarantine


Then afterwards, you posted this:



> Virus or unwanted program 'TR/VB.zhw [trojan]'
> detected in file 'C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP489\A0105835.exe.
> Action performed: Move file to quarantine


What has happened, is the file has been quarantined and removed from the system. However, when Windows carried out its usual backing up of files, a copy has made its way to the Restore folder.

I've added this to the fix that follows now, thanks 

--------------

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:OTL
O4 - HKLM..\Run: [mspaint] C:\WINDOWS\System32\Paint.exe File not found
O33 - MountPoints2\{06c8d2d4-52ef-11dd-a50b-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{06c8d2d4-52ef-11dd-a50b-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06c8d2d4-52ef-11dd-a50b-0016d31db9ef}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5fdfe70a-1bbf-11de-b08c-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{5fdfe70a-1bbf-11de-b08c-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5fdfe70a-1bbf-11de-b08c-0016d31db9ef}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-18 03:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{6355c622-b0b0-11dd-a55f-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{6355c622-b0b0-11dd-a55f-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6355c622-b0b0-11dd-a55f-0016d31db9ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6355c625-b0b0-11dd-a55f-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{6355c625-b0b0-11dd-a55f-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6355c625-b0b0-11dd-a55f-0016d31db9ef}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{820349e6-ada5-11de-b132-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{820349e6-ada5-11de-b132-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{820349e6-ada5-11de-b132-0016d31db9ef}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a0420c5d-d9de-11de-b156-0016d31db9ef}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{d439fce3-aacd-11de-b131-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{d439fce3-aacd-11de-b131-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d439fce3-aacd-11de-b131-0016d31db9ef}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d439fce4-aacd-11de-b131-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{d439fce4-aacd-11de-b131-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d439fce4-aacd-11de-b131-0016d31db9ef}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f200ed94-fd69-11dc-b2c7-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{f200ed94-fd69-11dc-b2c7-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f200ed94-fd69-11dc-b2c7-0016d31db9ef}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2004-04-08 16:53:26 | 00,135,203 | R--- | M] ()
O33 - MountPoints2\{fb607d86-7715-11dd-a537-0016d31db9ef}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{ff1812dd-6352-11dd-a526-0016d31db9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{ff1812dd-6352-11dd-a526-0016d31db9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff1812dd-6352-11dd-a526-0016d31db9ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff1812de-6352-11dd-a526-0016d31db9ef}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{ff1812de-6352-11dd-a526-0016d31db9ef}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

:Files
C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
C:\Documents and Settings\All Users\Application Data\TEMP97BA9A8
C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP489\A0105835.exe

:Commands
[purity]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.


----------



## donex (Aug 27, 2008)

OTL Log


> All processes killed
> ========== OTL ==========
> Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mspaint deleted successfully.
> Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06c8d2d4-52ef-11dd-a50b-0016d31db9ef}\ deleted successfully.
> ...


Thanks


----------



## eddie5659 (Mar 19, 2001)

Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.
*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
 Click the *Save report...* button.










 Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply


----------



## donex (Aug 27, 2008)

eddie, i will run the scan later tonight and post the log soon. at the mean time problem surfaced again. on a desktop in the same network.

http://forums.techguy.org/malware-r...rosoft-library-component-error-different.html

Will post the log asap. Thanks!


----------



## donex (Aug 27, 2008)

Here's the KasReport.



> --------------------------------------------------------------------------------
> KASPERSKY ONLINE SCANNER 7.0: scan report
> Sunday, December 20, 2009
> Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
> ...


Thanks!


----------



## eddie5659 (Mar 19, 2001)

I'll take a look at the other one for you, but for this one, can you do the following:

Download ComboFix from *Here*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.


----------



## donex (Aug 27, 2008)

firstly, happy holidays, merry xmas!

I tried downloading the file from your link but the url is dead.

So i googled the file and downloaded it. will post the log soon.

Thanks!


----------



## donex (Aug 27, 2008)

hi eddie, when running combofix,

two av detected 2 couts of malware

1) 25-Dec-09, 20:40
Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'C:\ComboFix\ClsidFiles.
Action performed: Allow access

2) 25-Dec-09, 20:40
Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'C:\ComboFix\ClsidFiles.
Action performed: Allow access

When asked what to do i pressed ignore and comobfix continue to run.
Should I be concern about the above?

here's the Log:


> ComboFix 09-12-24.02 - Administrator 25-Dec-09 20:37:29.1.2 - x86
> Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1566 [GMT 8:00]
> Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
> AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
> ...


----------



## eddie5659 (Mar 19, 2001)

Yep, sorry about the first link, it was a version we were trying out when I posted it. But, it has been removed, so the one you used is okay 

As for the messages when running ComboFix, it should be okay, as it may have found something in those areas, and you were being alerted of them.

I'll look through the log now


----------



## eddie5659 (Mar 19, 2001)

That's looking a lot better, how's the computer running now?


----------



## donex (Aug 27, 2008)

Yup, the message has stop appearing.

Hey Thanks alot eddie! Happy boxing day!

edit: i have a problem with my IE search box, there's an error box that appears every time i start IE. I post it shortly.

Error:
Internet Explorer - Search Provider Default
A program on your computer has corrupted your default search provider for Internet Explorer.
Internet Explorer has reset this setting to your original search provider, Live Search (search.live.com).
Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.

After I click on the only button; OK. Search Settings will pop out. I selected Live Search as default and close. The next time i open IE the same message will appear. Any suggestions?


----------



## eddie5659 (Mar 19, 2001)

I'll have a look at that error in a bit (off out to visit friends in an hour). However, in the meantime, lets just use this program, as it cleans up the system for you.

Then, we'll remove the programs used, and look at that error for you 

---

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## donex (Aug 27, 2008)

Happy New Year eddie haha

here's the log

Runscanner:


> Runscanner logfile
> 
> * = signed file
> - = file not found
> ...


----------



## eddie5659 (Mar 19, 2001)

Happy New Year 

Download the attachment at the end of this post. This will be your *RSReport* file, with the fixes I need you to do.


Save it to your desktop, then extract the *RSReport.run* file to your Desktop, overwriting the existing one.
Open the runscanner folder and double click on the *runscanner.exe* file.
This time select the *Expert Mode*
click the *Item Fixer* tab
Click the button at the top called *Fix selected items*
Accept the warning(s) and repeat until they are all gone.
Reboot your PC
Post a fresh HijackThis log

eddie


----------



## donex (Aug 27, 2008)

here's the hijackthis.log



> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 5:09:12 PM, on 04-Jan-10
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18702)
> ...


----------



## eddie5659 (Mar 19, 2001)

Please *download* *OTM* 

 *Save* it to your *desktop*.
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Files
C:\Program Files\Online Services\Dodo\Dodo.EXE
:Commands
[purity]
[emptytemp]
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button.
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM* and reboot your PC.
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

eddie


----------



## donex (Aug 27, 2008)

> All processes killed
> ========== PROCESSES ==========
> No active process named explorer.exe was found!
> ========== FILES ==========
> ...


----------



## eddie5659 (Mar 19, 2001)

Okay, the only malicious file you have left on your system is this one:

*O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\Paint.exe" -autocheck*

We've removed it many times, but it looks to be linked with Garena Anti-Hack ByPass v1.0 By Garenahack-er

http://www.gamerzplanet.net/forums/garena/365262-garena-anti-hack-bypass-v1-0-a-8.html

Post #78

So, if you want to keep it on, be aware that you may be told you have viruses.

Apart from that, how's the computer running now? If its okay, we'll remove the programs we've used in my next reply 

eddie


----------



## donex (Aug 27, 2008)

I've advised the user, my friend, on the file.

How should i advise him to remove it easily? using hijackthis?


----------



## eddie5659 (Mar 19, 2001)

Well, he will first of all need to uninstall the Garena Anti-Hack ByPass, otherwise removing the file will be a waste of time.

We removed it many times, using HijackThis and a few other tools. But, if the program that uses it is still installed, it will keep coming back.

Anyway, lets remove the programs we've used 

-----------------

Please run OTL. 

Click *Clean Up* button. 
Accept any prompts. 
This will remove any tools we used, including OTL, and will require a reboot.

------------

Also, you may see the *Runscanner* program on your Desktop. This, along with the *RSReport* file can be deleted.

-------

We have a couple of last steps to perform and then you're all set.

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the follwing:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply
Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Select *Custom Settings*.
 From the drop down menu, select *Medium*, and press *Reset* and select Yes. If its already on *Medium*, still click on the Reset button.
 Apply and OK.

Secondly, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click *Start*.
* Open *My Computer*.
* Select the *Tools menu* and click *Folder Options*.
* Select the *View* tab.
* Under the *Hidden files and folders* heading *UNSELECT Show hidden files and folders*.
* *CHECK* the *Hide protected operating system files (recommended)* option.
* Click *Yes* to confirm.
* Click *OK*.
Next, let's clean your restore points and set a new one:

*Reset and Re-enable your System Restore* to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
*1. Turn off System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.
*2. Restart your computer.*

*3. Turn ON System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
UN-Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.

*System Restore will now be active again.*

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: 
*SpywareBlaster* to help prevent spyware from installing in the first place.
*SpywareGuard* to catch and block spyware before it can execute.
You should also have a good firewall. Here are 2 free ones available for personal use:
*Sunbelt Personal Firewall*
*ZoneAlarm*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## eddie5659 (Mar 19, 2001)

Back on post #27, you posted this:



> edit: i have a problem with my IE search box, there's an error box that appears every time i start IE. I post it shortly.
> 
> Error:
> Internet Explorer - Search Provider Default
> ...


Is that still hapenning?

eddie


----------



## donex (Aug 27, 2008)

Yes the error is still occurring, and i have advised my friend on removing the bypass, he is agreeable to remove it. =)


----------



## eddie5659 (Mar 19, 2001)

Oki doki 

Now, for that error 

Have a look at this:

http://windows.microsoft.com/en-US/...choose-a-search-provider-in-Internet-Explorer

And click on *To change the default search provider*

and see if that helps

eddie


----------



## donex (Aug 27, 2008)

Hey eddie, here's what happened

1) IE8 loaded.
2) Google home page loaded.
3) Pop out message appeared:

Internet Explorer - Search Provider
A Program on your computer has corrupted your default search setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Live Search (search.live.com). Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.

4) at the moment, there's only one search provider, i deleted Bing, Google, Wiki and the rest the last time. 
5) I clicked on the remaining "Live Search"
The set default button is grayed out (cant select).
The remove button to is grayed out too.

*What i deduce was that since there's only one provider left, i cant delete the last one.

5)So i proceed to add another search provider, "Google".
6) I clicked on "Google" and i cant set it as default, the "Set as default" button is grayed out. Leaving only the "Remove" button.

7)Bottom line is, i cannot change my default search from Live Search, it's stuck. and no matter what i do, the error message keep appearing when i run IE8.

hey thanks eddie.

ps: So, the website did not help as it addresses a different issue.


----------



## eddie5659 (Mar 19, 2001)

Ah, I see what you mean now. 

What happens if you add Google to the list, but then delete the Live Search from the list afterwards (so, start with Live Search, add Google, then remove Live Search).


----------



## donex (Aug 27, 2008)

Nope, that cannot be done because no matter what search provider i add, Live search cannot be deleted.

I tried to add Live search and delete it but alas, Live search is no longer one of the search providers, it's called Bing Search now i think.

After adding Bing Search, i tried to set it to default, but nothing happened when i click the set default button.

It's the same issue.


----------



## eddie5659 (Mar 19, 2001)

Ah, so you removed Bing before, and only left with Live Search, which you cannot use.

It looks like it may be corrupt, so lets try a few things...

----------

Make sure all Internet Explorer windows are closed.

Go to Start | Run and type

*regedit*

and press OK.

In there, navigate to the following key (folder):

*HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes*

Click to highlight it on the left, then rightclick on it and select Delete.

Do the same for this key:

*HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences*

When both are deleted, click on File | Exit.

Restart Internet Explorer, and see if that helps.

(I don't have IE8 so I don't have the same keys, but here's a screenshot of what you're looking for (as in how to delete):










eddie


----------



## donex (Aug 27, 2008)

Hi eddie I've deleted the registries as you instructed, problem still the same.


----------



## eddie5659 (Mar 19, 2001)

Just a little confused. Firstly, you said this:



> 7)Bottom line is, i cannot change my default search from Live Search, it's stuck. and no matter what i do, the error message keep appearing when i run IE8.


Then, a few posts later you said this:



> Nope, that cannot be done because no matter what search provider i add, Live search cannot be deleted.
> 
> I tried to add Live search and delete it but alas, Live search is no longer one of the search providers, it's called Bing Search now i think.
> 
> After adding Bing Search, i tried to set it to default, but nothing happened when i click the set default button.


What is currently set as Default at the moment?


----------



## donex (Aug 27, 2008)

hi eddie, pardon my language,

1) "Live Search" is currently set as Default the the moment.

2) I cannot delete "Live Search" from my list of Search Engine.

3) I can add additional Search Engines on top of the Default Search Engine, in this case "Live Search".

4) I cannot set these other Search Engines as Default. 

5) I can also delete these other Search Engines.


----------



## eddie5659 (Mar 19, 2001)

I see now, bit easier to work on as I was a little lost before 

Okay, I have a way, but want to look at an easier option first. As I don't have IE8 (yet), can you see if you have this key in the Registry:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

and in there, the folder *Search Page*

If so, we'll try something on that


----------



## donex (Aug 27, 2008)

eddie,

I have navigated to: 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

There is not folder named *SEARCH PAGE*.
Instead there is a String named *SEARCH PAGE*, and the value data is :
"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

Thanks!


----------



## eddie5659 (Mar 19, 2001)

Okay, if you go back to the Search page string and then right-click on and it and select *Modify*.

In the *Value Data* type in the full address of the web page you want to use as your search page. Press OK.

If you're not sure, have a look in Google before you use the website.

Close the registry, and restart internet explorer. Does that work?


----------



## donex (Aug 27, 2008)

Nope that does not works. sigh.

Was searching for a solution and chanced upon this site.

http://connect.microsoft.com/IE/fee...arch-provider-default-every-time-i-launch-ie8

There was a solution suggested by *kirbywitmer*


> Posted by *kirbywitmer* on 9/15/2009 at 6:46 AM
> This problem has occured to me and to many others as well as referenced in this blog post. A program on your computer has corrupted your default search provider setting


Is it safe to try that out?


----------



## eddie5659 (Mar 19, 2001)

I assume this is what you mean:



> Make sure IE 8 is closed then navigate to registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
> Add a new Expandable String value inside the above mentioned key with a value name of AppData and a value data of %USERPROFILE%\Application Data.
> Reopen IE 8 and see if you still get the error message


To create the Expandable String value, navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.

In there, rightclick on the right and select New | Expandable String value (can't check at work, as its disabled) and type or copy/paste:

%USERPROFILE%\Application Data

Close the Registry and try IE

If so, it may work, but you may want to do a backup of the Registry, just before you do that:

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
_ Modification of the registry can be *EXTREMELY* dangerous if you do not know exactly what you are doing so follow the steps that are listed below *EXACTLY*. if you cannot preform some of these steps or if you have *ANY* questions please ask *BEFORE* proceeding._

*Backing Up Your Registry*
Go Here and download *ERUNT*
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.

If you're unsure how to do the registry fix, I'll walk you through it


----------



## donex (Aug 27, 2008)

This is SOLVED! thanks eddie! great man. i will get back to the other thread once asap. =)) thanks again!


----------



## eddie5659 (Mar 19, 2001)

Excellent, glad to hear we finally go there :up:

I'll mark this one Solved now 

eddie


----------

