• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
Avanguard

Ad-Aware hangs!

36 posts in this topic

To start, it helps to read the original topic: [url="http://www.lavasoftsupport.com/index.php?showtopic=28446"]http://www.lavasoftsupport.com/index.php?showtopic=28446[/url]

I was directed here to post some logs and a HijackThis log. But first, I did a little alteration of my scan routines. This time I had the Ad-Aware window hidden such that I'd need the tray icon to open it. When it identified infections, it alerted me and I tried to run it, but the main program refused to open so I could view the infections. It instead said it crashed and wanted to send an error report to LavaSoft (which of course it DIDN'T do). SO basically what I'm having problems with is getting Ad-Aware to work so I can deal with the detected malware files. It will hang on smart scan and full scan, no exceptions so far.

Certainly something is in there that's making Ad-Aware act up like this. And BTW, this is an upgrade to 8.1.4 from Ad-Aware 2008 as an "overtop" install. I'd like to remove the infections first and see if Ad-Aware works properly after that first before I try a raw clean install.

The Ad-Aware scan logs are showing me a lot of "Not In Idle State" messages when I try to view the infections that it picked up.

Now I've attached the log files. Have a look.

Share this post


Link to post
Share on other sites
Hey [b]Avanguard[/b],

Welcome to [color="#0000FF"][b]Lavasoft Support Forum[/b][/color]! I'm [b]Ltangelic[/b] and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. :)

Unfortunately, HijackThis is no longer enough to tackle the current infections. We need to run some more tools to scan deeper.

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to [url="http://www.mediafire.com/"][color="#FF0000"]Mediafire[/color][/url] and post the sharing link.

Download [url="http://oldtimer.geekstogo.com/OTS.exe"][b][color="red"]OTS[/color][/b][/url] to your Desktop[list]
[*]Close [b]ALL OTHER PROGRAMS[/b].
[*]Double-click on [b]OTS.exe[/b] to start the program.
[*]Check the box that says [b]Scan All Users[/b]
[*]Under Additional Scans check the following:[list]
[*]Reg - Shell Spawning

[*]File - Lop Check

[*]File - Purity Scan

[*]Evnt - EvtViewer (last 10)
[/list]
[*]Under custom scans copy and paste the following[list][b]netsvcs
%SYSTEMDRIVE%\*.exe
%ProgramFiles%\Movie Maker\*.dll
%ALLUSERSAPPDATA%\*.dll
%SYSTEMROOT%\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dll
%DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
%systemroot%\system32\*.dll /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
c:\$recycle.bin\*.* /s
CREATERESTOREPOINT[/b]
[/list]
[*]Now click the [b]Run Scan[/b] button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete [b]Notepad[/b] will open with the report file loaded in it.
[*]Click the [b]Format[/b] menu and make sure that [b]Wordwrap[/b] is not checked. If it is then click on it to uncheck it.
[/list]Please [b]attach[/b] the log in your next post.

To attach a file, do the following:[list]
[*]Click [b]Add Reply[/b]
[*]Under the reply panel is the Attachments Panel
[*]Browse for the attachment file you want to upload, then click the green [b]Upload[/b] button
[*]Once it has uploaded, click the [b]Manage Current Attachments[/b] drop down box
[*]Click on [img]http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png[/img] to insert the attachment into your post
[/list]

Share this post


Link to post
Share on other sites
[quote name='Ltangelic' post='117073' date='Feb 20 2010, 08:45 PM']Hey [b]Avanguard[/b],

Welcome to [color="#0000FF"][b]Lavasoft Support Forum[/b][/color]! I'm [b]Ltangelic[/b] and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. :)

Unfortunately, HijackThis is no longer enough to tackle the current infections. We need to run some more tools to scan deeper.

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to [url="http://www.mediafire.com/"][color="#FF0000"]Mediafire[/color][/url] and post the sharing link.

Download [url="http://oldtimer.geekstogo.com/OTS.exe"][b][color="red"]OTS[/color][/b][/url] to your Desktop[list]
[*]Close [b]ALL OTHER PROGRAMS[/b].
[*]Double-click on [b]OTS.exe[/b] to start the program.
[*]Check the box that says [b]Scan All Users[/b]
[*]Under Additional Scans check the following:[list]
[*]Reg - Shell Spawning

[*]File - Lop Check

[*]File - Purity Scan

[*]Evnt - EvtViewer (last 10)
[/list]
[*]Under custom scans copy and paste the following[list][b]netsvcs
%SYSTEMDRIVE%\*.exe
%ProgramFiles%\Movie Maker\*.dll
%ALLUSERSAPPDATA%\*.dll
%SYSTEMROOT%\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dll
%DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
%systemroot%\system32\*.dll /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
c:\$recycle.bin\*.* /s
CREATERESTOREPOINT[/b]
[/list]
[*]Now click the [b]Run Scan[/b] button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete [b]Notepad[/b] will open with the report file loaded in it.
[*]Click the [b]Format[/b] menu and make sure that [b]Wordwrap[/b] is not checked. If it is then click on it to uncheck it.
[/list]Please [b]attach[/b] the log in your next post.

To attach a file, do the following:[list]
[*]Click [b]Add Reply[/b]
[*]Under the reply panel is the Attachments Panel
[*]Browse for the attachment file you want to upload, then click the green [b]Upload[/b] button
[*]Once it has uploaded, click the [b]Manage Current Attachments[/b] drop down box
[*]Click on [img]http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png[/img] to insert the attachment into your post
[/list][/quote]

Two of the custom scan strings were labled as invalid by OST. They were "%allusersappdata", and "%DriveLetter%".

But anyway, here's the log. Sorry it took so long to get it, I had to take it off the internet and get it cleaned up a little (programs mostly) by another family member. Told them to not muck with it until I could fix the problem it was having.

Share this post


Link to post
Share on other sites
Hey [b]Avanguard[/b],

Apologies for the delay, I was busy yesterday.

I am so sorry but could you post the log on here instead of attaching? The log isn't readable when it's attached. If you need to, you can post in multiple posts.

Thanks so much. :wub:

Share this post


Link to post
Share on other sites
[quote name='Ltangelic' post='117320' date='Feb 25 2010, 07:58 AM']Hey [b]Avanguard[/b],

Apologies for the delay, I was busy yesterday.

I am so sorry but could you post the log on here instead of attaching? The log isn't readable when it's attached. If you need to, you can post in multiple posts.

Thanks so much. ;)[/quote]

It's.. Large. But not so large that it needs more than 1 post. Here you go.

OTS logfile created on: 2/23/2010 7:59:46 AM - Run 1
OTS by OldTimer - Version 3.1.22.1 Folder = H:\Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.74 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
Drive D: | 223.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 76.33 Gb Total Space | 44.52 Gb Free Space | 58.33% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 988.73 Mb Total Space | 941.22 Mb Free Space | 95.19% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: LYNDIS
Current User Name: MarkMcCloud
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> H:\Documents\OTS.exe -> [2010/02/23 06:37:44 | 000,632,832 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/01/30 22:33:04 | 001,181,328 | ---- | M] (Lavasoft)
jusched.exe -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/12/22 12:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/09/11 21:12:57 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/06/27 03:12:26 | 000,108,289 | ---- | M] (Avira GmbH)
sansadispatch.exe -> C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe -> [2009/04/07 18:37:15 | 000,079,872 | ---- | M] (SanDisk Corporation)
rbroker.exe -> C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe -> [2009/04/01 11:53:08 | 000,107,008 | ---- | M] ()
wlidsvc.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE -> [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
procexp.exe -> E:\Program Files\SysInternals\Proccess XP\procexp.exe -> [2008/05/28 08:52:10 | 003,522,600 | ---- | M] (Sysinternals - www.sysinternals.com)
slrundll.exe -> C:\WINNT\system32\slrundll.exe -> [2008/04/13 19:12:35 | 000,032,866 | ---- | M] (Smart Link)
explorer.exe -> C:\WINNT\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
hkcmd.exe -> C:\WINNT\system32\hkcmd.exe -> [2005/06/21 15:44:34 | 000,126,976 | ---- | M] (Intel Corporation)
sdmcp.exe -> C:\Program Files\Common Files\Stardock\SDMCP.exe -> [2005/05/10 12:31:22 | 000,241,664 | ---- | M] (Stardock)
slserv.exe -> C:\WINNT\system32\slserv.exe -> [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link)
wanmpsvc.exe -> C:\WINNT\wanmpsvc.exe -> [2003/04/02 13:09:44 | 000,065,536 | ---- | M] (America Online, Inc.)
unsecapp.exe -> C:\WINNT\system32\wbem\unsecapp.exe -> [2002/08/29 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation)
wwm.exe -> C:\Program Files\wmconnect\wwm.exe -> [2001/10/26 14:18:10 | 000,151,615 | ---- | M] (America Online, Inc.)
packethsvc.exe -> C:\WINNT\system32\PackethSvc.exe -> [2001/08/09 14:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.)
dcfssvc.exe -> C:\WINNT\system32\drivers\dcfssvc.exe -> [2001/06/11 10:59:04 | 000,159,806 | ---- | M] (Eastman Kodak Company)
ptssvc.exe -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [2001/01/31 16:41:32 | 000,036,864 | ---- | M] ()

[Modules - Safe List]
ots.exe -> H:\Documents\OTS.exe -> [2010/02/23 06:37:44 | 000,632,832 | ---- | M] (OldTimer Tools)
serwvdrv.dll -> C:\WINNT\system32\serwvdrv.dll -> [2002/08/29 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINNT\system32\umdmxfrm.dll -> [2002/08/29 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/01/30 22:33:04 | 001,181,328 | ---- | M] (Lavasoft)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/09/11 21:12:57 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/06/27 03:12:26 | 000,108,289 | ---- | M] (Avira GmbH)
(wlidsvc) Windows Live ID Sign-in Assistant [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [Disabled | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/04/07 18:16:26 | 000,136,120 | ---- | M] (Google)
(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -> [2005/08/07 07:38:11 | 000,068,096 | ---- | M] ()
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation)
(SLService) SmartLinkService [Auto | Running] -> C:\WINNT\System32\slserv.exe -> [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINNT\wanmpsvc.exe -> [2003/04/02 13:09:44 | 000,065,536 | ---- | M] (America Online, Inc.)
(NetSvc) Intel NCS NetService [On_Demand | Stopped] -> C:\Program Files\Intel\NCS\Sync\NetSvc.exe -> [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation)
(PackethSvc) Virtual NIC Service [Auto | Running] -> C:\WINNT\system32\PackethSvc.exe -> [2001/08/09 14:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.)
(Dcfssvc) Dcfssvc [Auto | Running] -> C:\WINNT\system32\drivers\dcfssvc.exe -> [2001/06/11 10:59:04 | 000,159,806 | ---- | M] (Eastman Kodak Company)
(ptssvc) ptssvc [Auto | Running] -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [2001/01/31 16:41:32 | 000,036,864 | ---- | M] ()

[Driver Services - Safe List]
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINNT\system32\drivers\avgntflt.sys -> [2009/12/16 02:00:35 | 000,056,816 | ---- | M] (Avira GmbH)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINNT\system32\DRIVERS\Lbd.sys -> [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB)
(ssmdrv) ssmdrv [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ssmdrv.sys -> [2009/06/27 03:12:26 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINNT\system32\drivers\avipbb.sys -> [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\PxHelp20.sys -> [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\alcxwdm.sys -> [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.)
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\tmcomm.sys -> [2008/04/23 23:46:41 | 000,102,664 | ---- | M] (Trend Micro Inc.)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(VtcDrv) Philips SA60xx Recovery Device [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\vtcdrv.sys -> [2007/07/07 10:58:50 | 000,018,560 | ---- | M] (Windows ® Codename Longhorn DDK provider)
(dsiarhwprog) dsiarhwprog [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\dsiarhwprog.sys -> [2007/02/08 08:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINNT\system32\drivers\cdralw2k.sys -> [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions)
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINNT\system32\drivers\cdr4_xp.sys -> [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions)
(xnacc) Microsoft Common Controller For Windows Driver Service [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\xnacc.sys -> [2006/06/01 14:15:20 | 000,509,440 | ---- | M] (Microsoft Corporation)
(ZD1211BU(Hawking)) Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ZD1211BU.sys -> [2005/10/28 10:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation)
(BRGSp50) BRGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\BRGSp50.sys -> [2005/06/08 17:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\e100b325.sys -> [2005/03/04 08:10:38 | 000,157,696 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\ialmnt5.sys -> [2005/01/23 12:05:06 | 000,804,317 | ---- | M] (Intel Corporation)
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\Entech.sys -> [2004/10/25 19:02:00 | 000,021,664 | ---- | M] (EnTech Taiwan)
(ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ZDPSp50.sys -> [2004/10/25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\BrScnUsb.sys -> [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\nv4_mini.sys -> [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slntamr.sys -> [2004/04/01 07:56:00 | 000,404,990 | ---- | M] (Smart Link)
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\mtlmnt5.sys -> [2004/04/01 07:56:00 | 000,126,686 | ---- | M] (Smart Link)
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ntmtlfax.sys -> [2004/01/28 15:37:46 | 000,180,360 | ---- | M] (Smart Link)
(SlNtHal) SlNtHal [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slnthal.sys -> [2004/01/28 15:26:28 | 000,095,424 | ---- | M] (Smart Link)
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\mtlstrm.sys -> [2004/01/28 14:46:22 | 001,309,184 | ---- | M] (Smart Link)
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slwdmsup.sys -> [2004/01/28 14:20:44 | 000,013,240 | ---- | M] (Smart Link)
(RecAgent) RecAgent [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\RecAgent.sys -> [2004/01/13 15:03:30 | 000,013,776 | ---- | M] (Smart Link)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ialmsbw.sys -> [2003/11/20 08:26:00 | 000,122,110 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ialmkchw.sys -> [2003/11/20 08:26:00 | 000,099,002 | ---- | M] (Intel Corporation)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\wanatw4.sys -> [2003/04/02 13:03:30 | 000,033,588 | ---- | M] (America Online, Inc.)
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\Dvd_2k.sys -> [2003/03/26 12:17:14 | 000,025,930 | ---- | M] (Roxio)
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\Mmc_2k.sys -> [2003/03/26 12:17:12 | 000,030,662 | ---- | M] (Roxio)
(pwd_2k) pwd_2k [Kernel | System | Running] -> C:\WINNT\system32\drivers\pwd_2K.sys -> [2003/03/26 12:17:10 | 000,144,250 | ---- | M] (Roxio)
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\WINNT\system32\drivers\udfreadr_xp.sys -> [2003/03/26 12:15:28 | 000,206,464 | ---- | M] (Roxio)
(cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\WINNT\system32\drivers\cdudf_xp.sys -> [2003/03/26 12:15:02 | 000,241,280 | ---- | M] (Roxio)
(iaStor) Intel Integrated RAID [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
(DCamUSBSQTECH) Dual-Mode DSC(2770) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\SQCaptur.sys -> [2003/01/10 09:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\ptilink.sys -> [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ultra) ultra [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ac97intc.sys -> [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation)
(wandrv) WAN Network Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\wandrv.sys -> [2001/08/09 16:26:02 | 000,022,608 | ---- | M] (America Online, Inc.)
(Exportit) Exportit [Kernel | System | Stopped] -> C:\WINNT\system32\drivers\ExportIt.sys -> [2001/05/10 08:00:00 | 000,124,960 | ---- | M] (Eastman Kodak Company)
(DcPTP) %DcPTP.SvcDesc% [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcPtp.sys -> [2001/04/20 07:58:56 | 000,055,248 | ---- | M] (Eastman Kodak Company)
(DCFS2k) DCFS2k [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\DCFS2k.sys -> [2001/03/30 14:25:30 | 000,032,960 | ---- | M] (Eastman Kodak Company)
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> C:\WINNT\system32\drivers\DcCam.sys -> [2001/03/30 06:35:46 | 000,034,144 | ---- | M] (Eastman Kodak Company)
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcFpoint.sys -> [2001/01/17 08:44:06 | 000,061,872 | ---- | M] (Eastman Kodak Company)
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcLps.sys -> [2001/01/17 08:43:54 | 000,008,304 | ---- | M] (Eastman Kodak Company)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: Main\\"Start Page" -> www.gateway.net/ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\xksmcbvj.default\prefs.js ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.livejournal.com/users/markmccloud/friends/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 ->
extensions.enabledItems -> [email protected]:1.0.6 ->
extensions.enabledItems -> [email protected]:2.8.8 ->
extensions.enabledItems -> [email protected]:1.0.3 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42 ->
extensions.enabledItems -> [email protected]:2.2.26.0 ->
extensions.enabledItems -> {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.7 ->
extensions.enabledItems -> [email protected]:3.4.10 ->
extensions.enabledItems -> {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.3 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
extensions.enabledItems -> {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87 ->
network.proxy.socks_version -> 4 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\xksmcbvj.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\PayPal\PayPal Plug-In [C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN] -> [2009/06/16 06:52:43 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/20 18:11:30 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/01/20 18:10:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions -> ->
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/01/22 18:25:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS ->
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2010/01/20 19:28:41 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/01/20 19:28:41 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions -> [2010/02/15 16:03:03 | 000,000,000 | ---D | M]
Vista-aero -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} -> [2010/01/20 23:06:20 | 000,000,000 | ---D | M]
Ex Aequo -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{11e842b0-5653-11db-b0de-0800200c9a66}(2) -> [2010/01/25 21:02:39 | 000,000,000 | ---D | M]
FlashGot -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2) -> [2010/01/25 21:02:40 | 000,000,000 | ---D | M]
Remove It Permanently -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} -> [2010/02/03 04:38:48 | 000,000,000 | ---D | M]
Flashblock -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/01/25 21:02:40 | 000,000,000 | ---D | M]
ChatZilla -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(2) -> [2010/01/25 21:02:41 | 000,000,000 | ---D | M]
NoScript -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2010/02/01 00:46:42 | 000,000,000 | ---D | M]
NoScript -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
Phoenity Modern -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
Nightly Tester Tools -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
ReloadEvery -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2) -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
BlackJapan -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}(2) -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
Acid Burn r1 -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{acidburnr1-4ed8-4a4d-9194-975a45a391xp} -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
DownloadHelper -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
PitchDark -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
Adblock Plus -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
Gradient iCool -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} -> [2010/01/28 18:43:07 | 000,000,000 | ---D | M]
Luna -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{F10B4D44-508F-4a2f-A941-5E834F7C1F8B}(2) -> [2010/01/25 21:02:47 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/25 21:02:17 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/25 21:02:18 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected](2).com -> [2010/01/25 21:02:23 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/02/01 00:48:45 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/20 19:37:36 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\staged-xpis -> [2010/02/03 04:38:49 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\temp -> [2010/01/25 21:02:39 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions -> [2010/01/20 23:06:36 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
aolsearch.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\aolsearch.xml -> [2008/01/23 20:02:46 | 000,001,878 | ---- | M] ()
WikiFur-1.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\WikiFur-1.xml -> [2010/02/14 11:20:07 | 000,001,161 | ---- | M] ()
wikifur-en.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikifur-en.xml -> [2010/01/20 19:25:54 | 000,001,574 | ---- | M] ()
WikiFur.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\WikiFur.xml -> [2006/11/08 23:28:12 | 000,001,188 | ---- | M] ()
wikipedia-1.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikipedia-1.xml -> [2008/06/24 01:14:38 | 000,001,108 | ---- | M] ()
wikipedia.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikipedia.xml -> [2008/06/24 01:32:00 | 000,001,108 | ---- | M] ()
youtube-video-search.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\youtube-video-search.xml -> [2007/05/19 03:19:46 | 000,002,109 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/02/15 07:34:58 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> [2008/03/01 22:47:07 | 000,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\[email protected](2).org -> [2006/11/11 17:26:38 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/01/29 06:24:03 | 000,391,090 | ---- | M] - 13074 lines) -> C:\WINNT\system32\drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02DCA195-602B-4B1F-83FF-381B7E804BDB} [HKLM] -> C:\WINNT\system32\HDBHO.dll [] -> [2003/03/27 06:37:34 | 000,208,896 | ---- | M] ()
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> E:\Hard Drive\Program Files\FlashGet\jccatch.dll [FGCatchUrl] -> [2007/08/06 04:11:58 | 000,094,308 | ---- | M] (www.flashget.com)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/01/11 20:42:48 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/01/11 20:42:48 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.)
{EAD3A971-6A23-4246-8691-C9244E858967} [HKLM] -> C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [OToolbarHelper Class] -> [2009/04/01 11:53:42 | 000,099,328 | ---- | M] ()
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> E:\Hard Drive\Program Files\FlashGet\getflash.dll [FlashGet GetFlash Class] -> [2007/05/18 11:13:10 | 000,163,840 | ---- | M] (www.flashget.com)
{F385C231-605B-4d8f-ACA9-DBFF765BBE17} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Adblock Pro] -> [2008/03/22 20:37:24 | 000,458,752 | ---- | M] (Adblock Pro Team)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{DC0F2F93-27FA-4f84-ACAA-9416F90B9511}" [HKLM] -> C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [PayPal Plug-In] -> [2009/04/01 11:55:50 | 003,147,264 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"HotKeysCmds" -> C:\WINNT\system32\hkcmd.exe [C:\WINNT\system32\hkcmd.exe] -> [2005/06/21 15:44:34 | 000,126,976 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINNT\system32\igfxtray.exe [C:\WINNT\system32\igfxtray.exe] -> [2005/01/23 11:36:10 | 000,155,648 | ---- | M] (Intel Corporation)
"IndexSearch" -> C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe] -> [2005/03/17 14:45:52 | 000,040,960 | ---- | M] (ScanSoft, Inc.)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"LogonStudio" -> E:\Hard Drive\Program Files\WinCustomize\LogonStudio\logonstudio.exe ["E:\Hard Drive\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM] -> [2002/09/03 17:38:12 | 000,987,187 | ---- | M] (Stardock and Luca Saggese)
"PaperPort PTD" -> C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe] -> [2005/03/17 14:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/01/31 22:13:08 | 000,385,024 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Common Files\Java\Java Update\jusched.exe ["C:\Program Files\Common Files\Java\Java Update\jusched.exe"] -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
"UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u] -> File not found
< Run [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SansaDispatch" -> C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe] -> [2009/04/07 18:37:15 | 000,079,872 | ---- | M] (SanDisk Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< SusanCheetah Startup Folder > -> C:\Documents and Settings\SusanCheetah\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoSplash" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"CDRAutoRun" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"CDRAutoRun" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Block This Image (ABP) -> e:\Program Files\Adblock Pro\blockimg.html [e:\Program Files\Adblock Pro\blockimg.html] -> [2007/07/15 06:47:08 | 000,000,633 | ---- | M] ()
&Download All with FlashGet -> E:\Hard Drive\Program Files\FlashGet\JC_ALL.HTM [E:\Hard Drive\Program Files\FlashGet\jc_all.htm] -> [2007/05/18 11:13:10 | 000,001,049 | ---- | M] ()
&Download with FlashGet -> E:\Hard Drive\Program Files\FlashGet\JC_LINK.HTM [E:\Hard Drive\Program Files\FlashGet\jc_link.htm] -> [2007/05/18 11:13:10 | 000,001,898 | ---- | M] ()
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
Copy to Semagic -> C:\Program Files\Semagic\copy.htm [C:\Program Files\Semagic\copy.htm] -> [2005/08/15 04:30:58 | 000,000,267 | ---- | M] ()
Semagic -> C:\Program Files\Semagic\link.htm [C:\Program Files\Semagic\link.htm] -> [2005/08/15 04:30:58 | 000,000,186 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Button: Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> C:\Program Files\AIM\aim.exe [Button: AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Hard Drive\Program Files\FlashGet\flashget.exe [Button: FlashGet] -> [2007/09/25 03:10:50 | 002,007,088 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Hard Drive\Program Files\FlashGet\flashget.exe [Menu: FlashGet] -> [2007/09/25 03:10:50 | 002,007,088 | ---- | M] (FlashGet.com)
{d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec [HKLM] -> Reg Error: Value error. [Button: Run IMVU] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}:{7685B225-8229-4321-BA13-A24485B0A760} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Button: Adblock Pro Preferences] -> [2008/03/22 20:37:24 | 000,458,752 | ---- | M] (Adblock Pro Team)
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}:{7685B225-8229-4321-BA13-A24485B0A760} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Menu: Adblock Pro Preferences] -> [2008/03/22 20:37:24 | 000,458,752 | ---- | M] (Adblock Pro Team)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\"{F4FBA929-A891-492C-A0F6-5C79CC4F1742}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
Extension\.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Error: Value error.] -> [2001/01/30 13:56:24 | 000,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6732 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6746 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6746 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1785 domain(s) found. ->
93 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1785 domain(s) found. ->
93 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7674 domain(s) found. ->
www_adobe.com [http] -> Trusted sites ->
compuserve.com .[*] -> Out of zone range - ( 5 ) ->
objects_compuserve.com [*] -> Out of zone range - ( 6 ) ->
67 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> [url="http://www.apple.com/qtactivex/qtplugin.cab"]http://www.apple.com/qtactivex/qtplugin.cab[/url] [QuickTime Object] ->
{0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> [url="https://support.microsoft.com/OAS/ActiveX/MSDcode.cab"]https://support.microsoft.com/OAS/ActiveX/MSDcode.cab[/url] [Microsoft Data Collection Control] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> [url="https://support.gateway.com/support/profiler//PCPitStop.CAB"]https://support.gateway.com/support/profiler//PCPitStop.CAB[/url] [PCPitstop Utility] ->
{0F04992B-E661-4DB9-B223-903AB628225D} [HKLM] -> file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB [DoMoreRunExe.DoMoreRun] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [url="http://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab"]http://download.microsoft.com/download/5/B...heckControl.cab[/url] [Windows Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> [url="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab"]http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[/url] [Symantec AntiVirus scanner] ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKLM] -> [url="http://download.yahoo.com/dl/installs/yinst0401.cab"]http://download.yahoo.com/dl/installs/yinst0401.cab[/url] [YInstStarter Class] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> [url="http://office.microsoft.com/officeupdate/content/opuc.cab"]http://office.microsoft.com/officeupdate/content/opuc.cab[/url] [Office Update Installation Engine] ->
{49232000-16E4-426C-A231-62846947304B} [HKLM] -> [url="http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab"]http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab[/url] [Reg Error: Key error.] ->
{4B48D5DF-9021-45F7-A240-60304302A215} [HKLM] -> [url="http://www.microsoft.com/security/controls/WebCleaner.cab"]http://www.microsoft.com/security/controls/WebCleaner.cab[/url] [MalwareCleaner Class] ->
{511073AD-BE56-4D43-AE68-93390514385E} [HKLM] -> file://C:\Program Files\gateway\helpspot\TechTools.CAB [TechToolsActivex.TechTools] ->
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [HKLM] -> [url="http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236859723968"]http://catalog.update.microsoft.com/v7/sit...b?1236859723968[/url] [MUCatalogWebControl Class] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab[/url] [Windows Live Safety Center Base Module] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263255474324"]http://www.update.microsoft.com/microsoftu...b?1263255474324[/url] [WUWebControl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> [url="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab"]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url] [Symantec RuFSI Utility Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258321201703"]http://www.update.microsoft.com/microsoftu...b?1258321201703[/url] [MUWebControl Class] ->
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} [HKLM] -> [url="http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab"]http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[/url] [Housecall ActiveX 6.5] ->
{739E8D90-2F4C-43AD-A1B8-66C356FCEA35} [HKLM] -> hcp://system/RunExeActiveX.CAB [RunExeActiveX.RunExe] ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} [HKLM] -> [url="http://www3.ca.com/securityadvisor/virusinfo/webscan.cab"]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] [WScanCtl Class] ->
{8714912E-380D-11D5-B8AA-00D0B78F3D48} [HKLM] -> [url="http://chat.yahoo.com/cab/yuplapp.cab"]http://chat.yahoo.com/cab/yuplapp.cab[/url] [Yahoo! Webcam Upload Wrapper] ->
{88D969C0-F192-11D4-A65F-0040963251E5} [HKLM] -> [url="http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab"]http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab[/url] [XML DOM Document 4.0] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab[/url] [Reg Error: Key error.] ->
{93CEA8A4-6059-4E0B-ADDD-73848153DD5E} [HKLM] -> [url="http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab"]http://support.gateway.com/eSupport/static...h/weblaunch.cab[/url] [CWebLaunchCtl Object] ->
{94B82441-A413-4E43-8422-D49930E69764} [HKLM] -> [url="http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB"]http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB[/url] [TLIEFlashObj Class] ->
{97BB6657-DC7F-4489-9067-51FAB9D8857E} [HKLM] -> [url="http://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab"]http://support.gateway.com/eSupport/static.../weblaunch2.cab[/url] [CWebLaunchCtl Object] ->
{99FE5072-78AA-4FEE-89BA-69A5FA55343F} [HKLM] -> [url="http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab"]http://download.microsoft.com/download/B/3...44/igdtoolx.cab[/url] [IGDTester Class] ->
{9A57B18E-2F5D-11D5-8997-00104BD12D94} [HKLM] -> [url="http://support.gateway.com/support/serialharvest/gwCID.CAB"]http://support.gateway.com/support/serialharvest/gwCID.CAB[/url] [compid Class] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> [url="http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38183.1688773148"]http://v4.windowsupdate.microsoft.com/CAB/...8183.1688773148[/url] [Reg Error: Key error.] ->
{A8658086-E6AC-4957-BC8E-8D54A7E8A790} [HKLM] -> [url="http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB"]http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB[/url] [GDIChk Object] ->
{A8F2B9BD-A6A0-486A-9744-18920D898429} [HKLM] -> [url="http://www.sibelius.com/download/software/win/ActiveXPlugin.cab"]http://www.sibelius.com/download/software/...tiveXPlugin.cab[/url] [Reg Error: Key error.] ->
{C606BA60-AB76-48B6-96A7-2C4D5C386F70} [HKLM] -> [url="http://www.verizon.net/checkmypc/includes/MotivePreQual.cab"]http://www.verizon.net/checkmypc/includes/MotivePreQual.cab[/url] [PreQualifier Class] ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"]http://java.sun.com/products/plugin/autodl...indows-i586.cab[/url] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} [HKLM] -> [url="http://gameadvisor.futuremark.com/global/msc3121.cab"]http://gameadvisor.futuremark.com/global/msc3121.cab[/url] [Measurement Services Client v.3.12] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [url="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[/url] [Reg Error: Key error.] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> [url="http://i.grab.com/media/3ef815/games/files/663/popcaploader_v6.cab"]http://i.grab.com/media/3ef815/games/files...aploader_v6.cab[/url] [Reg Error: Key error.] ->
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} [HKLM] -> [url="http://chat.yahoo.com/cab/yvwrctl.cab"]http://chat.yahoo.com/cab/yvwrctl.cab[/url] [Yahoo! Webcam Viewer Wrapper] ->
{F54C1137-5E34-4B95-95A5-BA56D4D8D743} [HKLM] -> [url="http://www.gamespot.com/KDX22/download/kdx.cab"]http://www.gamespot.com/KDX22/download/kdx.cab[/url] [Secure Delivery] ->
DirectAnimation Java Classes [HKLM] -> file://C:\WINNT\Java\classes\dajava.cab [Reg Error: Key error.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINNT\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINNT\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
C:\WINNT\system32\logonuiX.exe -> C:\WINNT\system32\logonuiX.exe -> [2009/11/18 11:49:29 | 005,053,440 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINNT\System32\igfxsrvc.dll -> [2005/06/21 15:44:12 | 000,348,160 | ---- | M] (Intel Corporation)
MCPClient -> C:\Program Files\Common Files\Stardock\MCPStub.dll -> [2005/01/31 14:13:38 | 000,049,152 | ---- | M] (Stardock)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" [HKLM] -> C:\Program Files\Common Files\Stardock\MCPCore.dll [0aMCPClient] -> [2005/05/10 12:31:20 | 000,086,016 | ---- | M] (Stardock)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 21:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2005/11/28 11:11:36 | 000,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/09/19 04:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/06/14 19:09:28 | 026,996,008 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
H:\Autorun.inf [[Autorun] | Open=StartPortableApps.exe | Action=Start PortableApps.com | Icon=StartPortableApps.exe | Label=PortableApps.com | ] -> H:\Autorun.inf [ FAT ] -> [2008/03/04 16:31:14 | 000,000,120 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{3ef0719b-a0f0-11dc-bcdc-00038a000011}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ef0719b-a0f0-11dc-bcdc-00038a000011}\Shell
\{3ef0719b-a0f0-11dc-bcdc-00038a000011}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ef0719b-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun
\{3ef0719b-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ef0719b-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command
\{3ef0719b-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{3ef0719c-a0f0-11dc-bcdc-00038a000011}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ef0719c-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command
\{3ef0719c-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command\\"" -> H:\StartPortableApps.exe [H:\StartPortableApps.exe] -> [2008/05/21 17:02:52 | 000,088,712 | ---- | M] (PortableApps.com)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* ->
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [MediaMonkey.1Play] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" "%1" -> [2009/06/12 03:20:08 | 007,892,624 | ---- | M] (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" -> [2009/06/12 03:20:08 | 007,892,624 | ---- | M] (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" -> [2009/06/12 03:20:08 | 007,892,624 | ---- | M] (Ventis Media Inc.)
Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/30/2010 12:14:42 PM Computer Name = LYNDIS | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description =
Application [ Error ] 2/3/2010 9:10:29 AM Computer Name = LYNDIS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 -> Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc, P10 NIL.
Application [ Error ] 2/3/2010 9:16:50 AM Computer Name = LYNDIS | Source = Application Hang | ID = 1002 -> Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/10/2010 9:42:17 AM Computer Name = LYNDIS | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Application [ Error ] 2/10/2010 9:42:17 AM Computer Name = LYNDIS | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Application [ Error ] 2/14/2010 3:01:35 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11316 -> Description = Product: Project64 1.6 -- Error 1316.A network error occurred while attempting to read from the file C:\WINNT\Installer\Project64 1.6.msi
Application [ Error ] 2/15/2010 5:06:39 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11327 -> Description = Product: Impulse -- Error 1327. Invalid Drive: E:\
Application [ Error ] 2/15/2010 5:45:53 PM Computer Name = LYNDIS | Source = .NET Runtime Optimization Service | ID = 1101 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: E:\Program Files\Stardock\Impulse\Impulse.exe . Error code = 0x80131047
Application [ Error ] 2/15/2010 5:45:54 PM Computer Name = LYNDIS | Source = .NET Runtime Optimization Service | ID = 1101 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: E:\Program Files\Stardock\Impulse\ImpulseDock.exe . Error code = 0x80131047
Application [ Error ] 2/18/2010 7:22:46 AM Computer Name = LYNDIS | Source = Application Error | ID = 1000 -> Description = Faulting application wwm.exe, version 6.0.2.0, faulting module supersub.dll, version 6.0.2.0, fault address 0x000043df.
System [ Error ] 2/18/2010 5:37:40 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
System [ Error ] 2/18/2010 5:37:40 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 2/18/2010 5:37:40 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
System [ Error ] 2/18/2010 5:38:23 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: ntiomin rxp
System [ Error ] 2/18/2010 5:52:41 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 2/18/2010 5:52:41 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.
System [ Error ] 2/18/2010 6:22:41 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 2/18/2010 6:22:41 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time.
System [ Error ] 2/18/2010 10:49:02 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: ntiomin rxp
System [ Error ] 2/23/2010 8:44:20 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: ntiomin rxp

[Files/Folders - Created Within 30 Days]
BrWia06a.dll -> C:\WINNT\System32\BrWia06a.dll -> [2010/02/16 09:38:20 | 001,492,480 | ---- | C] (Brother Industries, Ltd.)
BrUsi06a.dll -> C:\WINNT\System32\BrUsi06a.dll -> [2010/02/16 09:38:20 | 000,038,912 | ---- | C] (Brother Industries, Ltd.)
BrScnUsb.sys -> C:\WINNT\System32\drivers\BrScnUsb.sys -> [2010/02/16 09:38:20 | 000,015,295 | ---- | C] (Brother Industries Ltd.)
brinsstr.dll -> C:\WINNT\System32\brinsstr.dll -> [2010/02/16 09:38:18 | 000,052,736 | ---- | C] (Brother Industries,Ltd.)
PDRVINST.DLL -> C:\WINNT\System32\PDRVINST.DLL -> [2010/02/16 09:37:48 | 000,188,416 | ---- | C] (brother)
BrWebIns.dll -> C:\WINNT\System32\BrWebIns.dll -> [2010/02/16 09:37:48 | 000,086,016 | ---- | C] (brother)
BRWEBUP.EXE -> C:\WINNT\System32\BRWEBUP.EXE -> [2010/02/16 09:37:48 | 000,069,632 | ---- | C] (brother)
BrfxD05a.dll -> C:\WINNT\System32\BrfxD05a.dll -> [2010/02/16 09:37:35 | 000,126,976 | ---- | C] (Brother Industries,LTD)
brunin03.dll -> C:\WINNT\brunin03.dll -> [2010/02/16 09:37:33 | 000,147,456 | ---- | C] (Brother Industries,Ltd.)
Brother -> C:\Program Files\Brother -> [2010/02/16 09:37:33 | 000,000,000 | ---D | C]
InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [2010/02/16 09:35:16 | 000,000,000 | ---D | C]
ScanSoft Shared -> C:\Program Files\Common Files\ScanSoft Shared -> [2010/02/16 09:34:46 | 000,000,000 | ---D | C]
ScanSoft -> C:\Program Files\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | C]
ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | C]
Brother -> C:\Documents and Settings\All Users\Application Data\Brother -> [2010/02/16 09:33:22 | 000,000,000 | ---D | C]
usbccgp.sys -> C:\WINNT\System32\dllcache\usbccgp.sys -> [2010/02/15 18:00:02 | 000,032,128 | ---- | C] (Microsoft Corporation)
My Videos -> C:\Documents and Settings\Owner\My Documents\My Videos -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
My Pictures -> C:\Documents and Settings\Owner\My Documents\My Pictures -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
My Music -> C:\Documents and Settings\Owner\My Documents\My Music -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
Trillian -> C:\Program Files\Trillian -> [2010/02/15 07:12:01 | 000,000,000 | ---D | C]
Office 2003 -> C:\Documents and Settings\Owner\Desktop\Office 2003 -> [2010/02/11 09:42:43 | 000,000,000 | ---D | C]
fofix -> C:\Documents and Settings\Owner\Application Data\fofix -> [2010/02/11 07:11:08 | 000,000,000 | ---D | C]
Lbd.sys -> C:\WINNT\System32\drivers\Lbd.sys -> [2010/01/30 11:15:29 | 000,064,288 | ---- | C] (Lavasoft AB)
DRVSTORE -> C:\WINNT\System32\DRVSTORE -> [2010/01/30 11:15:27 | 000,000,000 | ---D | C]
{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> [2010/01/30 11:13:38 | 000,000,000 | -H-D | C]
Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/01/28 07:48:46 | 000,000,000 | ---D | C]
javaws.exe -> C:\WINNT\System32\javaws.exe -> [2010/01/28 07:47:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINNT\System32\javaw.exe -> [2010/01/28 07:47:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINNT\System32\java.exe -> [2010/01/28 07:47:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/08/31 05:19:15 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/08/31 05:18:43 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\LocalService\Application Data\JGsoft -> [2009/03/15 03:42:23 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/03/13 21:02:03 | 000,000,000 | ---D | M]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2008/11/05 02:37:23 | 000,000,000 | ---D | M]
AdobeUM -> C:\Documents and Settings\NetworkService\Application Data\AdobeUM -> [2008/07/20 05:49:14 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2008/07/20 05:48:57 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2008/07/20 05:47:42 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2008/02/29 17:43:05 | 000,000,000 | ---D | M]
Symantec -> C:\Documents and Settings\NetworkService\Application Data\Symantec -> [2007/01/02 18:03:58 | 000,000,000 | ---D | M]
Symantec -> C:\Documents and Settings\LocalService\Application Data\Symantec -> [2006/11/12 17:19:12 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2003/05/16 11:19:14 | 000,000,000 | --SD | M]
6 C:\*.tmp files -> C:\*.tmp ->
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp ->

[Files/Folders - Modified Within 30 Days]
win.ini -> C:\WINNT\win.ini -> [2010/02/23 07:48:29 | 000,001,708 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINNT\tasks\Ad-Aware Update (Weekly).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 4).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 4).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 3).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 3).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 2).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 2).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 1).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 1).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
LogonStudio.ini -> C:\WINNT\LogonStudio.ini -> [2010/02/23 07:45:45 | 000,000,024 | ---- | M] ()
wpa.dbl -> C:\WINNT\System32\wpa.dbl -> [2010/02/23 07:43:48 | 000,001,158 | ---- | M] ()
bootstat.dat -> C:\WINNT\bootstat.dat -> [2010/02/23 07:42:23 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/02/23 07:42:12 | 1332,531,200 | -HS- | M] ()
system.ini -> C:\WINNT\system.ini -> [2010/02/17 05:52:40 | 000,000,293 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2010/02/17 05:52:40 | 000,000,207 | RHS- | M] ()
QTFont.qfn -> C:\WINNT\QTFont.qfn -> [2010/02/16 14:00:05 | 000,054,156 | -H-- | M] ()
QTFont.for -> C:\WINNT\QTFont.for -> [2010/02/16 14:00:05 | 000,001,409 | ---- | M] ()
BRWMARK.INI -> C:\WINNT\BRWMARK.INI -> [2010/02/16 09:41:47 | 000,000,419 | ---- | M] ()
BRPP2KA.INI -> C:\WINNT\BRPP2KA.INI -> [2010/02/16 09:41:47 | 000,000,027 | ---- | M] ()
Brpfx04a.ini -> C:\WINNT\Brpfx04a.ini -> [2010/02/16 09:40:09 | 000,000,210 | ---- | M] ()
brpcfx.ini -> C:\WINNT\brpcfx.ini -> [2010/02/16 09:40:09 | 000,000,093 | ---- | M] ()
bridf06a.dat -> C:\WINNT\System32\bridf06a.dat -> [2010/02/16 09:40:09 | 000,000,050 | ---- | M] ()
ntuser.dat -> C:\Documents and Settings\Owner\ntuser.dat -> [2010/02/15 18:03:21 | 016,777,216 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2010/02/15 18:03:21 | 000,000,178 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db -> [2010/02/15 17:41:33 | 019,254,822 | -H-- | M] ()
tdstemp.002 -> C:\tdstemp.002 -> [2010/02/15 15:59:15 | 000,001,421 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/15 06:54:38 | 000,095,232 | ---- | M] ()
cdplayer.ini -> C:\WINNT\cdplayer.ini -> [2010/02/10 08:01:48 | 000,000,849 | ---- | M] ()
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/01/30 11:13:23 | 000,000,873 | ---- | M] ()
hosts -> C:\WINNT\System32\drivers\etc\hosts -> [2010/01/29 06:24:03 | 000,391,090 | ---- | M] ()
SpyHunter.lnk -> C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk -> [2010/01/25 22:14:58 | 000,000,905 | ---- | M] ()
imsins.BAK -> C:\WINNT\imsins.BAK -> [2010/01/25 21:38:53 | 000,001,374 | ---- | M] ()
6 C:\*.tmp files -> C:\*.tmp ->
40 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp ->
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp ->
1 C:\WINNT\Temp\*.tmp files -> C:\WINNT\Temp\*.tmp ->

[Files - No Company Name]
QTFont.qfn -> C:\WINNT\QTFont.qfn -> [2010/02/16 14:00:05 | 000,054,156 | -H-- | C] ()
QTFont.for -> C:\WINNT\QTFont.for -> [2010/02/16 14:00:05 | 000,001,409 | ---- | C] ()
BRPP2KA.INI -> C:\WINNT\BRPP2KA.INI -> [2010/02/16 09:41:47 | 000,000,027 | ---- | C] ()
BRWMARK.INI -> C:\WINNT\BRWMARK.INI -> [2010/02/16 09:41:46 | 000,000,419 | ---- | C] ()
Brpfx04a.ini -> C:\WINNT\Brpfx04a.ini -> [2010/02/16 09:40:09 | 000,000,210 | ---- | C] ()
brpcfx.ini -> C:\WINNT\brpcfx.ini -> [2010/02/16 09:40:09 | 000,000,093 | ---- | C] ()
bridf06a.dat -> C:\WINNT\System32\bridf06a.dat -> [2010/02/16 09:40:09 | 000,000,050 | ---- | C] ()
CVRPAGE.BMP -> C:\WINNT\CVRPAGE.BMP -> [2010/02/16 09:37:37 | 000,006,224 | ---- | C] ()
brdfxspd.dat -> C:\WINNT\brdfxspd.dat -> [2010/02/16 09:37:34 | 000,000,000 | ---- | C] ()
maxlink.ini -> C:\WINNT\maxlink.ini -> [2010/02/16 09:35:48 | 000,027,019 | ---- | C] ()
tdstemp.002 -> C:\tdstemp.002 -> [2010/02/15 15:59:15 | 000,001,421 | ---- | C] ()
Ad-Aware Update (Daily 4).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 4).job -> [2010/01/30 23:35:02 | 000,000,472 | ---- | C] ()
Ad-Aware Update (Daily 3).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 3).job -> [2010/01/30 23:35:02 | 000,000,472 | ---- | C] ()
Ad-Aware Update (Daily 2).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 2).job -> [2010/01/30 23:35:02 | 000,000,472 | ---- | C] ()
Ad-Aware Update (Daily 1).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 1).job -> [2010/01/30 23:35:02 | 000,000,472 | ---- | C] ()
Ad-Aware Update (Weekly).job -> C:\WINNT\tasks\Ad-Aware Update (Weekly).job -> [2010/01/30 11:19:54 | 000,000,472 | ---- | C] ()
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/01/30 11:13:23 | 000,000,873 | ---- | C] ()
FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010/01/25 22:10:28 | 000,532,360 | ---- | C] ()
RtlCPAPI.dll -> C:\WINNT\System32\RtlCPAPI.dll -> [2009/11/01 22:59:25 | 000,147,456 | ---- | C] ()
qt-dx331.dll -> C:\WINNT\System32\qt-dx331.dll -> [2008/09/19 16:57:34 | 003,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\WINNT\System32\dtu100.dll.manifest -> [2008/09/19 16:55:10 | 000,000,416 | ---- | C] ()
idxcntrs.ini -> C:\WINNT\System32\idxcntrs.ini -> [2007/09/27 09:51:02 | 000,020,698 | ---- | C] ()
gsrvctr.ini -> C:\WINNT\System32\gsrvctr.ini -> [2007/09/27 09:48:48 | 000,030,628 | ---- | C] ()
gthrctr.ini -> C:\WINNT\System32\gthrctr.ini -> [2007/09/27 09:48:28 | 000,031,698 | ---- | C] ()
InsDrvZD.dll -> C:\WINNT\System32\InsDrvZD.dll -> [2007/07/24 16:59:02 | 000,028,672 | ---- | C] ()
InsDrvZD64.DLL -> C:\WINNT\System32\InsDrvZD64.DLL -> [2007/07/24 16:59:02 | 000,015,872 | ---- | C] ()
(null)toolkit.ini -> C:\WINNT\(null)toolkit.ini -> [2007/07/13 18:44:31 | 000,000,113 | ---- | C] ()
ff_vfw.dll -> C:\WINNT\System32\ff_vfw.dll -> [2007/05/25 20:06:45 | 000,010,752 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINNT\System32\ff_vfw.dll.manifest -> [2007/05/25 20:06:45 | 000,000,547 | ---- | C] ()
Start.INI -> C:\WINNT\Start.INI -> [2007/05/08 05:46:49 | 000,000,032 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINNT\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINNT\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 000,026,489 | ---- | C] ()
kodakpcd.MarkMcCloud.ini -> C:\WINNT\kodakpcd.MarkMcCloud.ini -> [2006/06/07 07:58:38 | 000,000,023 | ---- | C] ()
LogonStudio.ini -> C:\WINNT\LogonStudio.ini -> [2006/04/19 17:10:30 | 000,000,024 | ---- | C] ()
JPGUtils.dll -> C:\WINNT\System32\JPGUtils.dll -> [2006/04/19 17:09:57 | 000,187,392 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINNT\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINNT\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 000,026,040 | ---- | C] ()
huffyuv.ini -> C:\WINNT\huffyuv.ini -> [2006/04/11 16:27:12 | 000,000,134 | ---- | C] ()
WB.ini -> C:\WINNT\WB.ini -> [2006/03/25 01:53:47 | 000,000,072 | ---- | C] ()
wbload.dll -> C:\WINNT\System32\wbload.dll -> [2006/03/25 01:49:57 | 000,020,480 | ---- | C] ()
atid.ini -> C:\WINNT\atid.ini -> [2006/01/25 01:51:55 | 000,000,029 | ---- | C] ()
CD-Start.INI -> C:\WINNT\CD-Start.INI -> [2005/11/22 20:37:06 | 000,000,032 | ---- | C] ()
Star Trek Birth of the Federation - Editor.INI -> C:\WINNT\Star Trek Birth of the Federation - Editor.INI -> [2005/10/28 03:42:31 | 000,000,047 | ---- | C] ()
StyleBuilder.INI -> C:\WINNT\StyleBuilder.INI -> [2005/09/02 17:38:36 | 000,000,099 | ---- | C] ()
gscr.dll -> C:\WINNT\gscr.dll -> [2005/06/02 18:51:01 | 000,028,672 | ---- | C] ()
cdplayer.ini -> C:\WINNT\cdplayer.ini -> [2005/05/08 15:58:30 | 000,000,849 | ---- | C] ()
mmpoly.ini -> C:\WINNT\mmpoly.ini -> [2005/04/11 19:00:59 | 000,000,070 | ---- | C] ()
dcstds3.dll -> C:\WINNT\dcstds3.dll -> [2005/03/11 11:09:10 | 000,000,006 | ---- | C] ()
NemuAudio08.ini -> C:\WINNT\System32\NemuAudio08.ini -> [2005/02/12 17:10:38 | 000,000,126 | ---- | C] ()
HDBHO.dll -> C:\WINNT\System32\HDBHO.dll -> [2005/01/28 07:36:56 | 000,208,896 | ---- | C] ()
lq.dll -> C:\WINNT\lq.dll -> [2005/01/28 07:36:56 | 000,007,168 | ---- | C] ()
NMDll.dll -> C:\WINNT\System32\NMDll.dll -> [2005/01/28 07:36:55 | 000,468,480 | ---- | C] ()
yhl.dll -> C:\WINNT\yhl.dll -> [2005/01/28 07:36:54 | 000,020,480 | ---- | C] ()
ODBC.INI -> C:\WINNT\ODBC.INI -> [2005/01/08 20:54:41 | 000,000,480 | ---- | C] ()
Sfc3ng.INI -> C:\WINNT\Sfc3ng.INI -> [2005/01/01 04:50:29 | 000,000,604 | ---- | C] ()
iPlayer.INI -> C:\WINNT\iPlayer.INI -> [2004/12/23 23:58:48 | 000,000,000 | ---- | C] ()
pcfriend.INI -> C:\WINNT\pcfriend.INI -> [2004/11/15 04:32:39 | 000,000,000 | ---- | C] ()
psisdecd.dll -> C:\WINNT\System32\psisdecd.dll -> [2004/10/08 05:11:47 | 000,363,520 | ---- | C] ()
cncs232.dll -> C:\WINNT\System32\cncs232.dll -> [2004/09/15 08:32:10 | 000,286,208 | ---- | C] ()
NemuVideo.ini -> C:\WINNT\System32\NemuVideo.ini -> [2004/08/10 14:53:38 | 000,000,065 | ---- | C] ()
zlib.dll -> C:\WINNT\System32\zlib.dll -> [2004/07/23 22:52:03 | 000,053,760 | ---- | C] ()
devenum(2).dll -> C:\WINNT\System32\devenum(2).dll -> [2004/07/15 13:52:17 | 000,053,248 | ---- | C] ()
winamp.ini -> C:\WINNT\winamp.ini -> [2004/07/15 03:50:02 | 000,001,157 | ---- | C] ()
xvidvfw.dll -> C:\WINNT\System32\xvidvfw.dll -> [2004/06/06 11:53:42 | 000,155,648 | ---- | C] ()
xvidcore.dll -> C:\WINNT\System32\xvidcore.dll -> [2004/06/05 11:56:16 | 000,679,936 | ---- | C] ()
smscfg.ini -> C:\WINNT\smscfg.ini -> [2004/04/15 11:01:41 | 000,000,061 | ---- | C] ()
PCDrSystemInformation.dll -> C:\WINNT\System32\PCDrSystemInformation.dll -> [2004/04/15 10:43:24 | 000,282,624 | ---- | C] ()
PCDrKernelModeServices.dll -> C:\WINNT\System32\PCDrKernelModeServices.dll -> [2004/04/15 10:38:13 | 000,086,016 | ---- | C] ()
ProgressTrace.dll -> C:\WINNT\System32\ProgressTrace.dll -> [2004/04/15 10:38:13 | 000,065,536 | ---- | C] ()
OEMINFO.INI -> C:\WINNT\System32\OEMINFO.INI -> [2004/04/15 10:36:36 | 000,000,699 | ---- | C] ()
libeay32.dll -> C:\WINNT\System32\libeay32.dll -> [2004/03/22 13:22:30 | 000,880,128 | ---- | C] ()
ssleay32.dll -> C:\WINNT\System32\ssleay32.dll -> [2004/03/22 13:22:30 | 000,171,520 | ---- | C] ()
OpenQuicktimeLib.dll -> C:\WINNT\System32\OpenQuicktimeLib.dll -> [2004/01/27 12:13:54 | 000,421,888 | ---- | C] ()
tds3shl.dll -> C:\WINNT\System32\tds3shl.dll -> [2003/06/11 18:05:06 | 000,032,768 | ---- | C] ()
orun32.ini -> C:\WINNT\orun32.ini -> [2003/05/16 12:56:01 | 000,000,873 | ---- | C] ()
MCC16.DLL -> C:\WINNT\System32\MCC16.DLL -> [2002/12/18 15:10:36 | 000,006,048 | ---- | C] ()
OggDS.dll -> C:\WINNT\System32\OggDS.dll -> [2002/10/06 18:42:58 | 000,237,568 | ---- | C] ()
vorbisenc.dll -> C:\WINNT\System32\vorbisenc.dll -> [2002/10/04 23:04:26 | 000,921,600 | ---- | C] ()
vorbis.dll -> C:\WINNT\System32\vorbis.dll -> [2002/10/04 23:04:26 | 000,188,416 | ---- | C] ()
ogg.dll -> C:\WINNT\System32\ogg.dll -> [2002/10/04 23:04:18 | 000,045,056 | ---- | C] ()
mag.dll -> C:\WINNT\System32\mag.dll -> [2002/03/19 17:30:00 | 000,010,752 | ---- | C] ()
msvdm.dll -> C:\WINNT\System32\msvdm.dll -> [2002/03/19 16:30:00 | 000,141,824 | ---- | C] ()
Jpeg32.dll -> C:\WINNT\System32\Jpeg32.dll -> [2002/03/04 10:16:34 | 000,110,592 | R--- | C] ()
PciBus.sys -> C:\WINNT\System32\drivers\PciBus.sys -> [2001/11/19 19:05:18 | 000,003,972 | ---- | C] ()
cpuinf32.dll -> C:\WINNT\System32\cpuinf32.dll -> [2001/09/17 12:20:02 | 000,009,216 | ---- | C] ()
Canon456.dll -> C:\WINNT\System32\Canon456.dll -> [2000/11/15 17:00:00 | 000,000,019 | ---- | C] ()
sysres.dll -> C:\WINNT\System32\sysres.dll -> [1998/08/16 05:00:00 | 000,004,096 | ---- | C] ()
coinst.dll -> C:\WINNT\System32\coinst.dll -> [1980/01/01 00:00:00 | 000,049,152 | ---- | C] ()

[File - Lop Check]
InterTrust -> C:\Documents and Settings\Administrator\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
America Online -> C:\Documents and Settings\All Users\Application Data\America Online -> [2004/07/15 05:51:09 | 000,000,000 | ---D | M]
Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [2005/09/26 02:50:35 | 000,000,000 | ---D | M]
Downloaded Installations -> C:\Documents and Settings\All Users\Application Data\Downloaded Installations -> [2007/06/13 16:13:12 | 000,000,000 | ---D | M]
DriverScanner -> C:\Documents and Settings\All Users\Application Data\DriverScanner -> [2008/12/10 22:08:14 | 000,000,000 | ---D | M]
PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2008/07/09 18:28:54 | 000,000,000 | ---D | M]
ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | M]
SecTaskMan -> C:\Documents and Settings\All Users\Application Data\SecTaskMan -> [2009/08/01 17:00:16 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\All Users\Application Data\Stardock -> [2008/08/19 19:06:37 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/02/26 00:14:18 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2004/07/15 03:54:42 | 000,000,000 | ---D | M]
WholeSecurity -> C:\Documents and Settings\All Users\Application Data\WholeSecurity -> [2009/06/01 09:23:44 | 000,000,000 | ---D | M]
{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> [2010/02/15 16:06:35 | 000,000,000 | -H-D | M]
{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> [2010/01/30 11:13:40 | 000,000,000 | -H-D | M]
InterTrust -> C:\Documents and Settings\Default User\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
Adblock Pro -> C:\Documents and Settings\Guest\Application Data\Adblock Pro -> [2009/02/16 08:51:13 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\Guest\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\LocalService\Application Data\JGsoft -> [2009/03/15 03:42:23 | 000,000,000 | ---D | M]
acccore -> C:\Documents and Settings\Owner\Application Data\acccore -> [2006/12/29 17:11:26 | 000,000,000 | ---D | M]
Adblock Pro -> C:\Documents and Settings\Owner\Application Data\Adblock Pro -> [2008/08/25 17:18:15 | 000,000,000 | ---D | M]
Aim -> C:\Documents and Settings\Owner\Application Data\Aim -> [2004/08/11 21:31:59 | 000,000,000 | ---D | M]
Desktop Sidebar -> C:\Documents and Settings\Owner\Application Data\Desktop Sidebar -> [2008/06/22 21:24:26 | 000,000,000 | ---D | M]
Exodus -> C:\Documents and Settings\Owner\Application Data\Exodus -> [2005/02/10 17:54:19 | 000,000,000 | ---D | M]
FileMaker -> C:\Documents and Settings\Owner\Application Data\FileMaker -> [2005/09/24 15:37:20 | 000,000,000 | ---D | M]
fltk.org -> C:\Documents and Settings\Owner\Application Data\fltk.org -> [2005/02/03 00:53:12 | 000,000,000 | ---D | M]
fofix -> C:\Documents and Settings\Owner\Application Data\fofix -> [2010/02/11 07:11:17 | 000,000,000 | ---D | M]
gen_ff v1.04 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.04 -> [2004/09/23 05:53:06 | 000,000,000 | ---D | M]
gen_ff v1.05 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.05 -> [2005/05/23 22:23:42 | 000,000,000 | ---D | M]
gen_ff v1.07 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.07 -> [2006/03/21 10:03:47 | 000,000,000 | ---D | M]
IMVU -> C:\Documents and Settings\Owner\Application Data\IMVU -> [2007/05/04 00:55:12 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\Owner\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\Owner\Application Data\InterVideo -> [2004/08/08 16:45:01 | 000,000,000 | ---D | M]
IObit -> C:\Documents and Settings\Owner\Application Data\IObit -> [2010/01/24 02:06:11 | 000,000,000 | ---D | M]
IP Lookup v2.0 -> C:\Documents and Settings\Owner\Application Data\IP Lookup v2.0 -> [2005/08/24 19:14:20 | 000,000,000 | ---D | M]
IrfanView -> C:\Documents and Settings\Owner\Application Data\IrfanView -> [2008/08/16 20:20:41 | 000,000,000 | ---D | M]
JAM Software -> C:\Documents and Settings\Owner\Application Data\JAM Software -> [2008/11/14 01:46:10 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\Owner\Application Data\JGsoft -> [2007/04/23 05:26:01 | 000,000,000 | ---D | M]
Kazaa Lite -> C:\Documents and Settings\Owner\Application Data\Kazaa Lite -> [2004/07/16 21:25:11 | 000,000,000 | ---D | M]
Kontiki -> C:\Documents and Settings\Owner\Application Data\Kontiki -> [2004/08/16 10:53:15 | 000,000,000 | ---D | M]
Offline Explorer -> C:\Documents and Settings\Owner\Application Data\Offline Explorer -> [2005/01/28 10:39:53 | 000,000,000 | ---D | M]
SanDisk -> C:\Documents and Settings\Owner\Application Data\SanDisk -> [2009/04/07 18:34:39 | 000,000,000 | ---D | M]
SecondLife -> C:\Documents and Settings\Owner\Application Data\SecondLife -> [2007/07/28 19:03:13 | 000,000,000 | ---D | M]
SecondLife(2) -> C:\Documents and Settings\Owner\Application Data\SecondLife(2) -> [2005/07/12 03:24:20 | 000,000,000 | ---D | M]
Shareaza -> C:\Documents and Settings\Owner\Application Data\Shareaza -> [2008/02/17 16:37:29 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\Owner\Application Data\Stardock -> [2008/08/19 19:18:59 | 000,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\Owner\Application Data\Thunderbird -> [2009/12/15 19:48:38 | 000,000,000 | ---D | M]
Trillian -> C:\Documents and Settings\Owner\Application Data\Trillian -> [2009/01/10 04:01:34 | 000,000,000 | ---D | M]
Uniblue -> C:\Documents and Settings\Owner\Application Data\Uniblue -> [2008/12/10 22:08:15 | 000,000,000 | ---D | M]
ViStart -> C:\Documents and Settings\Owner\Application Data\ViStart -> [2007/12/01 23:22:54 | 000,000,000 | ---D | M]
Windows Desktop Search -> C:\Documents and Settings\Owner\Application Data\Windows Desktop Search -> [2008/07/25 05:45:23 | 000,000,000 | ---D | M]
Windows Live Writer -> C:\Documents and Settings\Owner\Application Data\Windows Live Writer -> [2009/04/01 09:19:23 | 000,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\Owner\Application Data\Windows Search -> [2008/07/29 06:15:42 | 000,000,000 | ---D | M]
Witty -> C:\Documents and Settings\Owner\Application Data\Witty -> [2009/06/27 07:29:06 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\SusanCheetah\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\SusanCheetah\Application Data\InterVideo -> [2005/07/12 03:24:53 | 000,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\SusanCheetah\Application Data\Thunderbird -> [2004/09/30 17:04:05 | 000,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\SusanCheetah\Application Data\Windows Search -> [2010/02/16 05:42:21 | 000,000,000 | ---D | M]
Ad-Aware Update (Daily 1).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 1).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 2).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 2).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 3).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 3).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 4).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 4).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINNT\Tasks\Ad-Aware Update (Weekly).job -> [2010/02/23 07:47:12 | 000,000,472 | ---- | M] ()
EasyShare Registration RunOnce Task.job -> C:\WINNT\Tasks\EasyShare Registration RunOnce Task.job -> [2008/03/02 19:10:10 | 000,000,458 | ---- | M] ()
EasyShare Registration Task.job -> C:\WINNT\Tasks\EasyShare Registration Task.job -> [2008/03/02 19:09:29 | 000,000,444 | ---- | M] ()
SmartDefrag.job -> C:\WINNT\Tasks\SmartDefrag.job -> [2010/01/24 02:06:44 | 000,000,396 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< %ProgramFiles%\Movie Maker\*.dll >
wmm2ae.dll -> C:\Program Files\Movie Maker\wmm2ae.dll -> [2008/04/13 19:12:09 | 000,167,936 | ---- | M] (Microsoft Corporation)
wmm2eres.dll -> C:\Program Files\Movie Maker\wmm2eres.dll -> [2008/04/13 19:12:09 | 000,004,096 | ---- | M] (Microsoft Corporation)
wmm2ext.dll -> C:\Program Files\Movie Maker\wmm2ext.dll -> [2008/04/13 19:12:09 | 000,007,680 | ---- | M] (Microsoft Corporation)
wmm2filt.dll -> C:\Program Files\Movie Maker\wmm2filt.dll -> [2008/04/13 19:12:09 | 000,402,432 | ---- | M] (Microsoft Corporation)
wmm2fxa.dll -> C:\Program Files\Movie Maker\wmm2fxa.dll -> [2008/04/13 19:12:09 | 000,502,272 | ---- | M] (Microsoft Corporation)
wmm2fxb.dll -> C:\Program Files\Movie Maker\wmm2fxb.dll -> [2008/04/13 19:12:09 | 000,325,632 | ---- | M] (Microsoft Corporation)
wmm2res.dll -> C:\Program Files\Movie Maker\wmm2res.dll -> [2008/04/13 19:12:09 | 004,256,768 | ---- | M] (Microsoft Corporation)
wmm2res2.dll -> C:\Program Files\Movie Maker\wmm2res2.dll -> [2008/04/13 19:12:09 | 000,005,632 | ---- | M] (Microsoft Corporation)
wmmfilt.dll -> C:\Program Files\Movie Maker\wmmfilt.dll -> [2002/08/29 07:00:00 | 000,110,648 | ---- | M] (Microsoft Corporation)
wmmres.dll -> C:\Program Files\Movie Maker\wmmres.dll -> [2002/08/29 07:00:00 | 000,319,542 | ---- | M] (Microsoft Corporation)
wmmutil.dll -> C:\Program Files\Movie Maker\wmmutil.dll -> [2002/08/29 07:00:00 | 000,163,897 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: ALLUSERSAPPDATA
< %SYSTEMROOT%\*.tmp >
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
< %PROGRAMFILES%\Internet Explorer\*.dll >
custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2006/11/07 21:03:36 | 000,033,792 | ---- | M] (Microsoft Corporation)
hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2009/03/08 03:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation)
iecompat.dll -> C:\Program Files\Internet Explorer\iecompat.dll -> [2009/10/01 23:44:07 | 000,092,160 | ---- | M] (Microsoft Corporation)
iedvtool.dll -> C:\Program Files\Internet Explorer\iedvtool.dll -> [2009/03/08 03:35:32 | 000,742,912 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2009/12/21 14:14:03 | 000,246,272 | ---- | M] (Microsoft Corporation)
jsdbgui.dll -> C:\Program Files\Internet Explorer\jsdbgui.dll -> [2009/03/08 03:35:02 | 000,521,216 | ---- | M] (Microsoft Corporation)
jsdebuggeride.dll -> C:\Program Files\Internet Explorer\jsdebuggeride.dll -> [2009/03/08 03:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation)
JSProfilerCore.dll -> C:\Program Files\Internet Explorer\JSProfilerCore.dll -> [2009/03/08 03:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation)
jsprofilerui.dll -> C:\Program Files\Internet Explorer\jsprofilerui.dll -> [2009/03/08 03:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation)
pdm.dll -> C:\Program Files\Internet Explorer\pdm.dll -> [2009/01/07 17:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation)
sqmapi.dll -> C:\Program Files\Internet Explorer\sqmapi.dll -> [2009/01/07 17:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation)
xpshims.dll -> C:\Program Files\Internet Explorer\xpshims.dll -> [2009/12/21 14:14:05 | 000,012,800 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: DriveLetter
< %systemroot%\system32\*.dll /lockedfiles >
13 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp ->
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS /md5 /s >
AGP440.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\ServicePackFiles\i386\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\system32\dllcache\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\system32\drivers\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINNT\$NtServicePackUninstall$\agp440.sys -> [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS /md5 /s >
atapi.sys : .cab file -> C:\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINNT\system32\ReinstallBackups�06\DriverFiles\i386\atapi.sys -> [2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\system32\dllcache\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\system32\drivers\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINNT\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
< %systemdrive%\EVENTLOG.DLL /md5 /s >
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\system32\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINNT\$NtServicePackUninstall$\eventlog.dll -> [2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation)
EventLog.dll : MD5=CAD468899536326818AE00BF0A750F9C -> C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll -> [2004/12/13 10:37:30 | 000,028,791 | ---- | M] ()
< %systemdrive%\IASTOR.SYS /md5 /s >
iaStor.sys : MD5=18E3972D9632485D80D609D4674F9D83 -> C:\OEMDRVRS\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
iaStor.sys : MD5=18E3972D9632485D80D609D4674F9D83 -> C:\WINNT\system32\drivers\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
< %systemdrive%\NETLOGON.DLL /md5 /s >
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\system32\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINNT\$NtServicePackUninstall$\netlogon.dll -> [2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SCECLI.DLL /md5 /s >
scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINNT\$NtServicePackUninstall$\scecli.dll -> [2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\system32\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
13 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp ->
< %systemroot%\Tasks\*.job /lockedfiles >
< c:\$recycle.bin\*.* /s >
Restore point Set: OTS Restore Point (0)

[Alternate Data Streams]
@Alternate Data Stream - 479 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 88 bytes -> C:\WINNT\sndvol32.exe:SummaryInformation
< End of report >[/code]

Share this post


Link to post
Share on other sites
Hey [b]Avanguard[/b],

I don't see much in your log, let's run some scans shall we? ;)

[color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color]

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Avira AntiVir and Spybot Teatimer[/b]) as it/they may hinder the tools from running. Instructions is in the link below:

[url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url]

[color="#8B0000"][b][size=5]1)[/size] Run ComboFix[/b][/color]

Download ComboFix from one of these locations:

[url="http://subs.geekstogo.com/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url]
[url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url]
[url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 3[/color][/b][/url]

[color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color]
[list]
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[/list]
[color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]

[CENTER][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/CENTER]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img]

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] in your next reply.

[color="#8B0000"][b][size=5]2)[/size] Run Malwarebytes Anti-Malware[/b][/color]

Please download Malwarebytes' Anti-Malware from [url="http://www.besttechie.net/tools/mbam-setup.exe"][color="#2E8B57"][b]Here[/b][/color][/url] or [url="http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"][color="#2E8B57"][b]Here[/b][/color][/url]

Double Click mbam-setup.exe to install the application.[list]
[*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b].
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b].
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
[/list]Extra Note:
[color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.[/b][/color]

[b]Next reply (please include in your post):[/b]

ComboFix.txt
MBAM scan log

Share this post


Link to post
Share on other sites
I'll go a bit farther. This generated an extra report log. It will be included in case it means anything. ComboFix did quarantine some items though (like sndrec32.exe) and disabled certain sound functions of my ISP client.

It also kept saying my antivir guard was enabled even though its tray icon and status said it wasn't.

~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 10-02-27.04 - MarkMcCloud 02/28/2010 20:09:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.389 [GMT -5:00]
Running from: h:\documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG309.tmp
C:\LOG30C.tmp
C:\LOG30E.tmp
C:\LOG30F.tmp
C:\LOG38.tmp
C:\LOG5.tmp
c:\recycler\NPROTECT
C:\Thumbs.db
c:\winnt\Downloaded Program Files\popcaploader.inf
c:\winnt\sndrec32.exe
c:\winnt\system32\SHELLLNK.TLB
c:\winnt\system32\Vb40032.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLAYERGATEWAYMGR


((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-02-17 13:50 . 2010-02-17 13:50 -------- dc----w- c:\documents and settings\SusanCheetah\Application Data\AdobeUM
2010-02-16 19:49 . 2010-02-16 19:49 -------- dc----w- c:\documents and settings\SusanCheetah\Local Settings\Application Data\Adobe
2010-02-16 19:00 . 2010-02-16 19:00 -------- dc----w- c:\documents and settings\SusanCheetah\Local Settings\Application Data\Apple Computer
2010-02-16 14:40 . 2010-02-16 14:40 50 -c--a-w- c:\winnt\system32\bridf06a.dat
2010-02-16 14:38 . 2006-02-24 22:27 1492480 -c--a-w- c:\winnt\system32\BrWia06a.dll
2010-02-16 14:38 . 2005-12-13 15:53 38912 -c--a-w- c:\winnt\system32\BrUsi06a.dll
2010-02-16 14:38 . 2004-10-15 17:50 15295 -c--a-w- c:\winnt\system32\drivers\BrScnUsb.sys
2010-02-16 14:38 . 2006-02-16 23:49 52736 -c--a-w- c:\winnt\system32\brinsstr.dll
2010-02-16 14:37 . 2005-06-02 06:09 86016 -c--a-w- c:\winnt\system32\BrWebIns.dll
2010-02-16 14:37 . 2005-06-02 06:08 69632 -c--a-w- c:\winnt\system32\BRWEBUP.EXE
2010-02-16 14:37 . 2004-12-03 06:26 188416 -c--a-w- c:\winnt\system32\PDRVINST.DLL
2010-02-16 14:37 . 2006-01-17 06:03 126976 -c--a-w- c:\winnt\system32\BrfxD05a.dll
2010-02-16 14:37 . 2003-11-28 23:57 0 -c--a-w- c:\winnt\brdfxspd.dat
2010-02-16 14:37 . 2010-02-16 14:38 -------- dc----w- c:\program files\Brother
2010-02-16 14:37 . 2004-12-10 21:35 147456 -c--a-w- c:\winnt\brunin03.dll
2010-02-16 14:35 . 2010-02-16 14:35 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\program files\Common Files\ScanSoft Shared
2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\program files\ScanSoft
2010-02-16 14:34 . 2010-02-16 14:34 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-02-16 14:33 . 2010-02-16 14:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Brother
2010-02-16 10:42 . 2010-02-16 10:42 -------- dc----w- c:\documents and settings\SusanCheetah\Application Data\Windows Search
2010-02-15 23:03 . 2010-02-15 23:03 -------- dcsh--w- c:\documents and settings\SusanCheetah\IETldCache
2010-02-15 23:00 . 2008-04-13 19:45 32128 -c--a-w- c:\winnt\system32\drivers\usbccgp.sys
2010-02-15 23:00 . 2008-04-13 19:45 32128 -c--a-w- c:\winnt\system32\dllcache\usbccgp.sys
2010-02-15 12:12 . 2010-02-15 12:12 -------- dc----w- c:\program files\Trillian
2010-02-11 12:11 . 2010-02-11 12:11 -------- dc----w- c:\documents and settings\Owner\Application Data\fofix
2010-01-30 16:15 . 2009-12-02 13:19 64288 -c--a-w- c:\winnt\system32\drivers\Lbd.sys
2010-01-30 16:15 . 2010-02-16 14:38 -------- dc----w- c:\winnt\system32\DRVSTORE
2010-01-30 16:13 . 2010-01-30 16:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 01:19 . 2004-07-15 10:49 -------- dc----w- c:\program files\wmconnect
2010-02-16 14:37 . 2004-04-15 15:36 -------- dc----w- c:\program files\Common Files\InstallShield
2010-02-16 14:37 . 2004-04-15 15:36 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-02-15 21:41 . 2009-04-01 08:06 -------- dc----w- c:\program files\Windows Live
2010-02-15 21:06 . 2008-08-20 00:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2010-02-15 11:59 . 2004-08-12 17:56 -------- dc----w- c:\program files\Mozilla Thunderbird
2010-02-15 09:23 . 2004-07-15 08:53 -------- dc----w- c:\program files\GetRight
2010-02-15 08:37 . 2004-07-15 08:46 -------- dc----w- c:\program files\mIRC
2010-02-14 18:52 . 2006-11-29 07:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2010-02-14 18:43 . 2004-10-16 01:14 -------- dc----w- c:\program files\Google
2010-02-14 18:36 . 2004-07-20 09:16 -------- dc----w- c:\program files\Audacity
2010-02-14 04:39 . 2004-07-15 08:49 -------- dc----w- c:\program files\Semagic
2010-01-30 16:12 . 2004-07-15 23:25 -------- dc----w- c:\program files\Lavasoft
2010-01-30 16:12 . 2007-11-17 09:45 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 12:48 . 2004-08-06 01:53 -------- dc----w- c:\program files\Common Files\Java
2010-01-28 12:47 . 2004-08-06 02:15 -------- dc----w- c:\program files\Java
2010-01-26 03:11 . 2008-07-01 16:14 -------- dc----w- c:\program files\Microsoft Silverlight
2010-01-26 03:10 . 2010-01-26 03:10 532360 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-24 07:06 . 2010-01-24 07:06 -------- dc----w- c:\documents and settings\Owner\Application Data\IObit
2010-01-23 07:10 . 2009-02-05 00:48 -------- dc----w- c:\program files\Microsoft
2010-01-20 12:26 . 2005-10-30 12:24 12288 -csha-w- c:\program files\Thumbs.db
2010-01-20 12:08 . 2008-03-12 19:21 -------- dc----w- c:\program files\MozBackup
2009-12-24 16:07 . 2004-08-11 17:37 45632 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 19:14 . 2006-04-28 14:58 916480 -c--a-w- c:\winnt\system32\wininet.dll
2009-12-17 22:14 . 2008-12-02 00:46 411368 -c--a-w- c:\winnt\system32\deploytk.dll
2009-12-16 07:00 . 2009-05-12 14:27 56816 ----a-w- c:\winnt\system32\drivers\avgntflt.sys
2005-10-05 21:45 . 2005-10-05 21:45 21 -c--a-w- c:\program files\AVPersonalAVWIN.INI
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-07 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2005-06-21 126976]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2005-01-23 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\winnt\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\winnt\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]
backup=c:\winnt\pss\Hawking Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\winnt\pss\Kodak EasyShare software.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
backup=c:\winnt\pss\KODAK Picture Transfer Software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\winnt\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wal-Mart Connect Tray Icon.lnk]
backup=c:\winnt\pss\Wal-Mart Connect Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\winnt\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\winnt\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk]
backup=c:\winnt\pss\ZoneAlarm Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PhoneBOT Tray Icon.lnk]
backup=c:\winnt\pss\PhoneBOT Tray Icon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=c:\winnt\pss\YouTube Uploader.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StarSkin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\strto
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2003-03-26 17:15 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-08-10 15:37 61440 -c--a-w- c:\progra~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-03-28 20:48 622592 -c--a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-04-10 19:58 61440 -c--a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2004-02-23 08:16 144896 -c--a-w- c:\program files\AIM\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
2002-12-12 04:14 46592 -c--a-w- c:\winnt\system32\dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-02 10:21 133104 -c--atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 16:36 155648 -c--a-w- c:\winnt\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 -c----w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 03:13 385024 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-05-08 19:26 208941 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 23:02 49152 -c--a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 15:22 155648 -c--a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-06-04 02:05 32881 -c--a-w- c:\program files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-05-08 19:26 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 -c--a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PhoneBOTService"=2 (0x2)
"NPFMntor"=2 (0x2)
"navapsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"SharedAccess"=2 (0x2)
"wscsvc"=2 (0x2)
"CiSvc"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [1/30/2010 11:15 AM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/12/2009 9:27 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
R2 PackethSvc;Virtual NIC Service;c:\winnt\system32\PackethSvc.exe [7/15/2004 5:51 AM 64512]
R2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [6/3/2006 11:36 AM 36864]
S1 ntiomin;ntiomin; [x]
S1 rxp;rxp;\??\c:\winnt\system32\drivers\rxp.sys --> c:\winnt\system32\drivers\rxp.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\winnt\system32\drivers\BRGSp50.sys [7/24/2007 4:59 PM 20608]
S3 dsiarhwprog;dsiarhwprog;c:\winnt\system32\drivers\dsiarhwprog.sys [12/30/2009 5:49 PM 29184]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 VtcDrv;Philips SA60xx Recovery Device;c:\winnt\system32\drivers\vtcdrv.sys [12/29/2007 5:17 PM 18560]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\winnt\system32\drivers\ZD1211BU.sys [7/24/2007 4:59 PM 402432]
.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2010-03-01 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:39]

2009-02-09 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 10:21]
.
.
------- Supplementary Scan -------
.
uStart Page = www.gateway.net/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Block This Image (ABP) - e:\program files\Adblock Pro\blockimg.html
IE: &Download All with FlashGet - e:\hard drive\Program Files\FlashGet\jc_all.htm
IE: &Download with FlashGet - e:\hard drive\Program Files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Semagic - c:\program files\Semagic\link.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: adobe.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://i.grab.com/media/3ef815/games/files/663/popcaploader_v6.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.livejournal.com/users/markmccloud/friends/
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LogonStudio - e:\hard drive\Program Files\WinCustomize\LogonStudio\logonstudio.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-DivXOP - c:\program files\TGTSoft\StyleXP\StyleXP.exe
MSConfigStartUp-ImpulseFastStart - e:\program files\Stardock\Impulse\Impulse.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~2.DLL
MSConfigStartUp-spc_w - c:\program files\NZSearch\nzspc.exe
AddRemove-Adblock Pro - e:\program files\Adblock Pro\uninst.exe
AddRemove-Adobe Photoshop 7.0 - e:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-Birth of the Federation version 1.0.2 - e:\program files\botf\Uninst.isu
AddRemove-EvilLyrics - e:\hard drive\Program Files\EvilLyrics\uninst.exe
AddRemove-FlashGet - e:\hard drive\Program Files\FlashGet\uninst.exe
AddRemove-HijackThis - e:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-ITM 99 - e:\hard drive\program files\Technical Manual 99\UninstITM.isu
AddRemove-LogonStudio - e:\harddr~1\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE
AddRemove-Mobile Music Polyphonic - c:\program files\MobileMusic\Mobile Music Polyphonic\Uninst.isu
AddRemove-MozBackup 1.4_is1 - c:\program files\MozBackup 1.4\unins000.exe
AddRemove-MPMP v2.0 Alpha and Fed Pack 1 Install - c:\winnt\unvise32.exe
AddRemove-Orion RC2 - c:\windows\Resources\Themes\Orion\Uninstal.exe
AddRemove-Picasa 3 - e:\program files\Google\Picasa3\Uninstall.exe
AddRemove-ResEdit - c:\program files\TGTSoft\ResEdit\ResEdit-uninstall.exe
AddRemove-SLAMRMO - c:\winnt\Modio\SLAMR2KO\Setup.exe
AddRemove-Smart Defrag_is1 - e:\program files\IObit\IObit SmartDefrag\unins000.exe
AddRemove-Themexp.org File - c:\progra~1\themexp\THEMEX~1.ORG\UNWISE.EXE
AddRemove-VisiPics_is1 - e:\program files\VisiPics\unins000.exe
AddRemove-Visual Task Tips - e:\program files\Windows XP Enhancements\VisualTaskTips\uninst.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xtvwic1r.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-02-28 20:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINNT\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINNT\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINNT\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINNT\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINNT\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINNT\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINNT\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINNT\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINNT\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINNT\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINNT\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINNT\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINNT\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINNT\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINNT\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINNT\\system32\\syncui.dll,0"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="shell32.dll,220"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\Common Files\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(2892)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\winnt\System32\DRIVERS\dcfssvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\wanmpsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\winnt\system32\SearchIndexer.exe
c:\program files\Common Files\Stardock\SDMCP.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-02-28 21:02:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-01 02:02

Pre-Run: 23,344,123,904 bytes free
Post-Run: 24,299,372,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - BC70403284DE08701410A9638817FEA6

~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware 1.44
Database version: 3808
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/28/2010 9:47:31 PM
mbam-log-2010-02-28 (21-47-31).txt

Scan type: Quick Scan
Objects scanned: 150988
Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02dca195-602b-4b1f-83ff-381b7e804bdb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02dca195-602b-4b1f-83ff-381b7e804bdb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\HDBHO.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

~~~~~~~~~~~~~~~~~~~~~~~~~~

2010-03-01 02:00:37 . 2010-03-01 02:00:37 1,068 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29}.reg.dat
2010-03-01 02:00:37 . 2010-03-01 02:00:37 1,132 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9}.reg.dat
2010-03-01 02:00:37 . 2010-03-01 02:00:37 1,522 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Winamp Toolbar for Firefox.reg.dat
2010-03-01 02:00:37 . 2010-03-01 02:00:37 934 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Visual Task Tips.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 1,246 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-VisiPics_is1.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 572 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Themexp.org File.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 2,130 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Smart Defrag_is1.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 776 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-SLAMRMO.reg.dat
2010-03-01 02:00:36 . 2010-03-01 02:00:36 496 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ResEdit.reg.dat
2010-03-01 02:00:35 . 2010-03-01 02:00:35 928 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Picasa 3.reg.dat
2010-03-01 02:00:35 . 2010-03-01 02:00:35 454 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Orion RC2.reg.dat
2010-03-01 02:00:35 . 2010-03-01 02:00:35 728 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-MPMP v2.0 Alpha and Fed Pack 1 Install.reg.dat
2010-03-01 02:00:35 . 2010-03-01 02:00:35 1,748 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-MozBackup 1.4_is1.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 602 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Mobile Music Polyphonic.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 580 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-LogonStudio.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 530 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ITM 99.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 878 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-HijackThis.reg.dat
2010-03-01 02:00:34 . 2010-03-01 02:00:34 838 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-FlashGet.reg.dat
2010-03-01 02:00:33 . 2010-03-01 02:00:33 470 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-EvilLyrics.reg.dat
2010-03-01 02:00:33 . 2010-03-01 02:00:33 484 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Birth of the Federation version 1.0.2.reg.dat
2010-03-01 02:00:33 . 2010-03-01 02:00:33 1,958 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Photoshop 7.0.reg.dat
2010-03-01 02:00:33 . 2010-03-01 02:00:33 702 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adblock Pro.reg.dat
2010-03-01 01:59:23 . 2010-03-01 01:59:23 580 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-spc_w.reg.dat
2010-03-01 01:59:23 . 2010-03-01 01:59:23 646 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-New.reg.dat
2010-03-01 01:59:22 . 2010-03-01 01:59:22 642 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ImpulseFastStart.reg.dat
2010-03-01 01:59:21 . 2010-03-01 01:59:21 604 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DivXOP.reg.dat
2010-03-01 01:59:21 . 2010-03-01 01:59:21 622 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Aim6.reg.dat
2010-03-01 01:58:53 . 2010-03-01 01:58:53 183 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-LogonStudio.reg.dat
2010-03-01 01:17:49 . 2010-03-01 01:17:49 916 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_APPLAYERGATEWAYMGR.reg.dat
2010-03-01 01:17:08 . 2010-03-01 01:17:08 8,967 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-02-28 23:11:40 . 2010-02-28 23:11:40 51 -c--a-w- C:\Qoobox\Quarantine\catchme.log
2008-03-05 02:30:45 . 2008-03-05 02:30:45 6,144 -c--a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2007-12-17 12:37:52 . 2007-12-17 12:37:52 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG38.tmp.vir
2007-12-16 20:58:22 . 2007-12-16 20:58:22 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG5.tmp.vir
2007-12-15 17:36:33 . 2007-12-15 17:36:33 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG30F.tmp.vir
2007-12-15 09:52:41 . 2007-12-15 09:52:41 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG30E.tmp.vir
2007-12-15 09:44:05 . 2007-12-15 09:44:05 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG30C.tmp.vir
2007-12-15 09:10:20 . 2007-12-15 09:10:20 0 -c--a-w- C:\Qoobox\Quarantine\C\LOG309.tmp.vir
2004-08-18 19:47:58 . 2004-08-18 19:47:58 241 -c--a-w- C:\Qoobox\Quarantine\C\WINNT\Downloaded Program Files\popcaploader.inf.vir
2003-05-16 16:25:12 . 2002-08-29 12:00:00 124,416 -c--a-w- C:\Qoobox\Quarantine\C\WINNT\sndrec32.exe.vir
2001-11-29 16:57:16 . 2001-11-29 16:57:16 6,114 -c--a-w- C:\Qoobox\Quarantine\C\WINNT\system32\SHELLLNK.TLB.vir
2000-01-05 18:52:10 . 2000-01-05 18:52:10 722,192 -c--a-w- C:\Qoobox\Quarantine\C\WINNT\system32\Vb40032.dll.vir Edited by Avanguard

Share this post


Link to post
Share on other sites
Hey [b]Avanguard[/b],

Apologies for the delay, I had internet connection problems today. I'll get back with a fix by tomorrow, thank you for your patience. :rolleyes:

Share this post


Link to post
Share on other sites
Hey [b]Avanguard[/b],

Strange that the sound functions from your ISP is disabled. Can you try contacting your ISP to rectify it? I highly doubt it's caused by the tools we ran.

I don't see much in your log, we'll do some more scans and check on some files. :lol:

[color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color]

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Avira AntiVir and Spybot Teatimer[/b]) as it/they may hinder the tools from running. Instructions is in the link below:

[url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url]

[color="#8B0000"][b][size=5]1)[/size] Upload file for analysis[/b][/color]

To enable the viewing of Hidden files follow these steps:
[list]
[*]Close all programs so that you are at your desktop.
[*]Double-click on the [b]My Computer[/b] icon.
[*]Select the [b]Tools[/b] menu and click [b]Folder Options[/b].
[*]After the new window appears select the [b]View[/b] tab.
[*]Put a checkmark in the checkbox labeled [b]Display the contents of system folders[/b].
[*]Under the [u]Hidden files and folders[/u] section select the radio button labeled [b]Show hidden files and folders[/b].
[*]Remove the checkmark from the checkbox labeled [b]Hide file extensions for known file types[/b].
[*]Remove the checkmark from the checkbox labeled [b]Hide protected operating system files[/b].
[*]Press the [b]Apply[/b] button and then the [b]OK[/b] button and close My Computer.
[*]Now your computer is configured to show all hidden files.
[/list][i][b]NEXT[/b][/i][list]
[*]Please go to [url="http://virscan.org/"][color="red"] VirSCAN.org FREE on-line scan service[/color][/url]
[*]Copy and paste the following file path into the [b]"Suspicious files to scan"[/b]box on the top of the page:
[list]
[*][b]c:\winnt\brunin03.dll[/b]
[/list]
[*] Click on the [b]Upload[/b] button
[*] Once the Scan is completed, click on the "[b]Copy to Clipboard[/b]" button. This will copy the link of the report into the Clipboard.
[*] Paste the contents of the Clipboard in your next reply.
[/list][color="#8B0000"][b][size=5]2)[/size] Run scan with Dr Web[/b][/color]

Download [url="ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe"][b] [color="red"]Dr.Web CureIt[/color][/b][/url] to the desktop.[list]
[*]Doubleclick the [b]drweb-cureit.exe[/b] file, then on [b]Start[/b] and allow to run the express scan
[*]This will scan the files currently running in memory and when something is found, click the [b]yes[/b] button when it asks you if you want to cure it. This is only a short scan.
[*]Once the short scan has finished, chose the [b]Complete Scan[/b].
[*]Select all drives. A red dot shows which drives have been chosen.
[*]Click the green arrow [img]http://perplexus.geekstogo.com/drweb_green_arrow.jpg[/img] at the right, and the scan will start.
[*]Click [b]'Yes to all'[/b] if it asks if you want to cure/move the file.
[*]When the scan has finished, look and see if you can click the following icon next to the files found:
[img]http://perplexus.geekstogo.com/drweb_check.gif[/img]
[*]If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
[img]http://perplexus.geekstogo.com/drweb_move.gif[/img]
[*]This will move it to the [b]%userprofile%\DoctorWeb\quarantaine-folder[/b] if it can't be cured. (this in case if we need samples)
[*]After selecting, in the [b]Dr.Web CureIt[/b] menu on top, click file and choose save report list
[*]Save the report to your desktop. The report will be called [b]DrWeb.csv[/b]
[*][b]Close Dr.Web Cureit[/b].
[*][b][color="red"]Reboot your computer[/color][/b] to allow files that were in use to be moved/deleted during reboot.
[*]After reboot, post the contents of the log from [b]Dr.Web[/b] you saved previously in your next reply along with a new [b]OTL log[/b].
[/list][b]NOTE[/b]: [i] During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on [b]X[/b] in upper right corner.[/i]

[color="#8B0000"][b][size=5]3)[/size] Run Kaspersky Webscanner[/b][/color]

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under [b]Upgrading Java[/b], to download and install the latest vesion.

[b]Upgrading Java[/b]:[list]
[*]Download the latest version of [url="http://java.sun.com/javase/downloads/index.jsp"][b][color="Red"]Java SE Runtime Environment (JRE)JRE 6 Update 18[/color][/b][/url].
[*]Click the "[b]Download[/b]" button to the right.
[*]Select your Platform and check the box that says: "[b]I agree to the Java SE Runtime Environment 6 License Agreement.[/b]".
[*]Click on [b]Continue[/b].
[*]Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
[*]Close any programs you may have running - especially your web browser.
[*]Go to [b]Start[/b] > [b]Control Panel[/b], double-click on [b]Add/Remove [/b]programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment [b](JRE or J2SE)[/b] in the name.
[*]Click the Remove or Change/Remove button.
[*]Repeat as many times as necessary to remove each Java version.
[*]Reboot your computer once all Java components are removed.
[*]Make sure the C:\Program Files\JAVA folder is removed.
[*]Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the [b]jre-6u18-windows-i586.exe[/b] and select "Run as an Administrator.")
[/list][i][b]THEN[/b][/i]

Please do an online scan with [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][color="#3333FF"]Kaspersky WebScanner[/color][/url][list=1]
[*]Read through the requirements and privacy statement and click on [b]Accept[/b] button.
[*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click [b]Run[/b].
[*]When the downloads have finished, click on [b]Settings[/b].
[*]Make sure the following is checked.[list][b]Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases[/b]
[/list]
[*]Click on [b]My Computer[/b] under [b]Scan[/b].
[*]Once the scan is complete, it will display the results. Click on [b]View Scan Report[/b].
[*]You will see a list of infected items there. Click on [b]Save Report As...[/b].
[*]Save this report to a convenient place. Change the [b]Files of type[/b] to [b]Text file (.txt)[/b] before clicking on the [b]Save[/b] button.
[*]Please post this log in your next reply.
[/list]
[b]Next reply (please include in your post):[/b]

Virscan report
Dr Web log
Kaspersky scan log

Share this post


Link to post
Share on other sites
The Kaspersky took the most time. 56k internet connections don't blend well with online virus scans. Logs will follow and may take more than one post, starting with the fresh OTS.

~~~~~~~~~~
OTS

OTS logfile created on: 3/6/2010 2:29:10 AM - Run 2
OTS by OldTimer - Version 3.1.22.1 Folder = H:\Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 22.41 Gb Free Space | 60.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 988.73 Mb Total Space | 924.25 Mb Free Space | 93.48% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: LYNDIS
Current User Name: MarkMcCloud
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
scanningprocess.exe -> C:\Documents and Settings\Owner\Local Settings\temp\jkos-MarkMcCloud\binaries\ScanningProcess.exe -> [2010/03/05 05:22:39 | 000,139,264 | ---- | M] (Kaspersky Lab.)
ots.exe -> H:\Documents\Downloads\OTS.exe -> [2010/02/23 06:37:44 | 000,632,832 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/01/30 22:33:04 | 001,181,328 | ---- | M] (Lavasoft)
jusched.exe -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/12/22 12:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\Program Files\Java\jre6\bin\java.exe -> [2009/12/17 17:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/09/11 21:12:57 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/06/27 03:12:26 | 000,108,289 | ---- | M] (Avira GmbH)
sansadispatch.exe -> C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe -> [2009/04/07 18:37:15 | 000,079,872 | ---- | M] (SanDisk Corporation)
rbroker.exe -> C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe -> [2009/04/01 11:53:08 | 000,107,008 | ---- | M] ()
wlidsvc.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE -> [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
mushclient.exe -> C:\Program Files\MUSHclient\mushclient.exe -> [2009/02/22 21:13:26 | 002,605,056 | ---- | M] (Gammon Software Solutions)
getright.exe -> C:\Program Files\GetRight\GetRight.exe -> [2008/06/23 13:50:46 | 004,694,296 | ---- | M] (Headlight Software, Inc.)
slrundll.exe -> C:\WINNT\system32\slrundll.exe -> [2008/04/13 19:12:35 | 000,032,866 | ---- | M] (Smart Link)
explorer.exe -> C:\WINNT\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
hkcmd.exe -> C:\WINNT\system32\hkcmd.exe -> [2005/06/21 15:44:34 | 000,126,976 | ---- | M] (Intel Corporation)
sdmcp.exe -> C:\Program Files\Common Files\Stardock\SDMCP.exe -> [2005/05/10 12:31:22 | 000,241,664 | ---- | M] (Stardock)
slserv.exe -> C:\WINNT\system32\slserv.exe -> [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link)
wanmpsvc.exe -> C:\WINNT\wanmpsvc.exe -> [2003/04/02 13:09:44 | 000,065,536 | ---- | M] (America Online, Inc.)
simplemu.exe -> C:\Program Files\simplemu\SimpleMU.exe -> [2002/12/08 15:48:50 | 000,824,832 | ---- | M] (Kathleen MacMahon)
unsecapp.exe -> C:\WINNT\system32\wbem\unsecapp.exe -> [2002/08/29 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation)
wwm.exe -> C:\Program Files\wmconnect\wwm.exe -> [2001/10/26 14:18:10 | 000,151,615 | ---- | M] (America Online, Inc.)
packethsvc.exe -> C:\WINNT\system32\PackethSvc.exe -> [2001/08/09 14:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.)
dcfssvc.exe -> C:\WINNT\system32\drivers\dcfssvc.exe -> [2001/06/11 10:59:04 | 000,159,806 | ---- | M] (Eastman Kodak Company)
ptssvc.exe -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [2001/01/31 16:41:32 | 000,036,864 | ---- | M] ()

[Modules - Safe List]
ots.exe -> H:\Documents\Downloads\OTS.exe -> [2010/02/23 06:37:44 | 000,632,832 | ---- | M] (OldTimer Tools)
serwvdrv.dll -> C:\WINNT\system32\serwvdrv.dll -> [2002/08/29 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINNT\system32\umdmxfrm.dll -> [2002/08/29 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/01/30 22:33:04 | 001,181,328 | ---- | M] (Lavasoft)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/09/11 21:12:57 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/06/27 03:12:26 | 000,108,289 | ---- | M] (Avira GmbH)
(wlidsvc) Windows Live ID Sign-in Assistant [Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [Disabled | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/04/07 18:16:26 | 000,136,120 | ---- | M] (Google)
(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -> [2005/08/07 07:38:11 | 000,068,096 | ---- | M] ()
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation)
(SLService) SmartLinkService [Auto | Running] -> C:\WINNT\System32\slserv.exe -> [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINNT\wanmpsvc.exe -> [2003/04/02 13:09:44 | 000,065,536 | ---- | M] (America Online, Inc.)
(NetSvc) Intel NCS NetService [On_Demand | Stopped] -> C:\Program Files\Intel\NCS\Sync\NetSvc.exe -> [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation)
(PackethSvc) Virtual NIC Service [Auto | Running] -> C:\WINNT\system32\PackethSvc.exe -> [2001/08/09 14:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.)
(Dcfssvc) Dcfssvc [Auto | Running] -> C:\WINNT\system32\drivers\dcfssvc.exe -> [2001/06/11 10:59:04 | 000,159,806 | ---- | M] (Eastman Kodak Company)
(ptssvc) ptssvc [Auto | Running] -> C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe -> [2001/01/31 16:41:32 | 000,036,864 | ---- | M] ()

[Driver Services - Safe List]
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINNT\system32\drivers\avgntflt.sys -> [2009/12/16 02:00:35 | 000,056,816 | ---- | M] (Avira GmbH)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINNT\system32\DRIVERS\Lbd.sys -> [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB)
(ssmdrv) ssmdrv [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ssmdrv.sys -> [2009/06/27 03:12:26 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINNT\system32\drivers\avipbb.sys -> [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\PxHelp20.sys -> [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\alcxwdm.sys -> [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.)
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\tmcomm.sys -> [2008/04/23 23:46:41 | 000,102,664 | ---- | M] (Trend Micro Inc.)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(VtcDrv) Philips SA60xx Recovery Device [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\vtcdrv.sys -> [2007/07/07 10:58:50 | 000,018,560 | ---- | M] (Windows ® Codename Longhorn DDK provider)
(dsiarhwprog) dsiarhwprog [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\dsiarhwprog.sys -> [2007/02/08 08:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINNT\system32\drivers\cdralw2k.sys -> [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions)
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINNT\system32\drivers\cdr4_xp.sys -> [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions)
(xnacc) Microsoft Common Controller For Windows Driver Service [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\xnacc.sys -> [2006/06/01 14:15:20 | 000,509,440 | ---- | M] (Microsoft Corporation)
(ZD1211BU(Hawking)) Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ZD1211BU.sys -> [2005/10/28 10:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation)
(BRGSp50) BRGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\BRGSp50.sys -> [2005/06/08 17:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\e100b325.sys -> [2005/03/04 08:10:38 | 000,157,696 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\ialmnt5.sys -> [2005/01/23 12:05:06 | 000,804,317 | ---- | M] (Intel Corporation)
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\Entech.sys -> [2004/10/25 19:02:00 | 000,021,664 | ---- | M] (EnTech Taiwan)
(ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ZDPSp50.sys -> [2004/10/25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\BrScnUsb.sys -> [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\nv4_mini.sys -> [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slntamr.sys -> [2004/04/01 07:56:00 | 000,404,990 | ---- | M] (Smart Link)
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\mtlmnt5.sys -> [2004/04/01 07:56:00 | 000,126,686 | ---- | M] (Smart Link)
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ntmtlfax.sys -> [2004/01/28 15:37:46 | 000,180,360 | ---- | M] (Smart Link)
(SlNtHal) SlNtHal [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slnthal.sys -> [2004/01/28 15:26:28 | 000,095,424 | ---- | M] (Smart Link)
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\mtlstrm.sys -> [2004/01/28 14:46:22 | 001,309,184 | ---- | M] (Smart Link)
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\slwdmsup.sys -> [2004/01/28 14:20:44 | 000,013,240 | ---- | M] (Smart Link)
(RecAgent) RecAgent [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\RecAgent.sys -> [2004/01/13 15:03:30 | 000,013,776 | ---- | M] (Smart Link)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ialmsbw.sys -> [2003/11/20 08:26:00 | 000,122,110 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ialmkchw.sys -> [2003/11/20 08:26:00 | 000,099,002 | ---- | M] (Intel Corporation)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\wanatw4.sys -> [2003/04/02 13:03:30 | 000,033,588 | ---- | M] (America Online, Inc.)
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\Dvd_2k.sys -> [2003/03/26 12:17:14 | 000,025,930 | ---- | M] (Roxio)
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\Mmc_2k.sys -> [2003/03/26 12:17:12 | 000,030,662 | ---- | M] (Roxio)
(pwd_2k) pwd_2k [Kernel | System | Running] -> C:\WINNT\system32\drivers\pwd_2K.sys -> [2003/03/26 12:17:10 | 000,144,250 | ---- | M] (Roxio)
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\WINNT\system32\drivers\udfreadr_xp.sys -> [2003/03/26 12:15:28 | 000,206,464 | ---- | M] (Roxio)
(cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\WINNT\system32\drivers\cdudf_xp.sys -> [2003/03/26 12:15:02 | 000,241,280 | ---- | M] (Roxio)
(iaStor) Intel Integrated RAID [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
(DCamUSBSQTECH) Dual-Mode DSC(2770) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\SQCaptur.sys -> [2003/01/10 09:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\ptilink.sys -> [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ultra) ultra [Kernel | Boot | Running] -> C:\WINNT\System32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\ac97intc.sys -> [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation)
(wandrv) WAN Network Driver [Kernel | On_Demand | Running] -> C:\WINNT\system32\drivers\wandrv.sys -> [2001/08/09 16:26:02 | 000,022,608 | ---- | M] (America Online, Inc.)
(Exportit) Exportit [Kernel | System | Stopped] -> C:\WINNT\system32\drivers\ExportIt.sys -> [2001/05/10 08:00:00 | 000,124,960 | ---- | M] (Eastman Kodak Company)
(DcPTP) %DcPTP.SvcDesc% [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcPtp.sys -> [2001/04/20 07:58:56 | 000,055,248 | ---- | M] (Eastman Kodak Company)
(DCFS2k) DCFS2k [Kernel | Auto | Running] -> C:\WINNT\system32\drivers\DCFS2k.sys -> [2001/03/30 14:25:30 | 000,032,960 | ---- | M] (Eastman Kodak Company)
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> C:\WINNT\system32\drivers\DcCam.sys -> [2001/03/30 06:35:46 | 000,034,144 | ---- | M] (Eastman Kodak Company)
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcFpoint.sys -> [2001/01/17 08:44:06 | 000,061,872 | ---- | M] (Eastman Kodak Company)
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> C:\WINNT\system32\drivers\DcLps.sys -> [2001/01/17 08:43:54 | 000,008,304 | ---- | M] (Eastman Kodak Company)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: Main\\"Start Page" -> www.gateway.net/ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\xksmcbvj.default\prefs.js ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.livejournal.com/users/markmccloud/friends/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 ->
extensions.enabledItems -> [email protected]:1.0.6 ->
extensions.enabledItems -> [email protected]:2.8.8 ->
extensions.enabledItems -> [email protected]:1.0.3 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50 ->
extensions.enabledItems -> [email protected]:2.2.26.0 ->
extensions.enabledItems -> {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.7 ->
extensions.enabledItems -> [email protected]:3.4.10 ->
extensions.enabledItems -> {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.3 ->
extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 ->
extensions.enabledItems -> {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87 ->
network.proxy.socks_version -> 4 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\xksmcbvj.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\PayPal\PayPal Plug-In [C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN] -> [2009/06/16 06:52:43 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/20 18:11:30 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/01/20 18:10:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions -> ->
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/01/22 18:25:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS ->
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2010/01/20 19:28:41 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/01/20 19:28:41 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions -> [2010/03/05 04:16:11 | 000,000,000 | ---D | M]
Vista-aero -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} -> [2010/01/20 23:06:20 | 000,000,000 | ---D | M]
Ex Aequo -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{11e842b0-5653-11db-b0de-0800200c9a66}(2) -> [2010/01/25 21:02:39 | 000,000,000 | ---D | M]
FlashGot -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2) -> [2010/01/25 21:02:40 | 000,000,000 | ---D | M]
Remove It Permanently -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} -> [2010/02/03 04:38:48 | 000,000,000 | ---D | M]
Flashblock -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/01/25 21:02:40 | 000,000,000 | ---D | M]
ChatZilla -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(2) -> [2010/01/25 21:02:41 | 000,000,000 | ---D | M]
NoScript -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2010/03/03 17:49:20 | 000,000,000 | ---D | M]
NoScript -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
Phoenity Modern -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
Nightly Tester Tools -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}(2) -> [2010/01/25 21:02:43 | 000,000,000 | ---D | M]
ReloadEvery -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2) -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
BlackJapan -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}(2) -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
Acid Burn r1 -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{acidburnr1-4ed8-4a4d-9194-975a45a391xp} -> [2010/01/25 21:02:44 | 000,000,000 | ---D | M]
DownloadHelper -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
PitchDark -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
Adblock Plus -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/25 21:02:46 | 000,000,000 | ---D | M]
Gradient iCool -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} -> [2010/01/28 18:43:07 | 000,000,000 | ---D | M]
Luna -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{F10B4D44-508F-4a2f-A941-5E834F7C1F8B}(2) -> [2010/01/25 21:02:47 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/25 21:02:17 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/25 21:02:18 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected](2).com -> [2010/01/25 21:02:23 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/02/01 00:48:45 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\[email protected] -> [2010/01/20 19:37:36 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\staged-xpis -> [2010/03/03 17:49:21 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\temp -> [2010/01/25 21:02:39 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions -> [2010/01/20 23:06:36 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
aolsearch.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\aolsearch.xml -> [2008/01/23 20:02:46 | 000,001,878 | ---- | M] ()
WikiFur-1.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\WikiFur-1.xml -> [2010/03/04 00:09:46 | 000,001,161 | ---- | M] ()
wikifur-en.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikifur-en.xml -> [2010/01/20 19:25:54 | 000,001,574 | ---- | M] ()
WikiFur.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\WikiFur.xml -> [2006/11/08 23:28:12 | 000,001,188 | ---- | M] ()
wikipedia-1.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikipedia-1.xml -> [2008/06/24 01:14:38 | 000,001,108 | ---- | M] ()
wikipedia.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\wikipedia.xml -> [2008/06/24 01:32:00 | 000,001,108 | ---- | M] ()
youtube-video-search.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xksmcbvj.default\searchplugins\youtube-video-search.xml -> [2007/05/19 03:19:46 | 000,002,109 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/05 04:16:11 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> [2008/03/01 22:47:07 | 000,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\[email protected](2).org -> [2006/11/11 17:26:38 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/02/28 20:45:32 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINNT\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> E:\Hard Drive\Program Files\FlashGet\jccatch.dll [FGCatchUrl] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/01/11 20:42:48 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/01/11 20:42:48 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.)
{EAD3A971-6A23-4246-8691-C9244E858967} [HKLM] -> C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [OToolbarHelper Class] -> [2009/04/01 11:53:42 | 000,099,328 | ---- | M] ()
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> E:\Hard Drive\Program Files\FlashGet\getflash.dll [FlashGet GetFlash Class] -> File not found
{F385C231-605B-4d8f-ACA9-DBFF765BBE17} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Adblock Pro] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{DC0F2F93-27FA-4f84-ACAA-9416F90B9511}" [HKLM] -> C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [PayPal Plug-In] -> [2009/04/01 11:55:50 | 003,147,264 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"HotKeysCmds" -> C:\WINNT\system32\hkcmd.exe [C:\WINNT\system32\hkcmd.exe] -> [2005/06/21 15:44:34 | 000,126,976 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINNT\system32\igfxtray.exe [C:\WINNT\system32\igfxtray.exe] -> [2005/01/23 11:36:10 | 000,155,648 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/01/31 22:13:08 | 000,385,024 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Common Files\Java\Java Update\jusched.exe ["C:\Program Files\Common Files\Java\Java Update\jusched.exe"] -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SansaDispatch" -> C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe] -> [2009/04/07 18:37:15 | 000,079,872 | ---- | M] (SanDisk Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< SusanCheetah Startup Folder > -> C:\Documents and Settings\SusanCheetah\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoSplash" -> [0] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"CDRAutoRun" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"CDRAutoRun" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Block This Image (ABP) -> e:\Program Files\Adblock Pro\blockimg.html [e:\Program Files\Adblock Pro\blockimg.html] -> File not found
&Download All with FlashGet -> E:\Hard Drive\Program Files\FlashGet\jc_all.htm [E:\Hard Drive\Program Files\FlashGet\jc_all.htm] -> File not found
&Download with FlashGet -> E:\Hard Drive\Program Files\FlashGet\jc_link.htm [E:\Hard Drive\Program Files\FlashGet\jc_link.htm] -> File not found
Add to Google Photos Screensa&ver -> C:\WINNT\System32\GPhotos.scr [res://C:\WINNT\system32\GPhotos.scr/200] -> [2009/05/01 13:30:36 | 003,366,912 | ---- | M] (Google Inc.)
Copy to Semagic -> C:\Program Files\Semagic\copy.htm [C:\Program Files\Semagic\copy.htm] -> [2005/08/15 04:30:58 | 000,000,267 | ---- | M] ()
Semagic -> C:\Program Files\Semagic\link.htm [C:\Program Files\Semagic\link.htm] -> [2005/08/15 04:30:58 | 000,000,186 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Button: Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> C:\Program Files\AIM\aim.exe [Button: AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Hard Drive\Program Files\FlashGet\FlashGet.exe [Button: FlashGet] -> File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Hard Drive\Program Files\FlashGet\FlashGet.exe [Menu: FlashGet] -> File not found
{d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec [HKLM] -> Reg Error: Value error. [Button: Run IMVU] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}:{7685B225-8229-4321-BA13-A24485B0A760} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Button: Adblock Pro Preferences] -> File not found
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}:{7685B225-8229-4321-BA13-A24485B0A760} [HKLM] -> e:\Program Files\Adblock Pro\AdblockPro.dll [Menu: Adblock Pro Preferences] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09FE188B-6E85-479e-9411-51FB2220DF80}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 11:11:26 | 000,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> C:\Program Files\AIM\aim.exe [AIM] -> [2004/08/10 10:37:28 | 000,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\"{F4FBA929-A891-492C-A0F6-5C79CC4F1742}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
Extension\.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Error: Value error.] -> [2001/01/30 13:56:24 | 000,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6731 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6746 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6746 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1785 domain(s) found. ->
93 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1785 domain(s) found. ->
93 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7673 domain(s) found. ->
www_adobe.com [http] -> Trusted sites ->
compuserve.com .[*] -> Out of zone range - ( 5 ) ->
objects_compuserve.com [*] -> Out of zone range - ( 6 ) ->
67 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\] > -> HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3899381452-335665265-84716132-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> [url="http://www.apple.com/qtactivex/qtplugin.cab"]http://www.apple.com/qtactivex/qtplugin.cab[/url] [QuickTime Object] ->
{0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> [url="https://support.microsoft.com/OAS/ActiveX/MSDcode.cab"]https://support.microsoft.com/OAS/ActiveX/MSDcode.cab[/url] [Microsoft Data Collection Control] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> [url="https://support.gateway.com/support/profiler//PCPitStop.CAB"]https://support.gateway.com/support/profiler//PCPitStop.CAB[/url] [PCPitstop Utility] ->
{0F04992B-E661-4DB9-B223-903AB628225D} [HKLM] -> file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB [DoMoreRunExe.DoMoreRun] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [url="http://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab"]http://download.microsoft.com/download/5/B...heckControl.cab[/url] [Windows Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> [url="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab"]http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[/url] [Symantec AntiVirus scanner] ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKLM] -> [url="http://download.yahoo.com/dl/installs/yinst0401.cab"]http://download.yahoo.com/dl/installs/yinst0401.cab[/url] [YInstStarter Class] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> [url="http://office.microsoft.com/officeupdate/content/opuc.cab"]http://office.microsoft.com/officeupdate/content/opuc.cab[/url] [Office Update Installation Engine] ->
{49232000-16E4-426C-A231-62846947304B} [HKLM] -> [url="http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab"]http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab[/url] [Reg Error: Key error.] ->
{4B48D5DF-9021-45F7-A240-60304302A215} [HKLM] -> [url="http://www.microsoft.com/security/controls/WebCleaner.cab"]http://www.microsoft.com/security/controls/WebCleaner.cab[/url] [MalwareCleaner Class] ->
{511073AD-BE56-4D43-AE68-93390514385E} [HKLM] -> file://C:\Program Files\gateway\helpspot\TechTools.CAB [TechToolsActivex.TechTools] ->
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [HKLM] -> [url="http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236859723968"]http://catalog.update.microsoft.com/v7/sit...b?1236859723968[/url] [MUCatalogWebControl Class] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab[/url] [Windows Live Safety Center Base Module] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263255474324"]http://www.update.microsoft.com/microsoftu...b?1263255474324[/url] [WUWebControl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> [url="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab"]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url] [Symantec RuFSI Utility Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258321201703"]http://www.update.microsoft.com/microsoftu...b?1258321201703[/url] [MUWebControl Class] ->
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} [HKLM] -> [url="http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab"]http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[/url] [Housecall ActiveX 6.5] ->
{739E8D90-2F4C-43AD-A1B8-66C356FCEA35} [HKLM] -> hcp://system/RunExeActiveX.CAB [RunExeActiveX.RunExe] ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} [HKLM] -> [url="http://www3.ca.com/securityadvisor/virusinfo/webscan.cab"]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] [WScanCtl Class] ->
{8714912E-380D-11D5-B8AA-00D0B78F3D48} [HKLM] -> [url="http://chat.yahoo.com/cab/yuplapp.cab"]http://chat.yahoo.com/cab/yuplapp.cab[/url] [Yahoo! Webcam Upload Wrapper] ->
{88D969C0-F192-11D4-A65F-0040963251E5} [HKLM] -> [url="http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab"]http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab[/url] [XML DOM Document 4.0] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab[/url] [Reg Error: Key error.] ->
{93CEA8A4-6059-4E0B-ADDD-73848153DD5E} [HKLM] -> [url="http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab"]http://support.gateway.com/eSupport/static...h/weblaunch.cab[/url] [CWebLaunchCtl Object] ->
{94B82441-A413-4E43-8422-D49930E69764} [HKLM] -> [url="http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB"]http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB[/url] [TLIEFlashObj Class] ->
{97BB6657-DC7F-4489-9067-51FAB9D8857E} [HKLM] -> [url="http://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab"]http://support.gateway.com/eSupport/static.../weblaunch2.cab[/url] [CWebLaunchCtl Object] ->
{99FE5072-78AA-4FEE-89BA-69A5FA55343F} [HKLM] -> [url="http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab"]http://download.microsoft.com/download/B/3...44/igdtoolx.cab[/url] [IGDTester Class] ->
{9A57B18E-2F5D-11D5-8997-00104BD12D94} [HKLM] -> [url="http://support.gateway.com/support/serialharvest/gwCID.CAB"]http://support.gateway.com/support/serialharvest/gwCID.CAB[/url] [compid Class] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> [url="http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38183.1688773148"]http://v4.windowsupdate.microsoft.com/CAB/...8183.1688773148[/url] [Reg Error: Key error.] ->
{A8658086-E6AC-4957-BC8E-8D54A7E8A790} [HKLM] -> [url="http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB"]http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB[/url] [GDIChk Object] ->
{A8F2B9BD-A6A0-486A-9744-18920D898429} [HKLM] -> [url="http://www.sibelius.com/download/software/win/ActiveXPlugin.cab"]http://www.sibelius.com/download/software/...tiveXPlugin.cab[/url] [Reg Error: Key error.] ->
{C606BA60-AB76-48B6-96A7-2C4D5C386F70} [HKLM] -> [url="http://www.verizon.net/checkmypc/includes/MotivePreQual.cab"]http://www.verizon.net/checkmypc/includes/MotivePreQual.cab[/url] [PreQualifier Class] ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"]http://java.sun.com/products/plugin/autodl...indows-i586.cab[/url] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] [Java Plug-in 1.6.0_18] ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} [HKLM] -> [url="http://gameadvisor.futuremark.com/global/msc3121.cab"]http://gameadvisor.futuremark.com/global/msc3121.cab[/url] [Measurement Services Client v.3.12] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [url="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[/url] [Reg Error: Key error.] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> [url="http://i.grab.com/media/3ef815/games/files/663/popcaploader_v6.cab"]http://i.grab.com/media/3ef815/games/files...aploader_v6.cab[/url] [Reg Error: Key error.] ->
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} [HKLM] -> [url="http://chat.yahoo.com/cab/yvwrctl.cab"]http://chat.yahoo.com/cab/yvwrctl.cab[/url] [Yahoo! Webcam Viewer Wrapper] ->
{F54C1137-5E34-4B95-95A5-BA56D4D8D743} [HKLM] -> [url="http://www.gamespot.com/KDX22/download/kdx.cab"]http://www.gamespot.com/KDX22/download/kdx.cab[/url] [Secure Delivery] ->
DirectAnimation Java Classes [HKLM] -> file://C:\WINNT\Java\classes\dajava.cab [Reg Error: Key error.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINNT\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINNT\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
C:\WINNT\system32\logonuiX.exe -> C:\WINNT\system32\logonuiX.exe -> [2009/11/18 11:49:29 | 005,053,440 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINNT\System32\igfxsrvc.dll -> [2005/06/21 15:44:12 | 000,348,160 | ---- | M] (Intel Corporation)
MCPClient -> C:\Program Files\Common Files\Stardock\MCPStub.dll -> [2005/01/31 14:13:38 | 000,049,152 | ---- | M] (Stardock)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" [HKLM] -> C:\Program Files\Common Files\Stardock\MCPCore.dll [0aMCPClient] -> [2005/05/10 12:31:20 | 000,086,016 | ---- | M] (Stardock)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 21:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2005/11/28 11:11:36 | 000,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/09/19 04:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/06/14 19:09:28 | 026,996,008 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
H:\Autorun.inf [[Autorun] | Open=StartPortableApps.exe | Action=Start PortableApps.com | Icon=StartPortableApps.exe | Label=PortableApps.com | ] -> H:\Autorun.inf [ FAT ] -> [2008/03/04 16:31:14 | 000,000,120 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{3ef0719c-a0f0-11dc-bcdc-00038a000011}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ef0719c-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command
\{3ef0719c-a0f0-11dc-bcdc-00038a000011}\Shell\AutoRun\command\\"" -> H:\StartPortableApps.exe [H:\StartPortableApps.exe] -> [2008/05/21 17:02:52 | 000,088,712 | ---- | M] (PortableApps.com)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->

[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* ->
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [MediaMonkey.1Play] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" "%1" -> File not found
Directory [MediaMonkey.2PlayNext] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" -> File not found
Directory [MediaMonkey.3Enqueue] -> "E:\Hard Drive\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" -> File not found
Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" -> [2009/07/01 11:38:40 | 001,481,056 | ---- | M] (Nullsoft)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2/14/2010 3:01:35 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11316 -> Description = Product: Project64 1.6 -- Error 1316.A network error occurred while attempting to read from the file C:\WINNT\Installer\Project64 1.6.msi
Application [ Error ] 2/15/2010 5:06:39 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11327 -> Description = Product: Impulse -- Error 1327. Invalid Drive: E:\
Application [ Error ] 2/15/2010 5:45:53 PM Computer Name = LYNDIS | Source = .NET Runtime Optimization Service | ID = 1101 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: E:\Program Files\Stardock\Impulse\Impulse.exe . Error code = 0x80131047
Application [ Error ] 2/15/2010 5:45:54 PM Computer Name = LYNDIS | Source = .NET Runtime Optimization Service | ID = 1101 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: E:\Program Files\Stardock\Impulse\ImpulseDock.exe . Error code = 0x80131047
Application [ Error ] 2/18/2010 7:22:46 AM Computer Name = LYNDIS | Source = Application Error | ID = 1000 -> Description = Faulting application wwm.exe, version 6.0.2.0, faulting module supersub.dll, version 6.0.2.0, fault address 0x000043df.
Application [ Error ] 2/28/2010 9:40:09 PM Computer Name = LYNDIS | Source = Application Hang | ID = 1002 -> Description = Hanging application wwm.exe, version 6.0.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/28/2010 10:06:35 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue.
Application [ Error ] 2/28/2010 10:06:47 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue.
Application [ Error ] 3/3/2010 6:52:28 PM Computer Name = LYNDIS | Source = MsiInstaller | ID = 11706 -> Description = Product: PaperPort -- Error 1706.No valid source could be found for product PaperPort. The Windows Installer cannot continue.
Application [ Error ] 3/4/2010 5:52:25 PM Computer Name = LYNDIS | Source = Application Hang | ID = 1002 -> Description = Hanging application dfsvc.exe, version 2.0.50727.3053, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 3/5/2010 4:58:28 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 3/5/2010 4:58:28 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 3/5/2010 5:01:20 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
System [ Error ] 3/5/2010 5:02:28 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7023 -> Description = The Automatic Updates service terminated with the following error: %%126
System [ Error ] 3/5/2010 5:02:30 AM Computer Name = LYNDIS | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: ntiomin rxp
System [ Error ] 3/5/2010 6:07:14 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
System [ Error ] 3/5/2010 6:07:14 AM Computer Name = LYNDIS | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

[Files/Folders - Created Within 30 Days]
DoctorWeb -> C:\Documents and Settings\Owner\DoctorWeb -> [2010/03/04 01:05:45 | 000,000,000 | ---D | C]
Downloads -> C:\Documents and Settings\Owner\My Documents\Downloads -> [2010/03/03 18:05:06 | 000,000,000 | ---D | C]
Downloads -> C:\Downloads -> [2010/02/28 22:53:17 | 000,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2010/02/28 21:14:47 | 000,000,000 | -HSD | C]
Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2010/02/28 21:04:35 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINNT\System32\drivers\mbamswissarmy.sys -> [2010/02/28 21:04:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/02/28 21:04:21 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINNT\System32\drivers\mbam.sys -> [2010/02/28 21:04:18 | 000,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/02/28 21:04:18 | 000,000,000 | ---D | C]
Prefetch -> C:\WINNT\Prefetch -> [2010/02/28 21:02:18 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/02/28 20:05:21 | 000,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINNT\SWXCACLS.exe -> [2010/02/28 18:12:27 | 000,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINNT\SWREG.exe -> [2010/02/28 18:12:27 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINNT\SWSC.exe -> [2010/02/28 18:12:27 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINNT\NIRCMD.exe -> [2010/02/28 18:12:27 | 000,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\WINNT\ERDNT -> [2010/02/28 18:11:40 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/02/28 18:09:48 | 000,000,000 | ---D | C]
BrWia06a.dll -> C:\WINNT\System32\BrWia06a.dll -> [2010/02/16 09:38:20 | 001,492,480 | ---- | C] (Brother Industries, Ltd.)
BrUsi06a.dll -> C:\WINNT\System32\BrUsi06a.dll -> [2010/02/16 09:38:20 | 000,038,912 | ---- | C] (Brother Industries, Ltd.)
BrScnUsb.sys -> C:\WINNT\System32\drivers\BrScnUsb.sys -> [2010/02/16 09:38:20 | 000,015,295 | ---- | C] (Brother Industries Ltd.)
brinsstr.dll -> C:\WINNT\System32\brinsstr.dll -> [2010/02/16 09:38:18 | 000,052,736 | ---- | C] (Brother Industries,Ltd.)
PDRVINST.DLL -> C:\WINNT\System32\PDRVINST.DLL -> [2010/02/16 09:37:48 | 000,188,416 | ---- | C] (brother)
BrWebIns.dll -> C:\WINNT\System32\BrWebIns.dll -> [2010/02/16 09:37:48 | 000,086,016 | ---- | C] (brother)
BRWEBUP.EXE -> C:\WINNT\System32\BRWEBUP.EXE -> [2010/02/16 09:37:48 | 000,069,632 | ---- | C] (brother)
BrfxD05a.dll -> C:\WINNT\System32\BrfxD05a.dll -> [2010/02/16 09:37:35 | 000,126,976 | ---- | C] (Brother Industries,LTD)
brunin03.dll -> C:\WINNT\brunin03.dll -> [2010/02/16 09:37:33 | 000,147,456 | ---- | C] (Brother Industries,Ltd.)
Brother -> C:\Program Files\Brother -> [2010/02/16 09:37:33 | 000,000,000 | ---D | C]
InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [2010/02/16 09:35:16 | 000,000,000 | ---D | C]
ScanSoft Shared -> C:\Program Files\Common Files\ScanSoft Shared -> [2010/02/16 09:34:46 | 000,000,000 | ---D | C]
ScanSoft -> C:\Program Files\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | C]
ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | C]
Brother -> C:\Documents and Settings\All Users\Application Data\Brother -> [2010/02/16 09:33:22 | 000,000,000 | ---D | C]
usbccgp.sys -> C:\WINNT\System32\dllcache\usbccgp.sys -> [2010/02/15 18:00:02 | 000,032,128 | ---- | C] (Microsoft Corporation)
My Videos -> C:\Documents and Settings\Owner\My Documents\My Videos -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
My Pictures -> C:\Documents and Settings\Owner\My Documents\My Pictures -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
My Music -> C:\Documents and Settings\Owner\My Documents\My Music -> [2010/02/15 16:19:29 | 000,000,000 | R--D | C]
Trillian -> C:\Program Files\Trillian -> [2010/02/15 07:12:01 | 000,000,000 | ---D | C]
Office 2003 -> C:\Documents and Settings\Owner\Desktop\Office 2003 -> [2010/02/11 09:42:43 | 000,000,000 | ---D | C]
fofix -> C:\Documents and Settings\Owner\Application Data\fofix -> [2010/02/11 07:11:08 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/08/31 05:19:15 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/08/31 05:18:43 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\LocalService\Application Data\JGsoft -> [2009/03/15 03:42:23 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/03/13 21:02:03 | 000,000,000 | ---D | M]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2008/11/05 02:37:23 | 000,000,000 | ---D | M]
AdobeUM -> C:\Documents and Settings\NetworkService\Application Data\AdobeUM -> [2008/07/20 05:49:14 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2008/07/20 05:48:57 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2008/07/20 05:47:42 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2008/02/29 17:43:05 | 000,000,000 | ---D | M]
Symantec -> C:\Documents and Settings\NetworkService\Application Data\Symantec -> [2007/01/02 18:03:58 | 000,000,000 | ---D | M]
Symantec -> C:\Documents and Settings\LocalService\Application Data\Symantec -> [2006/11/12 17:19:12 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2003/05/16 11:19:14 | 000,000,000 | --SD | M]
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp ->

[Files/Folders - Modified Within 30 Days]
Ad-Aware Update (Weekly).job -> C:\WINNT\tasks\Ad-Aware Update (Weekly).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 4).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 4).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 3).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 3).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 2).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 2).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 1).job -> C:\WINNT\tasks\Ad-Aware Update (Daily 1).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
win.ini -> C:\WINNT\win.ini -> [2010/03/05 04:03:19 | 000,001,708 | ---- | M] ()
wpa.dbl -> C:\WINNT\System32\wpa.dbl -> [2010/03/05 04:01:53 | 000,001,158 | ---- | M] ()
bootstat.dat -> C:\WINNT\bootstat.dat -> [2010/03/05 04:00:40 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/03/05 04:00:30 | 1332,531,200 | -HS- | M] ()
ntuser.dat -> C:\Documents and Settings\Owner\ntuser.dat -> [2010/03/05 03:59:29 | 016,777,216 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2010/03/05 03:59:29 | 000,000,178 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db -> [2010/03/05 03:59:08 | 020,325,348 | -H-- | M] ()
DrWeb.csv -> C:\Documents and Settings\Owner\Desktop\DrWeb.csv -> [2010/03/04 21:48:28 | 000,002,877 | ---- | M] ()
drweb-cureit.exe -> C:\Documents and Settings\Owner\My Documents\drweb-cureit.exe -> [2010/03/04 01:04:28 | 032,729,168 | ---- | M] ()
SA.DAT -> C:\WINNT\tasks\SA.DAT -> [2010/03/01 00:25:29 | 000,000,006 | -H-- | M] ()
system.ini -> C:\WINNT\system.ini -> [2010/02/28 22:14:38 | 000,000,293 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2010/02/28 22:14:38 | 000,000,277 | RHS- | M] ()
GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job -> C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-3899381452-335665265-84716132-1003.job -> [2010/02/28 21:29:18 | 000,000,938 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/28 21:04:27 | 000,000,702 | ---- | M] ()
perfh009.dat -> C:\WINNT\System32\perfh009.dat -> [2010/02/28 20:48:39 | 000,462,938 | ---- | M] ()
perfc009.dat -> C:\WINNT\System32\perfc009.dat -> [2010/02/28 20:48:39 | 000,078,654 | ---- | M] ()
PerfStringBackup.INI -> C:\WINNT\System32\PerfStringBackup.INI -> [2010/02/28 20:48:37 | 000,551,784 | ---- | M] ()
hosts -> C:\WINNT\System32\drivers\etc\hosts -> [2010/02/28 20:45:32 | 000,000,027 | ---- | M] ()
LogonStudio.ini -> C:\WINNT\LogonStudio.ini -> [2010/02/23 07:45:45 | 000,000,024 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2010/02/17 05:52:40 | 000,000,207 | ---- | M] ()
QTFont.qfn -> C:\WINNT\QTFont.qfn -> [2010/02/16 14:00:05 | 000,054,156 | -H-- | M] ()
QTFont.for -> C:\WINNT\QTFont.for -> [2010/02/16 14:00:05 | 000,001,409 | ---- | M] ()
BRWMARK.INI -> C:\WINNT\BRWMARK.INI -> [2010/02/16 09:41:47 | 000,000,419 | ---- | M] ()
BRPP2KA.INI -> C:\WINNT\BRPP2KA.INI -> [2010/02/16 09:41:47 | 000,000,027 | ---- | M] ()
Brpfx04a.ini -> C:\WINNT\Brpfx04a.ini -> [2010/02/16 09:40:09 | 000,000,210 | ---- | M] ()
brpcfx.ini -> C:\WINNT\brpcfx.ini -> [2010/02/16 09:40:09 | 000,000,093 | ---- | M] ()
bridf06a.dat -> C:\WINNT\System32\bridf06a.dat -> [2010/02/16 09:40:09 | 000,000,050 | ---- | M] ()
tdstemp.002 -> C:\tdstemp.002 -> [2010/02/15 15:59:15 | 000,001,421 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/15 06:54:38 | 000,095,232 | ---- | M] ()
cdplayer.ini -> C:\WINNT\cdplayer.ini -> [2010/02/10 08:01:48 | 000,000,849 | ---- | M] ()
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp ->

[Files - No Company Name]
DrWeb.csv -> C:\Documents and Settings\Owner\Desktop\DrWeb.csv -> [2010/03/04 21:48:28 | 000,002,877 | ---- | C] ()
drweb-cureit.exe -> C:\Documents and Settings\Owner\My Documents\drweb-cureit.exe -> [2010/03/03 20:46:45 | 032,729,168 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/28 21:04:27 | 000,000,702 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/02/28 20:05:32 | 000,000,207 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/02/28 20:05:27 | 000,260,272 | ---- | C] ()
PEV.exe -> C:\WINNT\PEV.exe -> [2010/02/28 18:12:27 | 000,261,632 | ---- | C] ()
sed.exe -> C:\WINNT\sed.exe -> [2010/02/28 18:12:27 | 000,098,816 | ---- | C] ()
grep.exe -> C:\WINNT\grep.exe -> [2010/02/28 18:12:27 | 000,080,412 | ---- | C] ()
MBR.exe -> C:\WINNT\MBR.exe -> [2010/02/28 18:12:27 | 000,077,312 | ---- | C] ()
zip.exe -> C:\WINNT\zip.exe -> [2010/02/28 18:12:27 | 000,068,096 | ---- | C] ()
QTFont.qfn -> C:\WINNT\QTFont.qfn -> [2010/02/16 14:00:05 | 000,054,156 | -H-- | C] ()
QTFont.for -> C:\WINNT\QTFont.for -> [2010/02/16 14:00:05 | 000,001,409 | ---- | C] ()
BRPP2KA.INI -> C:\WINNT\BRPP2KA.INI -> [2010/02/16 09:41:47 | 000,000,027 | ---- | C] ()
BRWMARK.INI -> C:\WINNT\BRWMARK.INI -> [2010/02/16 09:41:46 | 000,000,419 | ---- | C] ()
Brpfx04a.ini -> C:\WINNT\Brpfx04a.ini -> [2010/02/16 09:40:09 | 000,000,210 | ---- | C] ()
brpcfx.ini -> C:\WINNT\brpcfx.ini -> [2010/02/16 09:40:09 | 000,000,093 | ---- | C] ()
bridf06a.dat -> C:\WINNT\System32\bridf06a.dat -> [2010/02/16 09:40:09 | 000,000,050 | ---- | C] ()
CVRPAGE.BMP -> C:\WINNT\CVRPAGE.BMP -> [2010/02/16 09:37:37 | 000,006,224 | ---- | C] ()
brdfxspd.dat -> C:\WINNT\brdfxspd.dat -> [2010/02/16 09:37:34 | 000,000,000 | ---- | C] ()
maxlink.ini -> C:\WINNT\maxlink.ini -> [2010/02/16 09:35:48 | 000,027,019 | ---- | C] ()
tdstemp.002 -> C:\tdstemp.002 -> [2010/02/15 15:59:15 | 000,001,421 | ---- | C] ()
FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010/01/25 22:10:28 | 000,532,360 | ---- | C] ()
RtlCPAPI.dll -> C:\WINNT\System32\RtlCPAPI.dll -> [2009/11/01 22:59:25 | 000,147,456 | ---- | C] ()
qt-dx331.dll -> C:\WINNT\System32\qt-dx331.dll -> [2008/09/19 16:57:34 | 003,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\WINNT\System32\dtu100.dll.manifest -> [2008/09/19 16:55:10 | 000,000,416 | ---- | C] ()
idxcntrs.ini -> C:\WINNT\System32\idxcntrs.ini -> [2007/09/27 09:51:02 | 000,020,698 | ---- | C] ()
gsrvctr.ini -> C:\WINNT\System32\gsrvctr.ini -> [2007/09/27 09:48:48 | 000,030,628 | ---- | C] ()
gthrctr.ini -> C:\WINNT\System32\gthrctr.ini -> [2007/09/27 09:48:28 | 000,031,698 | ---- | C] ()
InsDrvZD.dll -> C:\WINNT\System32\InsDrvZD.dll -> [2007/07/24 16:59:02 | 000,028,672 | ---- | C] ()
InsDrvZD64.DLL -> C:\WINNT\System32\InsDrvZD64.DLL -> [2007/07/24 16:59:02 | 000,015,872 | ---- | C] ()
(null)toolkit.ini -> C:\WINNT\(null)toolkit.ini -> [2007/07/13 18:44:31 | 000,000,113 | ---- | C] ()
ff_vfw.dll -> C:\WINNT\System32\ff_vfw.dll -> [2007/05/25 20:06:45 | 000,010,752 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINNT\System32\ff_vfw.dll.manifest -> [2007/05/25 20:06:45 | 000,000,547 | ---- | C] ()
Start.INI -> C:\WINNT\Start.INI -> [2007/05/08 05:46:49 | 000,000,032 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINNT\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINNT\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 000,026,489 | ---- | C] ()
kodakpcd.MarkMcCloud.ini -> C:\WINNT\kodakpcd.MarkMcCloud.ini -> [2006/06/07 07:58:38 | 000,000,023 | ---- | C] ()
LogonStudio.ini -> C:\WINNT\LogonStudio.ini -> [2006/04/19 17:10:30 | 000,000,024 | ---- | C] ()
JPGUtils.dll -> C:\WINNT\System32\JPGUtils.dll -> [2006/04/19 17:09:57 | 000,187,392 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINNT\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINNT\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 000,026,040 | ---- | C] ()
huffyuv.ini -> C:\WINNT\huffyuv.ini -> [2006/04/11 16:27:12 | 000,000,134 | ---- | C] ()
WB.ini -> C:\WINNT\WB.ini -> [2006/03/25 01:53:47 | 000,000,072 | ---- | C] ()
wbload.dll -> C:\WINNT\System32\wbload.dll -> [2006/03/25 01:49:57 | 000,020,480 | ---- | C] ()
atid.ini -> C:\WINNT\atid.ini -> [2006/01/25 01:51:55 | 000,000,029 | ---- | C] ()
CD-Start.INI -> C:\WINNT\CD-Start.INI -> [2005/11/22 20:37:06 | 000,000,032 | ---- | C] ()
Star Trek Birth of the Federation - Editor.INI -> C:\WINNT\Star Trek Birth of the Federation - Editor.INI -> [2005/10/28 03:42:31 | 000,000,047 | ---- | C] ()
StyleBuilder.INI -> C:\WINNT\StyleBuilder.INI -> [2005/09/02 17:38:36 | 000,000,099 | ---- | C] ()
gscr.dll -> C:\WINNT\gscr.dll -> [2005/06/02 18:51:01 | 000,028,672 | ---- | C] ()
cdplayer.ini -> C:\WINNT\cdplayer.ini -> [2005/05/08 15:58:30 | 000,000,849 | ---- | C] ()
mmpoly.ini -> C:\WINNT\mmpoly.ini -> [2005/04/11 19:00:59 | 000,000,070 | ---- | C] ()
dcstds3.dll -> C:\WINNT\dcstds3.dll -> [2005/03/11 11:09:10 | 000,000,006 | ---- | C] ()
NemuAudio08.ini -> C:\WINNT\System32\NemuAudio08.ini -> [2005/02/12 17:10:38 | 000,000,126 | ---- | C] ()
lq.dll -> C:\WINNT\lq.dll -> [2005/01/28 07:36:56 | 000,007,168 | ---- | C] ()
NMDll.dll -> C:\WINNT\System32\NMDll.dll -> [2005/01/28 07:36:55 | 000,468,480 | ---- | C] ()
yhl.dll -> C:\WINNT\yhl.dll -> [2005/01/28 07:36:54 | 000,020,480 | ---- | C] ()
ODBC.INI -> C:\WINNT\ODBC.INI -> [2005/01/08 20:54:41 | 000,000,480 | ---- | C] ()
Sfc3ng.INI -> C:\WINNT\Sfc3ng.INI -> [2005/01/01 04:50:29 | 000,000,604 | ---- | C] ()
iPlayer.INI -> C:\WINNT\iPlayer.INI -> [2004/12/23 23:58:48 | 000,000,000 | ---- | C] ()
pcfriend.INI -> C:\WINNT\pcfriend.INI -> [2004/11/15 04:32:39 | 000,000,000 | ---- | C] ()
psisdecd.dll -> C:\WINNT\System32\psisdecd.dll -> [2004/10/08 05:11:47 | 000,363,520 | ---- | C] ()
cncs232.dll -> C:\WINNT\System32\cncs232.dll -> [2004/09/15 08:32:10 | 000,286,208 | ---- | C] ()
NemuVideo.ini -> C:\WINNT\System32\NemuVideo.ini -> [2004/08/10 14:53:38 | 000,000,065 | ---- | C] ()
zlib.dll -> C:\WINNT\System32\zlib.dll -> [2004/07/23 22:52:03 | 000,053,760 | ---- | C] ()
devenum(2).dll -> C:\WINNT\System32\devenum(2).dll -> [2004/07/15 13:52:17 | 000,053,248 | ---- | C] ()
winamp.ini -> C:\WINNT\winamp.ini -> [2004/07/15 03:50:02 | 000,001,157 | ---- | C] ()
xvidvfw.dll -> C:\WINNT\System32\xvidvfw.dll -> [2004/06/06 11:53:42 | 000,155,648 | ---- | C] ()
xvidcore.dll -> C:\WINNT\System32\xvidcore.dll -> [2004/06/05 11:56:16 | 000,679,936 | ---- | C] ()
smscfg.ini -> C:\WINNT\smscfg.ini -> [2004/04/15 11:01:41 | 000,000,061 | ---- | C] ()
PCDrSystemInformation.dll -> C:\WINNT\System32\PCDrSystemInformation.dll -> [2004/04/15 10:43:24 | 000,282,624 | ---- | C] ()
PCDrKernelModeServices.dll -> C:\WINNT\System32\PCDrKernelModeServices.dll -> [2004/04/15 10:38:13 | 000,086,016 | ---- | C] ()
ProgressTrace.dll -> C:\WINNT\System32\ProgressTrace.dll -> [2004/04/15 10:38:13 | 000,065,536 | ---- | C] ()
OEMINFO.INI -> C:\WINNT\System32\OEMINFO.INI -> [2004/04/15 10:36:36 | 000,000,699 | ---- | C] ()
libeay32.dll -> C:\WINNT\System32\libeay32.dll -> [2004/03/22 13:22:30 | 000,880,128 | ---- | C] ()
ssleay32.dll -> C:\WINNT\System32\ssleay32.dll -> [2004/03/22 13:22:30 | 000,171,520 | ---- | C] ()
OpenQuicktimeLib.dll -> C:\WINNT\System32\OpenQuicktimeLib.dll -> [2004/01/27 12:13:54 | 000,421,888 | ---- | C] ()
tds3shl.dll -> C:\WINNT\System32\tds3shl.dll -> [2003/06/11 18:05:06 | 000,032,768 | ---- | C] ()
orun32.ini -> C:\WINNT\orun32.ini -> [2003/05/16 12:56:01 | 000,000,873 | ---- | C] ()
MCC16.DLL -> C:\WINNT\System32\MCC16.DLL -> [2002/12/18 15:10:36 | 000,006,048 | ---- | C] ()
OggDS.dll -> C:\WINNT\System32\OggDS.dll -> [2002/10/06 18:42:58 | 000,237,568 | ---- | C] ()
vorbisenc.dll -> C:\WINNT\System32\vorbisenc.dll -> [2002/10/04 23:04:26 | 000,921,600 | ---- | C] ()
vorbis.dll -> C:\WINNT\System32\vorbis.dll -> [2002/10/04 23:04:26 | 000,188,416 | ---- | C] ()
ogg.dll -> C:\WINNT\System32\ogg.dll -> [2002/10/04 23:04:18 | 000,045,056 | ---- | C] ()
mag.dll -> C:\WINNT\System32\mag.dll -> [2002/03/19 17:30:00 | 000,010,752 | ---- | C] ()
msvdm.dll -> C:\WINNT\System32\msvdm.dll -> [2002/03/19 16:30:00 | 000,141,824 | ---- | C] ()
Jpeg32.dll -> C:\WINNT\System32\Jpeg32.dll -> [2002/03/04 10:16:34 | 000,110,592 | R--- | C] ()
PciBus.sys -> C:\WINNT\System32\drivers\PciBus.sys -> [2001/11/19 19:05:18 | 000,003,972 | ---- | C] ()
cpuinf32.dll -> C:\WINNT\System32\cpuinf32.dll -> [2001/09/17 12:20:02 | 000,009,216 | ---- | C] ()
Canon456.dll -> C:\WINNT\System32\Canon456.dll -> [2000/11/15 17:00:00 | 000,000,019 | ---- | C] ()
sysres.dll -> C:\WINNT\System32\sysres.dll -> [1998/08/16 05:00:00 | 000,004,096 | ---- | C] ()
coinst.dll -> C:\WINNT\System32\coinst.dll -> [1980/01/01 00:00:00 | 000,049,152 | ---- | C] ()

[File - Lop Check]
InterTrust -> C:\Documents and Settings\Administrator\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
America Online -> C:\Documents and Settings\All Users\Application Data\America Online -> [2004/07/15 05:51:09 | 000,000,000 | ---D | M]
Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [2005/09/26 02:50:35 | 000,000,000 | ---D | M]
Downloaded Installations -> C:\Documents and Settings\All Users\Application Data\Downloaded Installations -> [2007/06/13 16:13:12 | 000,000,000 | ---D | M]
DriverScanner -> C:\Documents and Settings\All Users\Application Data\DriverScanner -> [2008/12/10 22:08:14 | 000,000,000 | ---D | M]
PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [2008/07/09 18:28:54 | 000,000,000 | ---D | M]
ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [2010/02/16 09:34:38 | 000,000,000 | ---D | M]
SecTaskMan -> C:\Documents and Settings\All Users\Application Data\SecTaskMan -> [2009/08/01 17:00:16 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\All Users\Application Data\Stardock -> [2008/08/19 19:06:37 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/02/26 00:14:18 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2004/07/15 03:54:42 | 000,000,000 | ---D | M]
WholeSecurity -> C:\Documents and Settings\All Users\Application Data\WholeSecurity -> [2009/06/01 09:23:44 | 000,000,000 | ---D | M]
{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> [2010/02/15 16:06:35 | 000,000,000 | -H-D | M]
{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} -> [2010/01/30 11:13:40 | 000,000,000 | -H-D | M]
InterTrust -> C:\Documents and Settings\Default User\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
Adblock Pro -> C:\Documents and Settings\Guest\Application Data\Adblock Pro -> [2009/02/16 08:51:13 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\Guest\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\LocalService\Application Data\JGsoft -> [2009/03/15 03:42:23 | 000,000,000 | ---D | M]
acccore -> C:\Documents and Settings\Owner\Application Data\acccore -> [2006/12/29 17:11:26 | 000,000,000 | ---D | M]
Adblock Pro -> C:\Documents and Settings\Owner\Application Data\Adblock Pro -> [2008/08/25 17:18:15 | 000,000,000 | ---D | M]
Aim -> C:\Documents and Settings\Owner\Application Data\Aim -> [2004/08/11 21:31:59 | 000,000,000 | ---D | M]
Desktop Sidebar -> C:\Documents and Settings\Owner\Application Data\Desktop Sidebar -> [2008/06/22 21:24:26 | 000,000,000 | ---D | M]
Exodus -> C:\Documents and Settings\Owner\Application Data\Exodus -> [2005/02/10 17:54:19 | 000,000,000 | ---D | M]
FileMaker -> C:\Documents and Settings\Owner\Application Data\FileMaker -> [2005/09/24 15:37:20 | 000,000,000 | ---D | M]
fltk.org -> C:\Documents and Settings\Owner\Application Data\fltk.org -> [2005/02/03 00:53:12 | 000,000,000 | ---D | M]
fofix -> C:\Documents and Settings\Owner\Application Data\fofix -> [2010/02/11 07:11:17 | 000,000,000 | ---D | M]
gen_ff v1.04 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.04 -> [2004/09/23 05:53:06 | 000,000,000 | ---D | M]
gen_ff v1.05 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.05 -> [2005/05/23 22:23:42 | 000,000,000 | ---D | M]
gen_ff v1.07 -> C:\Documents and Settings\Owner\Application Data\gen_ff v1.07 -> [2006/03/21 10:03:47 | 000,000,000 | ---D | M]
IMVU -> C:\Documents and Settings\Owner\Application Data\IMVU -> [2007/05/04 00:55:12 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\Owner\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\Owner\Application Data\InterVideo -> [2004/08/08 16:45:01 | 000,000,000 | ---D | M]
IObit -> C:\Documents and Settings\Owner\Application Data\IObit -> [2010/01/24 02:06:11 | 000,000,000 | ---D | M]
IP Lookup v2.0 -> C:\Documents and Settings\Owner\Application Data\IP Lookup v2.0 -> [2005/08/24 19:14:20 | 000,000,000 | ---D | M]
IrfanView -> C:\Documents and Settings\Owner\Application Data\IrfanView -> [2008/08/16 20:20:41 | 000,000,000 | ---D | M]
JAM Software -> C:\Documents and Settings\Owner\Application Data\JAM Software -> [2008/11/14 01:46:10 | 000,000,000 | ---D | M]
JGsoft -> C:\Documents and Settings\Owner\Application Data\JGsoft -> [2007/04/23 05:26:01 | 000,000,000 | ---D | M]
Kazaa Lite -> C:\Documents and Settings\Owner\Application Data\Kazaa Lite -> [2004/07/16 21:25:11 | 000,000,000 | ---D | M]
Kontiki -> C:\Documents and Settings\Owner\Application Data\Kontiki -> [2004/08/16 10:53:15 | 000,000,000 | ---D | M]
Offline Explorer -> C:\Documents and Settings\Owner\Application Data\Offline Explorer -> [2005/01/28 10:39:53 | 000,000,000 | ---D | M]
SanDisk -> C:\Documents and Settings\Owner\Application Data\SanDisk -> [2009/04/07 18:34:39 | 000,000,000 | ---D | M]
SecondLife -> C:\Documents and Settings\Owner\Application Data\SecondLife -> [2007/07/28 19:03:13 | 000,000,000 | ---D | M]
SecondLife(2) -> C:\Documents and Settings\Owner\Application Data\SecondLife(2) -> [2005/07/12 03:24:20 | 000,000,000 | ---D | M]
Shareaza -> C:\Documents and Settings\Owner\Application Data\Shareaza -> [2008/02/17 16:37:29 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\Owner\Application Data\Stardock -> [2008/08/19 19:18:59 | 000,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\Owner\Application Data\Thunderbird -> [2009/12/15 19:48:38 | 000,000,000 | ---D | M]
Trillian -> C:\Documents and Settings\Owner\Application Data\Trillian -> [2009/01/10 04:01:34 | 000,000,000 | ---D | M]
Uniblue -> C:\Documents and Settings\Owner\Application Data\Uniblue -> [2008/12/10 22:08:15 | 000,000,000 | ---D | M]
ViStart -> C:\Documents and Settings\Owner\Application Data\ViStart -> [2007/12/01 23:22:54 | 000,000,000 | ---D | M]
Windows Desktop Search -> C:\Documents and Settings\Owner\Application Data\Windows Desktop Search -> [2008/07/25 05:45:23 | 000,000,000 | ---D | M]
Windows Live Writer -> C:\Documents and Settings\Owner\Application Data\Windows Live Writer -> [2009/04/01 09:19:23 | 000,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\Owner\Application Data\Windows Search -> [2008/07/29 06:15:42 | 000,000,000 | ---D | M]
Witty -> C:\Documents and Settings\Owner\Application Data\Witty -> [2009/06/27 07:29:06 | 000,000,000 | ---D | M]
InterTrust -> C:\Documents and Settings\SusanCheetah\Application Data\InterTrust -> [2004/04/15 10:43:01 | 000,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\SusanCheetah\Application Data\InterVideo -> [2005/07/12 03:24:53 | 000,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\SusanCheetah\Application Data\Thunderbird -> [2004/09/30 17:04:05 | 000,000,000 | ---D | M]
Windows Search -> C:\Documents and Settings\SusanCheetah\Application Data\Windows Search -> [2010/02/16 05:42:21 | 000,000,000 | ---D | M]
Ad-Aware Update (Daily 1).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 1).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 2).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 2).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 3).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 3).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Daily 4).job -> C:\WINNT\Tasks\Ad-Aware Update (Daily 4).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINNT\Tasks\Ad-Aware Update (Weekly).job -> [2010/03/05 04:05:29 | 000,000,472 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< %ProgramFiles%\Movie Maker\*.dll >
wmm2ae.dll -> C:\Program Files\Movie Maker\wmm2ae.dll -> [2008/04/13 19:12:09 | 000,167,936 | ---- | M] (Microsoft Corporation)
wmm2eres.dll -> C:\Program Files\Movie Maker\wmm2eres.dll -> [2008/04/13 19:12:09 | 000,004,096 | ---- | M] (Microsoft Corporation)
wmm2ext.dll -> C:\Program Files\Movie Maker\wmm2ext.dll -> [2008/04/13 19:12:09 | 000,007,680 | ---- | M] (Microsoft Corporation)
wmm2filt.dll -> C:\Program Files\Movie Maker\wmm2filt.dll -> [2008/04/13 19:12:09 | 000,402,432 | ---- | M] (Microsoft Corporation)
wmm2fxa.dll -> C:\Program Files\Movie Maker\wmm2fxa.dll -> [2008/04/13 19:12:09 | 000,502,272 | ---- | M] (Microsoft Corporation)
wmm2fxb.dll -> C:\Program Files\Movie Maker\wmm2fxb.dll -> [2008/04/13 19:12:09 | 000,325,632 | ---- | M] (Microsoft Corporation)
wmm2res.dll -> C:\Program Files\Movie Maker\wmm2res.dll -> [2008/04/13 19:12:09 | 004,256,768 | ---- | M] (Microsoft Corporation)
wmm2res2.dll -> C:\Program Files\Movie Maker\wmm2res2.dll -> [2008/04/13 19:12:09 | 000,005,632 | ---- | M] (Microsoft Corporation)
wmmfilt.dll -> C:\Program Files\Movie Maker\wmmfilt.dll -> [2002/08/29 07:00:00 | 000,110,648 | ---- | M] (Microsoft Corporation)
wmmres.dll -> C:\Program Files\Movie Maker\wmmres.dll -> [2002/08/29 07:00:00 | 000,319,542 | ---- | M] (Microsoft Corporation)
wmmutil.dll -> C:\Program Files\Movie Maker\wmmutil.dll -> [2002/08/29 07:00:00 | 000,163,897 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: ALLUSERSAPPDATA
< %SYSTEMROOT%\*.tmp >
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->
< %PROGRAMFILES%\Internet Explorer\*.dll >
custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2006/11/07 21:03:36 | 000,033,792 | ---- | M] (Microsoft Corporation)
hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2009/03/08 03:24:28 | 000,068,608 | ---- | M] (Microsoft Corporation)
iecompat.dll -> C:\Program Files\Internet Explorer\iecompat.dll -> [2009/10/01 23:44:07 | 000,092,160 | ---- | M] (Microsoft Corporation)
iedvtool.dll -> C:\Program Files\Internet Explorer\iedvtool.dll -> [2009/03/08 03:35:32 | 000,742,912 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2009/12/21 14:14:03 | 000,246,272 | ---- | M] (Microsoft Corporation)
jsdbgui.dll -> C:\Program Files\Internet Explorer\jsdbgui.dll -> [2009/03/08 03:35:02 | 000,521,216 | ---- | M] (Microsoft Corporation)
jsdebuggeride.dll -> C:\Program Files\Internet Explorer\jsdebuggeride.dll -> [2009/03/08 03:35:02 | 000,121,344 | ---- | M] (Microsoft Corporation)
JSProfilerCore.dll -> C:\Program Files\Internet Explorer\JSProfilerCore.dll -> [2009/03/08 03:35:04 | 000,118,272 | ---- | M] (Microsoft Corporation)
jsprofilerui.dll -> C:\Program Files\Internet Explorer\jsprofilerui.dll -> [2009/03/08 03:35:12 | 000,233,984 | ---- | M] (Microsoft Corporation)
pdm.dll -> C:\Program Files\Internet Explorer\pdm.dll -> [2009/01/07 17:20:18 | 000,355,832 | ---- | M] (Microsoft Corporation)
sqmapi.dll -> C:\Program Files\Internet Explorer\sqmapi.dll -> [2009/01/07 17:20:54 | 000,134,144 | ---- | M] (Microsoft Corporation)
xpshims.dll -> C:\Program Files\Internet Explorer\xpshims.dll -> [2009/12/21 14:14:05 | 000,012,800 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: DriveLetter
< %systemroot%\system32\*.dll /lockedfiles >
13 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp ->
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS /md5 /s >
AGP440.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
AGP440.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\ERDNT\cache\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\ServicePackFiles\i386\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\system32\dllcache\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINNT\system32\drivers\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINNT\$NtServicePackUninstall$\agp440.sys -> [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS /md5 /s >
atapi.sys : .cab file -> C:\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp1.cab:atapi.sys -> [2002/08/29 07:00:00 | 010,158,890 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys -> [2004/08/04 00:05:44 | 018,738,937 | ---- | M] ()
atapi.sys : .cab file -> C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2009/05/21 19:55:14 | 023,852,652 | ---- | M] ()
atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINNT\system32\ReinstallBackups�06\DriverFiles\i386\atapi.sys -> [2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\ERDNT\cache\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\system32\dllcache\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINNT\system32\drivers\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINNT\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
< %systemdrive%\EVENTLOG.DLL /md5 /s >
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\ERDNT\cache\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINNT\system32\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINNT\$NtServicePackUninstall$\eventlog.dll -> [2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation)
EventLog.dll : MD5=CAD468899536326818AE00BF0A750F9C -> C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll -> [2004/12/13 10:37:30 | 000,028,791 | ---- | M] ()
< %systemdrive%\IASTOR.SYS /md5 /s >
iaStor.sys : MD5=18E3972D9632485D80D609D4674F9D83 -> C:\OEMDRVRS\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
iaStor.sys : MD5=18E3972D9632485D80D609D4674F9D83 -> C:\WINNT\system32\drivers\iaStor.sys -> [2003/03/21 00:00:00 | 000,201,088 | ---- | M] (Intel Corporation)
< %systemdrive%\NETLOGON.DLL /md5 /s >
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\ERDNT\cache\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINNT\system32\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINNT\$NtServicePackUninstall$\netlogon.dll -> [2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SCECLI.DLL /md5 /s >
scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINNT\$NtServicePackUninstall$\scecli.dll -> [2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\ERDNT\cache\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINNT\system32\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
13 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp ->
< %systemroot%\Tasks\*.job /lockedfiles >
< c:\$recycle.bin\*.* /s >
Restore point Set: OTS Restore Point (68719476736)

[Alternate Data Streams]
@Alternate Data Stream - 479 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 88 bytes -> C:\WINNT\sndvol32.exe:SummaryInformation
< End of report >

~~~~~~~~~~
VirScan

VirSCAN.org Scanned Report :
Scanned time : 2010/03/04 07:00:01 (CST)
Scanner results: Scanners did not find malware!
File Name : brunin03.dll
File Size : 147456 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 46ae67007ed872050db3ba9615283eb5
SHA1 : 07ef57b1c06da4e28800af6a90ee815b28ebdb49
Online report : [url="http://virscan.org/report/527521f9e63f19ad013c2adb91830323.html"]http://virscan.org/report/527521f9e63f19ad...db91830323.html[/url]

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100304053904 2010-03-04 6.22 -
AhnLab V3 2010.03.04.00 2010.03.04 2010-03-04 1.03 -
AntiVir 8.2.1.180 7.10.4.192 2010-03-03 0.31 -
Antiy 2.0.18 20100302.3946376 2010-03-02 0.02 -
Arcavir 2009 201003031711 2010-03-03 0.05 -
Authentium 5.1.1 201003031107 2010-03-03 1.51 -
AVAST! 4.7.4 100303-0 2010-03-03 0.01 -
AVG 8.5.720 271.1.1/2720 2010-03-03 0.25 -
BitDefender 7.81008.5367913 7.30613 2010-03-04 5.60 -
ClamAV 0.95.3 10507 2010-03-04 0.04 -
Comodo 3.13.579 4136 2010-03-03 0.93 -
CP Secure 1.3.0.5 2010.03.04 2010-03-04 0.09 -
Dr.Web 5.0.1.12222 2010.03.04 2010-03-04 5.81 -
F-Prot 4.4.4.56 20100303 2010-03-03 1.53 -
F-Secure 7.02.73807 2010.03.03.13 2010-03-03 10.40 -
Fortinet 11.546- 11.546 2010-03-03 0.21 -
GData 19.10730/19.795 20100303 2010-03-03 6.57 -
ViRobot 20100303 2010.03.03 2010-03-03 0.47 -
Ikarus T3.1.01.80 2010.03.03.75324 2010-03-03 4.93 -
JiangMin 13.0.900 2010.03.03 2010-03-03 4.92 -
Kaspersky 5.5.10 2010.03.03 2010-03-03 0.17 -
KingSoft 2009.2.5.15 2010.3.3.19 2010-03-03 0.59 -
McAfee 5.3.00 5909 2010-03-03 3.63 -
Microsoft 1.5502 2010.03.03 2010-03-03 6.78 -
Norman 6.01.09 6.01.00 2010-02-10 4.02 -
Panda 9.05.01 2010.03.03 2010-03-03 1.88 -
Trend Micro 9.120-1004 6.889.00 2010-03-03 0.03 -
Quick Heal 10.00 2010.03.03 2010-03-03 1.40 -
Rising 20.0 22.37.02.04 2010-03-03 1.07 -
Sophos 3.04.1 4.50 2010-03-04 3.61 -
Sunbelt 3.9.2406.2 5742 2010-03-03 3.00 -
Symantec 1.3.0.24 20100303.005 2010-03-03 0.05 -
nProtect 20100302.01 7621007 2010-03-02 4.49 -
The Hacker 6.5.1.7 v00220 2010-03-03 0.38 -
VBA32 3.12.12.2 20100301.2254 2010-03-01 2.71 -
VirusBuster 4.5.11.10 10.121.1/2014475 2010-03-04 2.42 -

~~~~~~~~~~
DrWeb

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Moved.;
4b03edab.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b03edab.qua;Probably Trojan.Packed.Based;;
4b03edab.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4b28d602.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b28d602.qua;Probably Trojan.Packed.Based;;
4b28d602.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4b56db28.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b56db28.qua;Probably Trojan.Packed.Based;;
4b56db28.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
4bb5f5b1.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4bb5f5b1.qua;Probably Trojan.Packed.Based;;
4bb5f5b1.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;Moved.;
A0113675.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.;
A0113676.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.;
A0120496.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.;
A0120497.EXE.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.NewDotNet;Moved.;
NNWDAB638.EXE.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.NewDotNet;Moved.;
VVSNInst.exe.bac_a03392;C:\Documents and Settings\Owner\.housecall\Quarantine;Adware.SaveNow;Moved.;
CouponPrinter.exe\data012;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data013;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data015;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data016;C:\Documents and Settings\SusanCheetah\My Documents\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe;C:\Documents and Settings\SusanCheetah\My Documents;Container contains infected objects;Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;Moved.;
mirc.exe;C:\Program Files\mIRC\backup;Program.mIRC.617;Moved.;
_desktop.ini;C:\WINNT\Resources\Themes\VistaCG127\material;Win32.HLLW.Gavir.ini;Deleted.;
_desktop.ini;C:\WINNT\Resources\Themes\VistaCG127\material\basic;Win32.HLLW.Gavir.ini;Deleted.;

~~~~~~~~~~
Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, March 6, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, March 05, 2010 03:03:49
Records in database: 3693272
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
H:\

Scan statistics:
Objects scanned: 95975
Threats found: 4
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 07:24:56


File name / Threat / Threats count
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0113675.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0113676.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0120496.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0120497.EXE.bac_a03392 Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mirc___0.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\NNWDAB638.EXE.bac_a03392 Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\VVSNInst.exe.bac_a03392 Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1151\A0273437.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1151\A0273438.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

Selected area has been scanned.

Share this post


Link to post
Share on other sites
Hey,

How is your computer doing?

Share this post


Link to post
Share on other sites
[quote name='Ltangelic' post='117719' date='Mar 6 2010, 03:57 AM']Hey,

How is your computer doing?[/quote]

I haven't tried to run the Ad-Aware yet, paranoid that it might lock up on me again. But other than the scans taking quite some time to perform (its about 8 years old), it hasn't complained too much. I'm gonna try to restore some of the items the scans have flagged (like mIRC) once I find out why Ad-Aware is locking up.

Share this post


Link to post
Share on other sites
Hey [b]Avanguard[/b],

Your logs look clean. I think Ad Aware problem is not likely to have been caused by malware. Are there any more issues you would like to raise before I post the prevention speech? :(

Share this post


Link to post
Share on other sites
[quote name='Ltangelic' post='117777' date='Mar 7 2010, 11:24 PM']Hey [b]Avanguard[/b],

Your logs look clean. I think Ad Aware problem is not likely to have been caused by malware. Are there any more issues you would like to raise before I post the prevention speech? ;)[/quote]

If the logs are clean, then why do you suppose Ad-Aware keeps locking up when I try to view its detection report? Should I go through the headache of re-downloading it, uninstalling again, and reinstalling? Is there a surefire way to get it to work like it is supposed to as opposed to locking up?

Though downloading it will be a headache either way. The internet connection has been very unstable since last december. It diconnected me 15 times just trying to post this reply.

Share this post


Link to post
Share on other sites
Hey [b]Avanguard[/b],

mIRC is a P2P program that can bring about security risks due to its file-sharing capability, it's highly recommended that you uninstall them and don't install them again. It could be the very source of viruses on your computer.

Unfortunately, I could not see anything in your log that could have caused the AdAware to freeze, and I doubt it is caused by virus block. As you have said, your computer is 8 years old, it's very likely that the RAM (random access memory) size or your computer's functionality is what causes the slow scanning time. As for the freezing problem you'll have to contact AdAware directly to sort out the problem as I am not familiar with the inner workings of this software. Regarding the internet connection, please contact your ISP and they will provide the necessary help to sort out the problem. It could be a modem problem, which will be beyond my expertise.

Anyway, I'll post the cleaning speech and prevention speech now since your logs are clean. ;)

[color="#800080"][b][u][size=4]Cleanup[/size][/u][/b][/color]

[color="#0000FF"][b][size=3]1)[/size] Update Adobe Reader [/b][/color]

Please uninstall the current version of Adobe you have and go [url="http://www.adobe.com/products/acrobat/readstep2.html"]here[/url] to install the latest version.

[color="#0000FF"][b][size=3]2)[/size] Disable "Show Hidden Files and Folders" Option [/b][/color]
[list]
[*]Go to Start>Control Panel and go under [b]Appearances and Themes[/b]
[*]Click on [b]Folder Options[/b] and go under [b]View[/b] tab
[*]Ensure that "[b]Show hidden files and folders[/b]" is NOT ticked and click [b]Apply[/b]
[/list][color="#0000FF"][b][size=3]3)[/size] Remove Tools With OTC[/b][/color]

Please download [url="http://oldtimer.geekstogo.com/OTC.exe"][b]OTC[/b][/url].[list]
[*]Save it to your desktop.
[*]Double Click on [b]OTC.exe[/b], a window will appear.
[*]Please press the [b]CleanUp![/b] Button.
[*]You may be asked to reboot, click "[b]Yes[/b]".
[/list][color="#0000FF"][b][size=3]4)[/size] Uninstall ComboFix[/b][/color][list]
[*] Click [b]START[/b] then [b]RUN[/b]
[*] Now type [b]ComboFix /uninstall[/b] in the runbox and click [b]OK[/b]. Note the [b]space[/b] between the [b]x[/b] and the [b]/[/b], it needs to be there.
[img]http://img62.imageshack.us/img62/1002/combofixuninstall.png[/img]
[/list][color="#0000FF"][b][size=3]5)[/size] Re-enable Avira Antivir[/b][/color]
[list=1]
[*]Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background.
[*]Right-click on the icon and check the option [b]AntiVir Guard enable[/b].
[*]Restart your computer.
[/list][color="#0000FF"][b][size=3]6)[/size] Run TFC[/b][/color]

Download [url="http://oldtimer.geekstogo.com/TFC.exe"][color="#000000"][b]TFC[/b][/color][/url] to your desktop[list]
[*]Open the file and close any other windows.
[*]It [b][color="#FF0000"]will close all programs itself[/color][/b] when run, make sure to let it run uninterrupted.
[*]Click the Start button to begin the process. The program should not take long to finish its job
[*]Once its finished it should [b]reboot your machine[/b], if not, do this yourself to ensure a complete clean
[/list][color="#0000FF"][b][size=3]7)[/size] Reset System Restore Points[/b][/color]

[indent]You should [url="http://www.bleepingcomputer.com/tutorials/tutorial56.html"][color="blue"]Create a New Restore Point[/color][/url] to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore.
Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.
Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to [i]"roll-back"[/i] to a clean working state.

[b]The easiest and safest way to do this is[/b]:[list]
[*]Go to [b]Start[/b] > [b]Programs[/b] > [b]Accessories[/b] > [b]System Tools[/b] and click "[b][color="blue"]System Restore[/color][/b]".
[*]If the shortcut is missing you can also click on [b]START[/b] > [b]RUN[/b] > and type in [b][color="blue"]%SystemRoot%\system32\restore\rstrui.exe[/color][/b] and click OK
[*]Choose the radio button marked "[b]Create a Restore Point[/b]" on the first screen then click "[b]Next[/b]".
[*]Give the new Restore Point a name, then click "[b]Create[/b]".
[*]The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
[/list][list]
[*]Then use the [b]Disk Cleanup[/b] to remove all but the most recently created Restore Point.
[*]Go to [b]Start[/b] > [b]Run[/b] and type: [b][color="blue"]Cleanmgr.exe[/color][/b]
[*]Select the drive where Windows is installed and click "[b]Ok[/b]". Disk Cleanup will scan your files for several minutes, then open.
[*]Click the "[b]More Options[/b]" tab, then click the "[b]Clean up[/b]" button under System Restore.
[*]Click Ok. You will be prompted with "[i]Are you sure you want to delete all but the most recent restore point?[/i]"
[*]Click [b]Yes[/b], then click Ok.
[*]Click [b]Yes[/b] again when prompted with "[i]Are you sure you want to perform these actions?[/i]"
[*]Disk Cleanup will remove the files and close automatically.
[*]On the [b]Disk Cleanup[/b] tab, if the [b]System Restore: Obsolete Data Stores[/b] entry is available remove them also.
[*]These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.
[/list][indent][img]http://kixhelp.com/wr/images-mb/selectdrivecleanup.png[/img] [img]http://kixhelp.com/wr/images-mb/selectdrivecleanup1.png[/img][/indent][b]Additional information[/b]
Microsoft KB article: [url="http://support.microsoft.com/kb/310405"][color="blue"]How to turn off and turn on System Restore in Windows XP[/color][/url]
Bert Kinney's site: [url="http://bertk.mvps.org/"][color="blue"]All about Windows System Restore[/color][/url][/indent]

[color="#800080"][b][u][size=4]Prevention Speech[/size][/u][/b][/color]

Below are some recommendations to protect your computer against malware infections.

[size=5][b]1)[/b][/size] Keep Windows updated by regularly checking their website at :
[url="http://windowsupdate.microsoft.com/"]http://windowsupdate.microsoft.com/[/url]
This will ensure your computer has always the latest security updates available installed on your computer.

[size=5][b]2)[/b][/size] To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

[u][b][color="#800080"]Complementary programs (does not conflict with any software that offers real time protection)[/color][/b][/u]

* [url="http://www.javacoolsoftware.com/sbdownload.html"][b][color="#FF8C00"]SpywareBlaster[/color][/b][/url]- Prevents malicious Active-X controls from installing in the first place and reducing your chances of infection of spyware.
* [url="http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe"][b][color="#FF8C00"]IE-SpyAd[/color][/b][/url]- Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites which actually installs malicious codes onto your system. (Tutorial available [url="http://www.bleepingcomputer.com/tutorials/tutorial53.html"]here[/url])
* [url="http://mvps.org/winhelp2002/hosts.htm"][b][color="#FF8C00"]MVPS Hosts file[/color][/b][/url]- Replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

[u][b][color="#800080"]Firewalls[/color][/b][/u]

You should also have a good firewall. Here are 4 free ones available for personal use ([b]please turn OFF your Windows firewall after installing ONE of the following[/b]):

* [url="http://smb.sygate.com/products/spf_standard.htm"][b][color="#FF00FF"]Sygate Personal Firewall[/color][/b][/url]
* [url="http://www.kerio.com/us/kpf_download.html"][b][color="#FF00FF"]Kerio Personal Firewall[/color][/b][/url]
* [url="http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za"][b][color="#FF00FF"]ZoneAlarm[/color][/b][/url]
* [url="http://www.personalfirewall.comodo.com/"][b][color="#FF00FF"]Comodo Firewall Pro[/color][/b][/url]

[size=3][b][color="#FF0000"]It is critical to have only ONE firewall, ONE anti virus and ONE anti-spyware resident protection running to protect your system and to keep them updated. Take note that not ALL programs offer real time protection, for a list of programs that DO offer real time protection, look [url="http://en.wikipedia.org/wiki/Real-time_protection"]here[/url][/color][/b][/size]

[size=5][b]3)[/b][/size] [b][u]Make Internet Explorer more secure[/u][/b][list]
[*]Click [b]Start[/b] > [b]Run[/b]
[*]Type [b]Inetcpl.cpl[/b] & click [b]OK[/b]
[*]Click on the [b]Security[/b] tab
[*]Click [b]Reset all zones to default level[/b]
[*]Make sure the [b]Internet Zone[/b] is selected & Click [b]Custom level[/b]
[*]In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
[*]Next Click [b]OK[/b], then [b]Apply[/b] button and then [b]OK[/b] to exit the Internet Properties page.
[/list][size=5][b]4)[/b][/size] Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
[url="http://www.mozilla.org/products/firefox/"][b][color="red"]Here[/color][/b][/url]

[size=5][b]5)[/b][/size] Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
[url="http://www.spywareinfoforum.com/index.php?showtopic=60955"][b][color="red"]Here[/color][/b][/url]

Thank you for your patience, and performing all of the procedures requested.

[b]Please post back telling me if there are any further problems. If everything is working properly, I will mark this as Resolved.[/b]

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Topic re-opened at the request of Member ;) He's got a slow connection and has some trouble getting back in but he had some questions for you, Lt

Share this post


Link to post
Share on other sites
Thank you. I'll keep it brief. :)

I tried the firewalls, particularly Zone Alarm. I found out that firewalls don't play nice with my ISP's connection software client. It in fact makes it near impossible to connect to the internet. My ISP's tech support line said to just disable it.

I've updated adobe reader, added in SpywareBlaster, and already use FireFox (since version 0.8).

Ad-Aware insists there's now at least 62 detections when it does a smart scan but it still hangs and locks up when it tries to display them. So unfortunately I don't have a clue what to do anymore. But I did put some of the suggestions in this thread to use.

Share this post


Link to post
Share on other sites
I am really sorry for the delay, somehow my email notification has not worked as it should. Do you still need help?

Share this post


Link to post
Share on other sites
[quote name='Ltangelic' post='118530' date='Apr 2 2010, 07:03 AM']I am really sorry for the delay, somehow my email notification has not worked as it should. Do you still need help?[/quote]

That's okay, mine doesn't tell me either, so I have to check for replies directly.

Anyway, do you think an older version of Ad-Aware would help, since the current version keeps flaking out on me? Such as reverting to Ad-Aware 2007/2008?

And would anyone happen to know of a firewall that plays nice with AOL ISP client off-shoots (Netscape Connect)?

Share this post


Link to post
Share on other sites
[quote name='Ltangelic' post='118530' date='Apr 2 2010, 07:03 AM']I am really sorry for the delay, somehow my email notification has not worked as it should. Do you still need help?[/quote]

That's okay, mine doesn't tell me either, so I have to check for replies directly.

Anyway, do you think an older version of Ad-Aware would help, since the current version keeps flaking out on me? Such as reverting to Ad-Aware 2007/2008?

And would anyone happen to know of a firewall that plays nice with AOL ISP client off-shoots (Netscape Connect)?

Share this post


Link to post
Share on other sites
Hi Avanguard,

If you have a paid version of Ad-Aware, you should go [url="http://www.lavasoftsupport.com/index.php?showforum=46"]here[/url] and consult their customer support staff. :)

I don't know why Ad Aware is causing these problems, did you try to uninstall and reinstall it?

As for firewalls, do try Sygate and Comodo and see how they work. :)

Share this post


Link to post
Share on other sites
[quote name='Ltangelic' post='118620' date='Apr 4 2010, 05:43 AM']Hi Avanguard,

If you have a paid version of Ad-Aware, you should go [url="http://www.lavasoftsupport.com/index.php?showforum=46"]here[/url] and consult their customer support staff. :)

I don't know why Ad Aware is causing these problems, did you try to uninstall and reinstall it?

As for firewalls, do try Sygate and Comodo and see how they work. :)[/quote]

Twice. Once with a full clean uninstall using that "add/remove programs" alternative I saw mentioned elsewhere in the forums. Of course it ended up auto-updating itself afterward. And unfortunately no I do not have a paid version of Ad-Aware.

I'll go look Comodo up on goggle, but I can tell you that so far Sygate doesn't exist anymore, it got merged into Symantec's stuff and you have to buy a subscription to their Norton Internet Security suite to get it (so I have to go find the last version they made before the merge).

Share this post


Link to post
Share on other sites
Hi,

Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you. :)

Share this post


Link to post
Share on other sites
Hi,

There were some old Norton remnants visible in your log. Please run [url="http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039"]Norton removal tool[/url]. Then reboot and see if you're able to run Ad-Aware.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0