Page Redirect Virus [CLOSED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

Page Redirect Virus [CLOSED], a link from googles search results in connecting to an unknown website

Options

icekin2 View Member Profile	Sep 30 2008, 05:20 AM Post #1
New Member Posts: 6 OS: WinXP	Hi all, I think i have a major page redirect virus on my hands. It is active only when i click on a search website's results and then it takes me to an unwanted shopping website. I have done several scans using Avast Anti-virus ( latest update) , spybot Search & destroy, and Super Anti-Spyware, still there were no traces of spyware. Can you please tell me how i can purge this virus, I really need your help!! Below is a post of Hijack this log, ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:45:37 PM, on 9/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: E:\WINNT\System32\smss.exe E:\WINNT\system32\winlogon.exe E:\WINNT\system32\services.exe E:\WINNT\system32\lsass.exe E:\WINNT\system32\svchost.exe E:\WINNT\System32\svchost.exe E:\WINNT\system32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe E:\WINNT\system32\spoolsv.exe E:\WINNT\Explorer.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\Analog Devices\Core\smax4pnp.exe E:\WINNT\system32\igfxtray.exe E:\WINNT\system32\igfxpers.exe E:\WINNT\system32\hkcmd.exe E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\Program Files\DU Meter\DUMeter.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\DAEMON Tools\daemon.exe E:\WINNT\system32\ctfmon.exe E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe E:\Program Files\Launchy\Launchy.exe E:\Program Files\Yahoo!\Widgets\YahooWidgets.exe E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Program Files\Bonjour\mDNSResponder.exe E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe E:\WINNT\system32\svchost.exe E:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe E:\Program Files\PC Connectivity Solution\ServiceLayer.exe E:\Program Files\iPod\bin\iPodService.exe E:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE E:\WINNT\System32\svchost.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\iTunes\iTunes.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe E:\WINNT\system32\wuauclt.exe E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = aproxy.rmit.edu.au:8080 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5AB40F46-6E8D-497E-8182-85B11D6D0B79} - E:\WINNT\system32\iifdcccY.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] E:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [igfxtray] E:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] E:\WINNT\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] E:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [hpWirelessAssistant] E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Cpqset] E:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFexe] ()+,-./0123456789:;<=>?@ABCDEFexe O4 - HKLM\..\Run: [+,-./0123456789:;<=>?exe] !"#$%&'()+,-./0123456789:;<=>?exe O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] E:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFexe] ()+,-./0123456789:;<=>?@ABCDEFexe O4 - HKCU\..\Run: [+,-./0123456789:;<=>?exe] !"#$%&'()+,-./0123456789:;<=>?exe O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Yahoo! Widgets.lnk = E:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} (POLi Pay Online) - https://autxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - E:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 12429 bytes Thanks in advance

Gravity Gripp View Member Profile	Sep 30 2008, 08:00 AM Post #2
Trusted Helper Posts: 1,512 From: /dev/null OS: Windows XP, OSX 10.5, Ubuntu 8.10	icekin2, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your issues. Please note that I am still in training and will be working with an expert on these issues so there may be a slight delay in my responses. If I have not responded to you in a time period longer than 4 days, please feel free to PM me. For now, I will be reviewing your log and will get back to you shortly. Thanks and I look forward to working with you.

Gravity Gripp View Member Profile	Sep 30 2008, 08:20 AM Post #3
Trusted Helper Posts: 1,512 From: /dev/null OS: Windows XP, OSX 10.5, Ubuntu 8.10	STEP ONE First, download OTListIt to your desktop. Once it has finished downloading, please double click on the icon. When the window appears, click the Run Scan button. Do not change any settings unless otherwise told to do so. When the scan completes, it will open two notepad windows. OTListt.Txt and Extras.Txt Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may close these windows when you have posted the contents of the files. STEP TWO Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt)

icekin2 View Member Profile	Oct 1 2008, 10:52 AM Post #4
New Member Posts: 6 OS: WinXP	hi, these are the logs, incidentally, i needed to tell you that is a particular IP address that the google links re-direct to. It is 77.91.229.143. Also, Avast and Spybot refuse to update, OTListIt logfile created on: 10/2/2008 2:24:36 AM - Run OTListIt by OldTimer - Version 1.0.6.2 Folder = K:\war Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1015.36 Mb Total Physical Memory \| 321.58 Mb Available Physical Memory \| 31.67% Memory free 2.39 Gb Paging File \| 1.63 Gb Available in Paging File \| 68.54% Paging File free Paging file location(s): e:\pagefile.sys 1524 3048; %SystemDrive% = E: \| %SystemRoot% = E:\WINNT \| %ProgramFiles% = E:\Program Files Drive C: \| 8.92 Gb Total Space \| 7.99 Gb Free Space \| 89.60% Space Free \| Partition Type: FAT32 Drive D: \| 34.69 Gb Total Space \| 4.49 Gb Free Space \| 12.96% Space Free \| Partition Type: NTFS Drive E: \| 30.89 Gb Total Space \| 3.83 Gb Free Space \| 12.41% Space Free \| Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: \| 5.45 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive K: \| 973.17 Mb Total Space \| 30.44 Mb Free Space \| 3.13% Space Free \| Partition Type: FAT Computer Name: DYLANSMACHINE Current User Name: Dylan Pereira Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2008/07/20 00:25:06 \| 00,016,056 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008/07/20 00:38:28 \| 00,147,640 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashServ.exe [2008/09/10 16:50:26 \| 00,116,040 \| ---- \| M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008/08/29 10:18:44 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe [2006/02/16 09:09:20 \| 00,258,103 \| ---- \| M] (Broadcom Corporation.) -- E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007/01/05 12:48:52 \| 00,112,152 \| R--- \| M] (InterVideo) -- E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2006/01/11 05:23:56 \| 00,098,304 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- E:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008/07/20 00:38:04 \| 00,250,040 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008/07/24 00:25:45 \| 00,348,344 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007/01/13 07:36:40 \| 00,827,392 \| ---- \| M] (Synaptics, Inc.) -- E:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005/05/21 02:11:06 \| 00,925,696 \| ---- \| M] (Analog Devices, Inc.) -- E:\Program Files\Analog Devices\Core\smax4pnp.exe [2006/06/07 03:09:58 \| 00,094,208 \| ---- \| M] (Intel Corporation) -- E:\WINNT\system32\igfxtray.exe [2006/06/07 03:10:40 \| 00,118,784 \| ---- \| M] (Intel Corporation) -- E:\WINNT\system32\igfxpers.exe [2006/06/07 03:06:44 \| 00,077,824 \| ---- \| M] (Intel Corporation) -- E:\WINNT\system32\hkcmd.exe [2006/02/15 03:49:22 \| 00,454,656 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- E:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [2007/08/24 07:00:48 \| 00,033,648 \| ---- \| M] (Microsoft Corporation) -- E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008/06/10 04:27:04 \| 00,144,784 \| ---- \| M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008/07/20 00:38:34 \| 00,078,008 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashDisp.exe [2004/08/04 09:56:58 \| 00,218,112 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\wbem\wmiprvse.exe [2006/11/27 15:18:48 \| 01,582,616 \| ---- \| M] (Hagel Technologies Ltd) -- E:\Program Files\DU Meter\DUMeter.exe [2008/09/10 17:40:06 \| 00,289,576 \| ---- \| M] (Apple Inc.) -- E:\Program Files\iTunes\iTunesHelper.exe [2007/04/04 08:29:15 \| 00,165,784 \| ---- \| M] (DT Soft Ltd.) -- E:\Program Files\DAEMON Tools\daemon.exe [2007/08/30 22:13:18 \| 00,103,664 \| ---- \| M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe [2008/09/07 16:12:26 \| 01,576,176 \| ---- \| M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [2007/12/10 17:12:22 \| 00,695,808 \| ---- \| M] () -- E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2006/02/16 09:16:02 \| 00,581,693 \| ---- \| M] (Broadcom Corporation.) -- E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007/01/23 14:57:54 \| 00,520,192 \| ---- \| M] (Code Jelly) -- E:\Program Files\Launchy\Launchy.exe [2007/12/12 08:34:48 \| 03,746,856 \| ---- \| M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007/12/10 20:59:04 \| 00,353,280 \| ---- \| M] (Nokia.) -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008/09/10 17:39:48 \| 00,536,872 \| ---- \| M] (Apple Inc.) -- E:\Program Files\iPod\bin\iPodService.exe [2005/12/24 05:44:26 \| 00,491,606 \| ---- \| M] () -- E:\Program Files\HPQ\Shared\HpqToaster.exe [2007/12/10 20:59:40 \| 00,122,880 \| ---- \| M] () -- E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe [2007/10/23 17:03:00 \| 00,117,248 \| ---- \| M] () -- E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe [2008/09/25 23:51:54 \| 00,307,712 \| ---- \| M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe [2007/04/16 07:25:13 \| 00,064,000 \| ---- \| M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\wmplayer.exe [2008/10/02 02:05:22 \| 00,415,744 \| ---- \| M] (OldTimer Tools) -- K:\war\OTListIt.exe ========== (O23) Win32 Services ========== [2008/09/10 16:50:26 \| 00,116,040 \| ---- \| M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) [2007/10/24 01:47:22 \| 00,033,800 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) [2008/07/20 00:25:06 \| 00,016,056 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto \| Running]) [2008/07/20 00:38:28 \| 00,147,640 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto \| Running]) [2008/07/20 00:38:04 \| 00,250,040 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand \| Running]) [2008/07/24 00:25:45 \| 00,348,344 \| ---- \| M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand \| Running]) [2008/08/29 10:18:44 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto \| Running]) [2006/02/16 09:09:20 \| 00,258,103 \| ---- \| M] (Broadcom Corporation.) -- E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto \| Running]) [2004/08/04 09:56:48 \| 00,005,632 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\cisvc.exe -- (cisvc [On_Demand \| Stopped]) [2007/10/24 01:47:40 \| 00,070,144 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) [2004/08/04 09:56:50 \| 00,267,776 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\fxssvc.exe -- (Fax [Auto \| Stopped]) [2006/01/11 05:23:56 \| 00,098,304 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- E:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto \| Running]) [2005/11/14 18:06:04 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) [2008/09/10 17:39:48 \| 00,536,872 \| ---- \| M] (Apple Inc.) -- E:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Running]) [2007/01/05 12:48:52 \| 00,112,152 \| R--- \| M] (InterVideo) -- E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto \| Running]) [2007/08/24 06:59:20 \| 00,068,464 \| ---- \| M] (Microsoft Corporation) -- E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand \| Stopped]) [2007/08/24 03:19:12 \| 00,443,776 \| ---- \| M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand \| Stopped]) [2006/10/27 07:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) [2007/11/07 06:22:26 \| 00,092,792 \| ---- \| M] (CACE Technologies) -- E:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand \| Stopped]) [2007/12/10 20:59:04 \| 00,353,280 \| ---- \| M] (Nokia.) -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand \| Running]) [2004/08/04 09:56:58 \| 00,073,216 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\tlntsvr.exe -- (TlntSvr [On_Demand \| Stopped]) [2007/01/20 05:54:14 \| 00,097,136 \| ---- \| M] (Microsoft Corporation) -- E:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand \| Stopped]) [2007/04/16 07:23:41 \| 00,050,176 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\utilman.exe -- (UtilMan [On_Demand \| Stopped]) [2006/10/19 13:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand \| Stopped]) ========== Driver Services ========== [2008/07/20 00:32:15 \| 00,026,944 \| ---- \| M] (ALWIL Software) -- E:\WINNT\System32\drivers\aavmker4.sys -- (Aavmker4 [System \| Running]) [2006/03/01 07:36:20 \| 00,176,128 \| ---- \| M] (Analog Devices, Inc.) -- E:\WINNT\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand \| Running]) [2005/06/08 07:53:46 \| 00,152,960 \| ---- \| M] (Andrea Electronics Corporation) -- E:\WINNT\system32\drivers\aeaudio.sys -- (AEAudioService [On_Demand \| Running]) [2006/09/28 18:00:10 \| 01,160,320 \| ---- \| M] (Agere Systems) -- E:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand \| Running]) [2008/07/20 00:37:42 \| 00,020,560 \| ---- \| M] (ALWIL Software) -- E:\WINNT\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto \| Running]) [2008/07/20 00:37:21 \| 00,094,416 \| ---- \| M] (ALWIL Software) -- E:\WINNT\System32\drivers\aswmon2.sys -- (aswMon2 [Auto \| Running]) [2008/07/20 00:33:42 \| 00,023,152 \| ---- \| M] (ALWIL Software) -- E:\WINNT\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand \| Running]) [2008/07/20 00:35:18 \| 00,078,416 \| ---- \| M] (ALWIL Software) -- E:\WINNT\System32\drivers\aswSP.sys -- (aswSP [System \| Running]) [2008/07/20 00:32:36 \| 00,042,912 \| ---- \| M] (ALWIL Software) -- E:\WINNT\System32\drivers\aswTdi.sys -- (aswTdi [System \| Running]) [2006/02/06 19:00:06 \| 00,045,312 \| ---- \| M] (Broadcom Corporation) -- E:\WINNT\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand \| Running]) [2006/02/16 08:59:52 \| 00,401,664 \| ---- \| M] (Broadcom Corporation.) -- E:\WINNT\system32\drivers\btaudio.sys -- (btaudio [On_Demand \| Stopped]) [2006/02/16 08:54:46 \| 00,030,363 \| ---- \| M] (Broadcom Corporation.) -- E:\WINNT\system32\drivers\btport.sys -- (BTDriver [On_Demand \| Stopped]) [2006/02/16 08:56:58 \| 01,342,570 \| ---- \| M] (Broadcom Corporation.) -- E:\WINNT\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand \| Running]) [2006/02/16 08:51:22 \| 00,148,168 \| ---- \| M] (Broadcom Corporation.) -- E:\WINNT\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand \| Stopped]) [2006/02/16 08:54:40 \| 00,030,189 \| ---- \| M] (Broadcom Corporation.) -- E:\WINNT\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand \| Stopped]) [2006/02/16 08:54:10 \| 00,057,096 \| ---- \| M] (Broadcom Corporation.) -- E:\WINNT\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand \| Stopped]) [2004/08/04 16:10:18 \| 00,017,024 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\CCDECODE.sys -- (CCDECODE [On_Demand \| Stopped]) [2007/12/17 11:14:40 \| 00,211,968 \| ---- \| M] (OMNIKEY) -- E:\WINNT\system32\drivers\cxru0wdm.sys -- (cxru0wdm [On_Demand \| Stopped]) [2007/01/16 13:08:30 \| 00,006,689 \| ---- \| M] (Dallas Semiconductor MAXIM) -- E:\WINNT\System32\drivers\DS1410D.SYS -- (DS1410D [System \| Running]) [2005/09/20 06:23:52 \| 00,007,808 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- E:\WINNT\system32\drivers\eabfiltr.sys -- (eabfiltr [System \| Running]) [2005/09/20 06:24:20 \| 00,005,760 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- E:\WINNT\system32\drivers\EabUsb.sys -- (eabusb [On_Demand \| Stopped]) [2008/04/17 13:12:54 \| 00,015,464 \| ---- \| M] (GEAR Software Inc.) -- E:\WINNT\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand \| Running]) [2006/11/22 10:01:48 \| 00,693,760 \| ---- \| M] (Aladdin Knowledge Systems Ltd.) -- E:\WINNT\system32\drivers\hardlock.sys -- (Hardlock [Auto \| Running]) [2008/04/21 22:25:53 \| 00,047,616 \| ---- \| M] (Aladdin Knowledge Systems) -- E:\WINNT\system32\drivers\Haspnt.sys -- (Haspnt [Auto \| Running]) [2005/09/20 06:24:10 \| 00,009,344 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- E:\WINNT\system32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand \| Running]) [2007/04/16 07:22:08 \| 00,138,752 \| ---- \| M] (Windows ® Server 2003 DDK provider) -- E:\WINNT\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand \| Running]) [2006/06/07 03:32:54 \| 01,168,860 \| ---- \| M] (Intel Corporation) -- E:\WINNT\system32\drivers\ialmnt5.sys -- (ialm [On_Demand \| Running]) [2007/04/16 07:22:13 \| 00,036,096 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\intelppm.sys -- (intelppm [System \| Running]) [2004/08/04 15:58:36 \| 00,014,848 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\kbdhid.sys -- (kbdhid [System \| Running]) [2004/08/04 15:58:40 \| 00,005,504 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand \| Stopped]) [2004/08/04 16:10:30 \| 00,085,376 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\NABTSFEC.sys -- (NABTSFEC [On_Demand \| Stopped]) [2004/11/26 19:15:06 \| 00,025,088 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\ncfvsbus.sys -- (ncfvsbus [On_Demand \| Running]) [2004/08/04 16:10:14 \| 00,010,880 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\NdisIP.sys -- (NdisIP [On_Demand \| Stopped]) [2007/05/05 07:14:52 \| 02,206,976 \| ---- \| M] (Intel Corporation) -- E:\WINNT\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand \| Running]) [2004/08/04 07:59:52 \| 00,040,320 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\nmnt.sys -- (nm [On_Demand \| Stopped]) [2007/02/22 17:15:56 \| 00,137,216 \| ---- \| M] (Nokia) -- E:\WINNT\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand \| Stopped]) [2007/02/22 17:15:14 \| 00,008,320 \| ---- \| M] (Nokia) -- E:\WINNT\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand \| Stopped]) [2007/02/22 17:15:14 \| 00,012,288 \| ---- \| M] (Nokia) -- E:\WINNT\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand \| Stopped]) [2007/02/22 17:15:14 \| 00,012,288 \| ---- \| M] (Nokia) -- E:\WINNT\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand \| Stopped]) [2007/11/07 06:22:06 \| 00,034,064 \| ---- \| M] (CACE Technologies) -- E:\WINNT\system32\drivers\npf.sys -- (NPF [Auto \| Running]) File not found -- E:\WINNT\System32\DRIVERS\parallel.sys -- (Parallel [Disabled \| Stopped]) [2001/08/23 22:00:00 \| 00,003,328 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\pciide.sys -- (PCIIde [Boot \| Running]) [2004/04/02 09:30:46 \| 00,010,368 \| ---- \| M] (Padus, Inc.) -- E:\WINNT\system32\drivers\pfc.sys -- (pfc [On_Demand \| Running]) [2002/09/17 10:14:32 \| 00,004,228 \| ---- \| M] (PowerQuest Corporation) -- E:\WINNT\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System \| Running]) [2001/08/23 22:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- E:\WINNT\system32\drivers\ptilink.sys -- (Ptilink [On_Demand \| Running]) [2008/02/13 03:00:00 \| 00,043,528 \| ---- \| M] (Sonic Solutions) -- E:\WINNT\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot \| Running]) [2007/04/16 07:23:17 \| 00,062,336 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\rspndr.sys -- (rspndr [Auto \| Running]) [2008/05/28 10:33:36 \| 00,008,944 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System \| Running]) [2008/05/28 10:33:38 \| 00,007,408 \| R--- \| M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand \| Running]) [2008/05/28 10:33:36 \| 00,055,024 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System \| Running]) [2007/11/13 20:25:53 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINNT\system32\drivers\secdrv.sys -- (Secdrv [Auto \| Running]) [2006/12/21 07:30:02 \| 00,090,688 \| ---- \| M] (SafeNet, Inc.) -- E:\WINNT\system32\drivers\sentinel.sys -- (Sentinel [Auto \| Running]) [2005/03/04 03:53:57 \| 00,048,640 \| ---- \| M] (Protection Technology) -- E:\WINNT\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot \| Running]) [2005/02/24 01:59:54 \| 00,006,656 \| ---- \| M] (Protection Technology) -- E:\WINNT\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot \| Running]) [2004/12/03 20:20:41 \| 00,020,544 \| ---- \| M] (Protection Technology) -- E:\WINNT\system32\drivers\sfsync02.sys -- (sfsync02 [Boot \| Running]) [2004/08/04 16:10:18 \| 00,011,136 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\SLIP.sys -- (SLIP [On_Demand \| Stopped]) [2007/07/24 16:39:03 \| 00,682,232 \| ---- \| M] () -- E:\WINNT\system32\drivers\sptd.sys -- (sptd [Boot \| Running]) [2004/08/04 16:10:14 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\StreamIP.sys -- (streamip [On_Demand \| Stopped]) [2007/01/13 07:04:44 \| 00,201,856 \| ---- \| M] (Synaptics, Inc.) -- E:\WINNT\system32\drivers\SynTP.sys -- (SynTP [On_Demand \| Running]) [2007/04/16 07:23:40 \| 00,030,208 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\usbehci.sys -- (usbehci [On_Demand \| Running]) [2006/11/04 23:45:48 \| 00,178,913 \| ---- \| M] (Creative Technology Ltd.) -- E:\WINNT\system32\drivers\V0260Vid.sys -- (V0260VID [On_Demand \| Stopped]) [2007/04/16 07:31:18 \| 00,008,832 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\wmiacpi.sys -- (WmiAcpi [System \| Running]) [2004/08/04 16:10:22 \| 00,019,328 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\WSTCODEC.SYS -- (WSTCODEC [On_Demand \| Stopped]) [2006/09/16 05:29:52 \| 00,076,544 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\WudfPf.sys -- (WudfPf [Boot \| Running]) [2006/09/16 05:30:10 \| 00,082,688 \| ---- \| M] (Microsoft Corporation) -- E:\WINNT\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand \| Stopped]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINNT\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;.local O1 HOSTS File: (23 bytes) - E:\WINNT\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key does not exist or could not be opened. File not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5AB40F46-6E8D-497E-8182-85B11D6D0B79} - E:\WINNT\system32\iifdcccY.dll File not found O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar: (no name) - {2462D2D8-B36E-44AB-84BF-C5A9383D2429} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - Reg Error: Key does not exist or could not be opened. File not found O4 - HKLM..\Run: [+,-./0123456789:;<=>?exe] !"#$%&'()+,-./0123456789:;<=>?exe File not found O4 - HKLM..\Run: [3456789:;<=>?@ABCDEFexe] ()+,-./0123456789:;<=>?@ABCDEFexe File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Cpqset] E:\Program Files\HPQ\Default Settings\cpqset.exe () O4 - HKLM..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd) O4 - HKLM..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google) O4 - HKLM..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation) O4 - HKLM..\Run: [hpWirelessAssistant] E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [igfxhkcmd] E:\WINNT\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] E:\WINNT\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] E:\WINNT\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) O4 - HKLM..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SoundMAX] E:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation) O4 - HKLM..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKCU..\Run: [+,-./0123456789:;<=>?exe] !"#$%&'()+,-./0123456789:;<=>?exe File not found O4 - HKCU..\Run: [3456789:;<=>?@ABCDEFexe] ()+,-./0123456789:;<=>?@ABCDEFexe File not found O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" File not found O4 - HKCU..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.) O4 - HKCU..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray () O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.) O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = E:\Program Files\Launchy\Launchy.exe (Code Jelly) O4 - Startup: E:\Documents and Settings\Dylan Pereira .DYLAN\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = E:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} E:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab (Windows Live Safety Center Base Module) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {96EEC7FF-106A-47F3-90D6-B4BB754AA40E} https://autxn.paywithpoli.com/ewcustomer/POLiPayOnline.cab (POLi Pay Online) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: DirectAnimation Java Classes file://E:\WINNT\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: Microsoft XML Parser for Java file:///E:/WINNT/Java/classes/xmldso.cab (Reg Error: Key does not exist or could not be opened.) O18 - Protocol\Handler: - grooveLocalGWS - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - livecall - E:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - ms-help - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler: - ms-itss - E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msnim - E:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap11 - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler: - skype4com - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler: - vnd.ms.radio - E:\WINNT\system32\msdxm.ocx () O18 - Protocol\Filter: - text/xml - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}E:\WINNT\system32\wpdshserviceobj.dll (Microsoft Corporation) ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] !SASWinLogon: "DllName" = E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) igfxcui: "DllName" = igfxdev.dll -- E:\WINNT\system32\igfxdev.dll (Intel Corporation) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) "{6B2585FF-02FA-413C-906F-9672F4DF821A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ========== LSA Authentication Packages* ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages" = msv1_0,E:\WINNT\system32\iifdcccY, >File not found -- ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 0 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2001/07/27 20:07:00 \| 00,000,000 \| -H-- \| M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ] Autorun.inf [[AUTORUN] \| ShellExecute=Info.exe protect.ed 480 480 \| ] [2004/04/30 12:01:00 \| 00,000,053 \| -HS- \| M] () -- C:\Autorun.inf -- [ FAT32 ] autorun.inf [[AutoRun] \| open=LaunchU3.exe -a \| icon=LaunchU3.exe,0 \| \| [Definitions] \| Launchpad=LaunchPad.exe \| Vtype=2 \| \| [CopyFiles] \| FileNumber=1 \| File1=LaunchPad.zip \| \| [Update] \| URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.3&brand=cruzer \| \| \| [Comment] \| brand=cruzer \| ] [2006/12/12 06:03:59 \| 00,000,277 \| R--- \| M] () -- J:\autorun.inf -- [ CDFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00b73691-3956-11dc-b74c-806d6172696f}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00b73691-3956-11dc-b74c-806d6172696f}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20beea79-2d65-11dd-8475-0018de474a5d}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20beea79-2d65-11dd-8475-0018de474a5d}\Shell\Auto\command] "" = Automatic.sos [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20beea79-2d65-11dd-8475-0018de474a5d}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a43888e-22fb-11dd-8474-0018de474a5d}\Shell\Auto\command] "" = Start.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a43888e-22fb-11dd-8474-0018de474a5d}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36530454-1056-11dd-846e-0018de474a5d}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36530454-1056-11dd-846e-0018de474a5d}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36530454-1056-11dd-846e-0018de474a5d}\Shell\Open\command] "" = G:\MntDrCore.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{768940fb-9ff6-11dc-844c-00170839dce0}\Shell\AutoRun\command] "" = autorun.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{836fcb24-618e-11dd-848f-00170839dce0}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{836fcb24-618e-11dd-848f-00170839dce0}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{836fcb24-618e-11dd-848f-00170839dce0}\Shell\Open\command] "" = G:\MntDrCore.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{870766b2-93ff-11dc-8445-00170839dce0}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{870766b2-93ff-11dc-8445-00170839dce0}\Shell\1\Command] "" = G:\.\readme.txt.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{870766b2-93ff-11dc-8445-00170839dce0}\Shell\2\Command] "" = G:\.\readme.txt.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{870766b2-93ff-11dc-8445-00170839dce0}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f26d3e9-8011-11dd-849b-00170839dce0}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f26d3e9-8011-11dd-849b-00170839dce0}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f26d3e9-8011-11dd-849b-00170839dce0}\Shell\Open\command] "" = H:\MntDrCore.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{badfe8d4-2fdc-11dd-8476-0018de474a5d}\Shell\Auto\command] "" = Start.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{badfe8d4-2fdc-11dd-8476-0018de474a5d}\Shell\AutoRun] "" = Auto&Play ========== Files/Folders - Created Within 30 Days ========== [1 E:\WINNT\System32\.tmp files] [2008/10/01 23:55:06 \| 10,647,51104 \| -HS- \| C] () -- E:\hiberfil.sys [2008/09/30 00:03:38 \| 00,352,517 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\04571014.pdf [2008/09/29 22:46:51 \| 00,012,800 \| -HS- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Thumbs.db @Alternate Data Stream - 0 bytes -> E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Thumbs.db:encryptable [2008/09/29 22:10:38 \| 01,169,408 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\3G_Dylan.ppt [2008/09/29 20:02:07 \| 00,000,000 \| ---D \| C] -- E:\fixwareout [2008/09/29 19:45:06 \| 00,486,449 \| ---- \| C] ( ) -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Fixwareout.exe [2008/09/29 07:04:34 \| 15,083,520 \| ---- \| C] (Safer Networking Limited ) -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\spybotsd160.exe [2008/09/29 06:44:28 \| 00,001,602 \| ---- \| C] () -- E:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2008/09/29 05:58:39 \| 00,061,763 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\My Documents\foxybookmarks.html [2008/09/29 05:47:53 \| 07,508,608 \| ---- \| C] (Mozilla) -- E:\Documents and Settings\Dylan Pereira .DYLAN\My Documents\Firefox Setup 3.0.3.exe [2008/09/29 02:24:02 \| 00,771,744 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\My Documents\email good.docx [2008/09/25 02:45:50 \| 00,042,462 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\00767139.pdf [2008/09/24 21:36:10 \| 00,031,232 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Lab4DSP code.doc [2008/09/24 17:10:20 \| 00,003,704 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\smi.cgi [2008/09/24 05:19:55 \| 00,001,800 \| ---- \| C] () -- E:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/09/24 05:19:22 \| 00,000,000 \| ---D \| C] -- E:\Program Files\iPod [2008/09/24 05:19:18 \| 00,000,000 \| ---D \| C] -- E:\Program Files\iTunes [2008/09/24 05:19:18 \| 00,000,000 \| ---D \| C] -- E:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2008/09/24 05:17:59 \| 00,000,000 \| ---D \| C] -- E:\Program Files\Bonjour [2008/09/24 05:16:38 \| 00,000,000 \| ---D \| C] -- E:\Program Files\QuickTime [2008/09/23 18:06:20 \| 00,000,000 \| ---D \| C] -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\FileConnection_DEMO [2008/09/22 03:38:30 \| 01,286,885 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\MIDP_2_0_Tutorial_On_Signed_MIDlets_.pdf [2008/09/21 22:54:17 \| 00,569,461 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Introduction_To_The_FileConnection_API_v1_1_en.pdf [2008/09/21 22:51:10 \| 00,000,000 \| ---D \| C] -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Introduction_To_The_FileConnection_API_v1_1 [2008/09/19 02:44:00 \| 00,004,113 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\dataecg.xml [2008/09/19 02:44:00 \| 00,003,317 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\schemaecg.xml [2008/09/18 16:39:30 \| 00,000,000 \| ---D \| C] -- E:\WINNT\System32\CatRoot_bak [2008/09/18 04:01:44 \| 00,043,858 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\kxml2-2.3.0.jar [2008/09/18 02:59:18 \| 00,002,050 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\wi-xmlj2me.zip [2008/09/17 01:46:17 \| 00,136,675 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\kxml_parsing.pdf [2008/09/14 19:41:16 \| 00,000,000 \| ---D \| C] -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\party [2008/09/12 16:46:18 \| 00,111,284 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\CoverSheet.pdf [2008/09/11 02:57:13 \| 00,000,008 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Application Data\NMM-MetaData.db [2008/09/11 02:51:58 \| 00,000,000 \| -H-D \| C] -- E:\WINNT\PIF [2008/09/07 22:13:31 \| 00,036,864 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Summary Guide.doc [2008/09/05 23:48:46 \| 00,067,752 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/09/04 19:42:52 \| 00,238,285 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\dylan.pdf [2008/09/04 15:56:39 \| 01,202,427 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\LMX9838.pdf [2008/09/02 23:14:20 \| 00,001,725 \| ---- \| C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2008/09/02 05:15:57 \| 00,558,412 \| ---- \| C] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\BluetoothDefined.pdf ========== Files - Modified Within 30 Days ========== [1 E:\WINNT\System32\.tmp files] [2008/10/01 23:56:33 \| 00,000,006 \| -H-- \| M] () -- E:\WINNT\tasks\SA.DAT [2008/10/01 23:56:29 \| 00,002,048 \| --S- \| M] () -- E:\WINNT\bootstat.dat [2008/10/01 23:56:27 \| 10,647,51104 \| -HS- \| M] () -- E:\hiberfil.sys [2008/10/01 23:55:10 \| 00,002,206 \| ---- \| M] () -- E:\WINNT\System32\wpa.dbl [2008/10/01 23:55:04 \| 10,647,87968 \| ---- \| M] () -- E:\WINNT\MEMORY.DMP [2008/09/30 00:38:54 \| 01,169,408 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\3G_Dylan.ppt [2008/09/30 00:03:38 \| 00,352,517 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\04571014.pdf [2008/09/29 22:46:54 \| 00,012,800 \| -HS- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Thumbs.db @Alternate Data Stream - 0 bytes -> E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Thumbs.db:encryptable [2008/09/29 18:19:06 \| 00,486,449 \| ---- \| M] ( ) -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Fixwareout.exe [2008/09/29 07:08:10 \| 15,083,520 \| ---- \| M] (Safer Networking Limited ) -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\spybotsd160.exe [2008/09/29 06:44:28 \| 00,001,602 \| ---- \| M] () -- E:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2008/09/29 05:58:39 \| 00,061,763 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\My Documents\foxybookmarks.html [2008/09/29 05:51:30 \| 07,508,608 \| ---- \| M] (Mozilla) -- E:\Documents and Settings\Dylan Pereira .DYLAN\My Documents\Firefox Setup 3.0.3.exe [2008/09/29 02:36:56 \| 00,771,744 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\My Documents\email good.docx [2008/09/28 19:01:20 \| 00,003,101 \| ---- \| M] () -- E:\WINNT\PSPICEEV.INI [2008/09/27 00:45:05 \| 00,000,586 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\My Documents\My Sharing Folders.lnk [2008/09/25 02:46:03 \| 00,042,462 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\00767139.pdf [2008/09/24 21:36:11 \| 00,031,232 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Lab4DSP code.doc [2008/09/24 17:10:15 \| 00,003,704 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\smi.cgi [2008/09/24 05:19:55 \| 00,001,800 \| ---- \| M] () -- E:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/09/22 03:38:41 \| 01,286,885 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\MIDP_2_0_Tutorial_On_Signed_MIDlets_.pdf [2008/09/19 17:29:57 \| 00,073,728 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/19 02:44:00 \| 00,004,113 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\dataecg.xml [2008/09/19 02:44:00 \| 00,003,317 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\schemaecg.xml [2008/09/18 04:01:35 \| 00,043,858 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\kxml2-2.3.0.jar [2008/09/18 02:59:11 \| 00,002,050 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\wi-xmlj2me.zip [2008/09/17 01:46:17 \| 00,136,675 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\kxml_parsing.pdf [2008/09/13 09:41:03 \| 00,000,284 \| ---- \| M] () -- E:\WINNT\tasks\AppleSoftwareUpdate.job [2008/09/12 16:46:19 \| 00,111,284 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\CoverSheet.pdf [2008/09/11 03:01:22 \| 00,001,374 \| ---- \| M] () -- E:\WINNT\imsins.BAK [2008/09/11 02:57:13 \| 00,000,008 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Application Data\NMM-MetaData.db [2008/09/07 23:31:55 \| 00,036,864 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\Summary Guide.doc [2008/09/07 03:08:22 \| 00,000,487 \| ---- \| M] () -- E:\WINNT\win.ini [2008/09/05 23:48:46 \| 00,067,752 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/09/04 20:05:53 \| 00,238,285 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\dylan.pdf [2008/09/04 15:56:39 \| 01,202,427 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\LMX9838.pdf [2008/09/04 04:29:25 \| 00,558,412 \| ---- \| M] () -- E:\Documents and Settings\Dylan Pereira .DYLAN\Desktop\BluetoothDefined.pdf [2008/09/02 23:14:20 \| 00,001,725 \| ---- \| M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk < End of report >

icekin2