IE and Firefox and tools like copy and .exe don't run [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

7 Pages

« < 5 6 7

IE and Firefox and tools like copy and .exe don't run [Solved], Registry is probably hosed...

Options

horizonatdawn View Member Profile	Nov 10 2009, 03:44 PM Post #91
Geek in Training Posts: 55 OS: xp	Hi again, Here's the query log... These Windows services are started: Apple Mobile Device ARSVC Automatic Updates Avira AntiVir Guard Avira AntiVir Scheduler Background Intelligent Transfer Service Blueprint Remote Service Control Bonjour Service Canon Inkjet Printer/Scanner/Fax Extended Survey Program CarboniteService COM+ Event System COM+ System Application Computer Browser CryptSvc DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client Error Reporting Service Event Log Fast User Switching Compatibility FTP Publishing GoToMyPC Help and Support HID Input Service IIS Admin Intel® Matrix Storage Event Monitor Intelr Quick Resume Technology Drivers IPSEC Services Java Quick Starter Logical Disk Manager Media Center Receiver Service Media Center Scheduler Service Network Connections Network Location Awareness (NLA) Norton Ghost NVIDIA Display Driver Service Plug and Play Portrait Displays Display Tune Service Print Spooler PrismXL Protected Storage Remote Access Connection Manager Remote Procedure Call (RPC) Remote Registry Secondary Logon Security Accounts Manager Security Center Server Shell Hardware Detection Simple Mail Transfer Protocol (SMTP) Simple TCP/IP Services SQL Server VSS Writer Symantec SymSnap VSS Provider SymSnapService System Event Notification System Restore Service Task Scheduler Telephony Terminal Services Themes TZO Client Volume Shadow Copy Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Image Acquisition (WIA) Windows Management Instrumentation Windows Search Windows Time Wireless Zero Configuration Workstation World Wide Web Publishing The command completed successfully. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\OLE] REGEDIT4 [HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa] REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00 "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 "EnableDCOM"="Y" "LegacyAuthenticationLevel"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" REGEDIT4 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 "LsaPid"=dword:0000034c "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000000 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 "enabledcom"="y" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:ba,76,ad,af,be,31,ad,4b,2a,f5,f3,98,e1,8e,c5,c8,37,31,66,30,62,\ 33,63,66,00,00,00,00,f1,87,00,00,18,ca,06,00,99,d0,bf,71,04,ca,06,00,10,00,\ 00,00,00,00,00,00,f5,8c,9c,e1,16,74,f0,5f,ee,d4,93,71 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:41,35,7d,e5,cf,58,ed,8f,3d [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:61,62,5c,e3,bc,e5 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0] "Auth132"="iissuba" "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:c1,c0,00,b2,f6,2f,f2,43,8d,4e,c8,0a,b7,cc,81,a3 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:86,75,7d,27,f1,3e,c9,01 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:00,54,cf,23,c4,9d,c8,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,db,62,27,c4,9d,c8,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,08,94,28,c4,9d,c8,01 "Type"=dword:00000031

JSntgRvr View Member Profile	Nov 10 2009, 06:39 PM Post #92
Global Moderator Posts: 6,836 From: Puerto Rico OS: Windows XP, VISTA Home Premium	Hi, horizonatdawn All services are now running. Most likely the problem was due to Zone Alarm. Some people have problems with this application. I do not recommend you reinstall it back. I am reviewing the entire topic to determine if further changes are needed. Meanwhile, besides Avira AntiVir, what type of other security is in the computer (Antivirus, AntiSpyware....etc.)? Are there other problems in the computer you want us to check?

horizonatdawn View Member Profile	Nov 10 2009, 07:24 PM Post #93
Geek in Training Posts: 55 OS: xp	I only had Zone Alarm and Avira on board. I turned on Windows Firewall when I got rid of Zone Alarm. Thanks for checking the whole thread. Rich --------

JSntgRvr View Member Profile	Nov 10 2009, 07:57 PM Post #94
Global Moderator Posts: 6,836 From: Puerto Rico OS: Windows XP, VISTA Home Premium	The following is a list of free tools and utilities that I like to suggest to people. Spybot Search & Destroy - A useful tool which can search and annhilate bad files that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware - Another very powerful tool which searches and kills bad files that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. SpywareBlaster - Great prevention tool to keep bad files from installing on your system. ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. ATF! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those bad files that like to reside in the temp folders. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask. How is the computer doing?

horizonatdawn View Member Profile	Nov 11 2009, 04:29 AM Post #95
Geek in Training Posts: 55 OS: xp	Thanks again! The machine's doing fine. It's a little slow but I've got 91 processes running. I bet they decrease when I add your suggestions above, don't you think? Thanks, Rich -------

horizonatdawn View Member Profile	Nov 11 2009, 07:09 AM Post #96
Geek in Training Posts: 55 OS: xp	One more question. Are these threads archived for future reference? What a great tool! Thanks again, Rich -------

JSntgRvr View Member Profile	Nov 11 2009, 08:45 AM Post #97
Global Moderator Posts: 6,836 From: Puerto Rico OS: Windows XP, VISTA Home Premium	The more programs installed, the more memory (Work space) is used. Let me take a look at those already running: Download OTL.exe to your Desktop. Close any open browsers. Double-click on OTL.exe to start the program. Leave all settings as they appear as default. Now click the Run Scan button on the toolbar. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Save that notepad file Post the contents of that Notepad document in your next reply.

horizonatdawn View Member Profile	Nov 12 2009, 11:12 AM Post #98
Geek in Training Posts: 55 OS: xp	Hi again, Here are the results of OTL.txt: OTL logfile created on: 11/12/2009 4:59:31 AM - Run 3 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Rich User\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 2.00 Gb Available Physical Memory \| 100.00% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4986 4986 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 461.19 Gb Total Space \| 327.27 Gb Free Space \| 70.96% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: \| 1.21 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive Y: \| 149.05 Gb Total Space \| 133.56 Gb Free Space \| 89.61% Space Free \| Partition Type: NTFS Computer Name: RICH Current User Name: Rich User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/12 04:58:54 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Rich User\Desktop\OTL.exe PRC - [2009/11/04 08:58:55 \| 00,030,192 \| ---- \| M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2009/10/14 10:22:14 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/09/27 17:19:46 \| 00,172,100 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009/09/24 03:17:39 \| 00,778,072 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/09/24 03:17:32 \| 01,169,232 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/09/05 00:54:42 \| 00,417,792 \| ---- \| M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe PRC - [2009/07/21 13:34:33 \| 00,185,089 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/07/09 15:34:33 \| 02,836,376 \| ---- \| M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe PRC - [2009/07/09 11:22:18 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/13 15:48:22 \| 00,108,289 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/05 16:07:20 \| 02,260,480 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/03/02 12:08:47 \| 00,209,153 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009/02/06 02:10:02 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009/02/04 12:27:34 \| 23,975,720 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009/02/04 12:27:34 \| 00,077,360 \| R--- \| M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009/01/09 15:13:28 \| 01,951,376 \| R--- \| M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe PRC - [2009/01/09 15:13:26 \| 00,669,840 \| R--- \| M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe PRC - [2009/01/07 11:47:02 \| 00,440,208 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe PRC - [2009/01/07 11:46:56 \| 01,468,296 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe PRC - [2008/12/12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/24 21:31:12 \| 00,087,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/10/09 06:07:56 \| 00,107,912 \| ---- \| M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2008/10/02 08:23:16 \| 00,546,288 \| ---- \| M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2008/06/11 09:01:00 \| 00,068,856 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/05/07 16:13:00 \| 04,314,464 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe PRC - [2008/05/07 16:13:00 \| 02,245,984 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe PRC - [2008/05/07 11:30:48 \| 01,558,000 \| ---- \| M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe PRC - [2008/04/13 16:12:22 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 16:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/17 17:06:00 \| 01,848,648 \| ---- \| M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007/10/18 11:34:02 \| 05,724,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe PRC - [2007/08/24 06:00:48 \| 00,033,648 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007/06/20 10:09:16 \| 00,905,512 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe PRC - [2007/06/20 10:09:14 \| 00,258,856 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe PRC - [2007/06/20 10:09:12 \| 00,251,176 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe PRC - [2007/06/20 10:09:06 \| 00,592,680 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe PRC - [2006/10/09 15:16:56 \| 00,237,568 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe PRC - [2006/06/26 15:13:40 \| 01,207,080 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006/06/26 15:13:24 \| 00,187,176 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2006/04/13 11:29:14 \| 00,270,848 \| ---- \| M] (Portrait Displays, Inc) -- C:\Program Files\Gateway\EzTune\dthtml.exe PRC - [2006/04/13 11:27:40 \| 00,061,440 \| ---- \| M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe PRC - [2006/04/12 00:32:57 \| 00,196,608 \| ---- \| M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS PRC - [2005/12/09 17:44:40 \| 00,139,264 \| ---- \| M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe PRC - [2005/12/07 16:59:42 \| 00,694,008 \| ---- \| M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe PRC - [2005/12/07 16:59:40 \| 00,800,504 \| ---- \| M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe PRC - [2005/11/08 20:25:46 \| 00,716,800 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE PRC - [2005/10/29 19:31:06 \| 00,018,944 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE PRC - [2005/10/29 19:31:06 \| 00,016,384 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE PRC - [2005/10/12 15:16:06 \| 00,172,032 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe PRC - [2005/10/12 11:30:42 \| 00,139,264 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2005/10/12 11:30:24 \| 00,086,140 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2005/08/24 06:51:18 \| 00,442,455 \| ---- \| M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe PRC - [2005/08/05 20:56:34 \| 00,064,512 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2005/08/05 20:56:32 \| 00,102,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe PRC - [2005/08/05 20:56:28 \| 00,046,592 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe PRC - [2005/08/02 15:19:16 \| 00,077,312 \| ---- \| M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe PRC - [2005/08/02 15:19:16 \| 00,058,880 \| ---- \| M] (Microsoft) -- C:\WINDOWS\arservice.exe PRC - [2005/07/19 16:32:18 \| 00,221,184 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE PRC - [2005/06/16 23:02:01 \| 00,159,744 \| ---- \| M] () -- C:\Program Files\TZO\TZO_NT_Service.exe PRC - [2005/06/08 14:14:44 \| 00,217,088 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe PRC - [2005/06/08 13:44:56 \| 00,192,512 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe PRC - [2005/06/06 22:46:24 \| 00,057,344 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe PRC - [2005/02/16 23:11:42 \| 00,049,152 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2004/09/01 01:06:18 \| 00,147,456 \| ---- \| M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2004/08/10 11:00:00 \| 00,019,456 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe PRC - [2004/08/10 11:00:00 \| 00,016,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2004/03/19 13:17:00 \| 00,078,960 \| ---- \| M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe PRC - [2004/03/02 19:24:50 \| 05,576,704 \| ---- \| M] (Chicony) -- C:\WINDOWS\CNYHKey.exe PRC - [2003/08/11 00:07:34 \| 00,188,416 \| ---- \| M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe PRC - [2003/06/26 17:50:24 \| 00,212,992 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe PRC - [2003/03/25 14:39:34 \| 00,053,248 \| ---- \| M] ( ) -- c:\Program Files\Blueprint\Remote Service Control\rsc.exe PRC - [2002/08/18 01:17:20 \| 00,036,864 \| ---- \| M] (GIANT Company Software, Inc.) -- C:\Program Files\iHateSpam Outlook Express\iHateSpam Outlook Express Edition\piiserviceOE.exe ========== Modules (SafeList) ========== MOD - [2009/11/12 04:58:54 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Rich User\Desktop\OTL.exe MOD - [2008/04/13 16:12:51 \| 01,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 16:11:53 \| 00,185,344 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2005/12/07 16:58:20 \| 00,237,568 \| ---- \| M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll MOD - [2005/10/29 19:31:04 \| 00,007,168 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL MOD - [2005/06/03 08:23:28 \| 00,122,880 \| ---- \| M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll ========== Win32 Services (SafeList) ========== SRV - [2009/11/04 08:58:55 \| 00,030,192 \| ---- \| M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223) SRV - [2009/10/14 10:22:14 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/09/27 17:19:46 \| 00,172,100 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2009/09/24 03:17:32 \| 01,169,232 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/07/21 13:34:33 \| 00,185,089 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/07/09 11:22:18 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/27 02:27:04 \| 29,262,680 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2009/05/13 15:48:22 \| 00,108,289 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/03/24 07:01:30 \| 00,183,280 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/02/02 17:07:00 \| 00,133,104 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9859bc7263f8c) SRV - [2009/01/22 00:45:06 \| 00,078,848 \| ---- \| M] () -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2009/01/09 15:13:28 \| 01,951,376 \| R--- \| M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService) SRV - [2008/12/12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/24 21:31:12 \| 00,087,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 21:31:08 \| 00,239,968 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 21:31:08 \| 00,045,408 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/11/22 00:25:46 \| 00,094,208 \| ---- \| M] (Sony Corporation) -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV) SRV - [2008/11/13 12:17:38 \| 00,439,616 \| ---- \| M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2008/10/09 06:07:56 \| 00,107,912 \| ---- \| M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008/07/29 20:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 18:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 18:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 10:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 10:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/05/07 16:13:00 \| 04,314,464 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2008/05/07 11:30:48 \| 01,558,000 \| ---- \| M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService) SRV - [2008/04/13 16:12:22 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 16:12:22 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SRV - [2008/04/13 16:12:22 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2008/04/13 16:12:22 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2008/04/13 16:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2007/10/25 15:27:54 \| 00,266,240 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007/10/18 11:31:54 \| 00,098,328 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007/09/12 17:27:24 \| 02,999,664 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/08/24 05:59:20 \| 00,068,464 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007/08/24 02:19:12 \| 00,443,776 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007/07/23 10:49:10 \| 00,072,704 \| ---- \| M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2007/06/20 10:09:14 \| 00,258,856 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC) SRV - [2006/10/26 13:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/18 19:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/09 15:16:56 \| 00,237,568 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2006/05/01 13:38:46 \| 00,106,496 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32) SRV - [2006/04/13 11:27:40 \| 00,061,440 \| ---- \| M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe -- (DTSRVC) SRV - [2006/04/12 00:32:57 \| 00,196,608 \| ---- \| M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL) SRV - [2005/10/12 15:16:06 \| 00,172,032 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService) SRV - [2005/10/12 11:30:24 \| 00,086,140 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) SRV - [2005/09/30 18:22:50 \| 00,096,341 \| ---- \| M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2005/08/05 20:56:32 \| 00,102,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched) SRV - [2005/08/05 20:27:08 \| 00,099,328 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc) SRV - [2005/08/02 15:19:16 \| 00,058,880 \| ---- \| M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC) SRV - [2005/06/16 23:02:01 \| 00,159,744 \| ---- \| M] () -- C:\Program Files\TZO\TZO_NT_Service.exe -- (TZONTService) SRV - [2004/08/10 11:00:00 \| 00,019,456 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp) SRV - [2004/04/07 11:07:32 \| 01,135,728 \| ---- \| M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2004/04/06 11:04:38 \| 00,053,248 \| ---- \| M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc) SRV - [2003/08/11 00:07:38 \| 00,065,795 \| ---- \| M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12) SRV - [2003/03/25 14:39:34 \| 00,053,248 \| ---- \| M] ( ) -- c:\Program Files\Blueprint\Remote Service Control\rsc.exe -- (rsc) ========== Driver Services (SafeList) ========== DRV - [2009/09/27 15:12:22 \| 07,655,872 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009/09/23 04:55:23 \| 00,064,288 \| ---- \| M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/08/28 18:42:52 \| 00,040,448 \| ---- \| M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009/07/28 15:33:56 \| 00,055,656 \| ---- \| M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/20 10:41:23 \| 00,027,136 \| ---- \| M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) DRV - [2009/05/18 13:17:00 \| 00,026,600 \| ---- \| M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/05/11 09:12:24 \| 00,028,520 \| ---- \| M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 09:33:07 \| 00,096,104 \| ---- \| M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 11:35:05 \| 00,011,608 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/12/19 16:08:28 \| 00,027,784 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32) DRV - [2008/06/16 02:00:00 \| 00,044,944 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008/05/07 11:30:54 \| 00,137,952 \| ---- \| M] (StorageCraft) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap) DRV - [2008/04/13 10:56:49 \| 00,012,800 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx) DRV - [2008/04/13 10:46:22 \| 00,015,232 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/04/13 10:46:20 \| 00,048,128 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883) DRV - [2008/04/13 10:46:20 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc) DRV - [2008/04/13 10:46:09 \| 00,051,200 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV) DRV - [2008/04/13 10:45:34 \| 00,046,592 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus) DRV - [2008/04/13 10:45:12 \| 00,060,032 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) DRV - [2008/04/13 10:36:39 \| 00,043,008 \| ---- \| M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 10:36:39 \| 00,040,960 \| ---- \| M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/01/19 19:12:42 \| 00,128,104 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008/01/19 18:45:40 \| 00,038,112 \| ---- \| M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount) DRV - [2008/01/19 18:40:16 \| 00,015,088 \| ---- \| M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VPROEVENTMONITOR) DRV - [2007/11/13 02:25:53 \| 00,020,480 \| ---- \| M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/03/08 16:18:00 \| 00,008,320 \| ---- \| M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb) DRV - [2006/09/22 13:06:10 \| 00,092,160 \| ---- \| M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2006/08/28 20:48:26 \| 00,002,560 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2006/08/28 20:48:26 \| 00,002,432 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2006/04/13 11:30:02 \| 00,011,776 \| ---- \| M] (Portrait Displays, Inc.) -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci) DRV - [2006/04/12 00:30:26 \| 00,008,552 \| ---- \| M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005/12/07 16:59:30 \| 00,017,465 \| ---- \| M] (Portrait Displays, Inc.) -- C:\WINDOWS\system32\drivers\pivot.sys -- (pivot) DRV - [2005/12/07 16:59:28 \| 00,011,323 \| ---- \| M] (Portrait Displays, Inc.) -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou) DRV - [2005/11/21 12:42:08 \| 00,011,008 \| ---- \| M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST) DRV - [2005/11/02 15:47:26 \| 00,010,368 \| R--- \| M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2005/10/29 19:16:24 \| 00,007,168 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2005/10/29 19:16:22 \| 00,439,680 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) DRV - [2005/10/29 19:16:10 \| 01,095,680 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k) DRV - [2005/10/29 19:15:46 \| 00,114,688 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005/10/29 19:15:38 \| 00,143,360 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2005/10/29 19:15:36 \| 00,077,824 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2005/10/29 19:15:32 \| 00,502,272 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2005/10/12 15:15:50 \| 00,007,552 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi) DRV - [2005/10/12 15:15:48 \| 00,007,040 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon) DRV - [2005/10/12 15:15:24 \| 00,006,912 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd) DRV - [2005/10/12 15:15:22 \| 00,006,400 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou) DRV - [2005/10/12 15:15:20 \| 00,006,400 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid) DRV - [2005/10/12 11:07:12 \| 00,874,240 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor) DRV - [2005/10/10 13:09:38 \| 00,007,552 \| ---- \| M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho) DRV - [2005/09/14 18:24:08 \| 00,179,200 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) DRV - [2005/07/13 17:18:48 \| 00,340,704 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2005/06/14 17:13:14 \| 00,104,576 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh) DRV - [2005/05/27 08:31:28 \| 00,022,016 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005/03/04 12:06:00 \| 00,135,296 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavxx.sys -- (ATIAVPCI) DRV - [2004/10/08 10:59:12 \| 00,326,656 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) DRV - [2004/10/07 17:16:04 \| 00,035,840 \| ---- \| M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/10 11:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/05/05 20:48:40 \| 00,004,228 \| ---- \| M] (PowerQuest Corporation) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2004/03/18 01:52:00 \| 00,051,088 \| R--- \| M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2004/03/18 01:52:00 \| 00,016,496 \| R--- \| M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2004/03/18 01:51:00 \| 00,021,744 \| R--- \| M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2003/11/17 17:06:48 \| 00,011,165 \| ---- \| M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy) DRV - [2003/04/21 12:00:32 \| 00,013,898 \| ---- \| M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa) DRV - [2003/02/06 11:46:48 \| 00,018,304 \| R--- \| M] (SONICblue Inc.) -- C:\WINDOWS\system32\drivers\RIOXDRV.sys -- (RIOXDRV) DRV - [2003/01/10 15:13:04 \| 00,033,588 \| ---- \| M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) DRV - [2001/08/17 21:07:44 \| 00,019,072 \| ---- \| M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 21:07:42 \| 00,030,688 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 21:07:40 \| 00,028,384 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 21:07:36 \| 00,032,640 \| ---- \| M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 21:07:34 \| 00,016,256 \| ---- \| M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 20:52:22 \| 00,036,736 \| ---- \| M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 20:52:20 \| 00,045,312 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 20:52:20 \| 00,040,320 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 20:52:18 \| 00,049,024 \| ---- \| M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 20:52:16 \| 00,179,584 \| ---- \| M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 20:52:12 \| 00,017,280 \| ---- \| M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 20:52:00 \| 00,026,496 \| ---- \| M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 20:51:58 \| 00,014,848 \| ---- \| M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 20:51:56 \| 00,005,248 \| ---- \| M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 20:51:54 \| 00,006,656 \| ---- \| M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 12:53:32 \| 00,006,784 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam) DRV - [2001/08/17 12:49:32 \| 00,019,968 \| ---- \| M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/\|http://dsl.sbc.yahoo.com/" FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VE3D01&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 08:25:16 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/14 10:22:15 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 04:01:12 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 04:01:12 \| 00,000,000 \| ---D \| M] [2008/09/22 08:28:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Extensions [2008/09/22 08:28:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/12 04:22:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Firefox\Profiles\yljm5b10.default\extensions [2009/09/15 17:33:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Firefox\Profiles\yljm5b10.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/12 04:22:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Firefox\Profiles\yljm5b10.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/31 12:01:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Firefox\Profiles\yljm5b10.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2) [2009/03/28 15:01:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Firefox\Profiles\yljm5b10.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008/10/25 08:51:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Firefox\Profiles\yljm5b10.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/09/19 14:27:39 \| 00,002,172 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Application Data\Mozilla\Firefox\Profiles\yljm5b10.default\searchplugins\bing.xml [2009/11/12 04:15:30 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/07 04:01:12 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/16 16:15:56 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008/10/24 12:37:13 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/07/08 17:57:36 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/14 10:22:27 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/10/26 03:50:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com [2009/10/02 08:48:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\support@tenpdf.com [2009/11/07 04:01:07 \| 00,023,512 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/11/07 04:01:07 \| 00,137,176 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/11/04 08:59:07 \| 00,119,808 \| ---- \| M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll [2007/04/10 16:21:08 \| 00,163,256 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll [2006/09/03 13:12:48 \| 00,049,152 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2009/10/14 10:22:14 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2007/04/24 10:36:16 \| 01,452,416 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2009/11/07 04:01:08 \| 00,064,984 \| ---- \| M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/26 19:12:16 \| 00,016,192 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL [2008/10/14 21:33:30 \| 00,095,600 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/09/12 08:22:36 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/09/12 08:22:36 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/09/12 08:22:37 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/09/12 08:22:37 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/09/12 08:22:37 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/09/12 08:22:37 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/09/12 08:22:37 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2006/09/26 08:12:42 \| 00,319,488 \| ---- \| M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll [2008/08/28 05:11:19 \| 00,024,673 \| ---- \| M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll [2009/08/24 10:45:46 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/08/24 10:45:46 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/08/24 10:45:46 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/08/24 10:45:46 \| 00,002,344 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/08/24 10:45:46 \| 00,002,371 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/11/04 08:59:07 \| 00,002,020 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\googledesktop.xml [2009/08/24 10:45:46 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/08/24 10:45:46 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (348146 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 11962 more lines... O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll (planetscott.ca) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (IE DevToolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Ten PDF Creator Toolbar) - {C77F8051-03F7-432D-AE30-5B1D19927086} - C:\Program Files\PDFCreator\Toolbar\MaxPDFCreatorToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ten PDF Creator Toolbar) - {C77F8051-03F7-432D-AE30-5B1D19927086} - C:\Program Files\PDFCreator\Toolbar\MaxPDFCreatorToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft) O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe () O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe (Portrait Displays, Inc) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.) O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [PC Pitstop Diskmd3 Reminder] C:\Program Files\PCPitstop\DiskMD3\Reminder-Diskmd3.exe () O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.) O4 - HKLM..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe (PC Pitstop, LLC.) O4 - HKLM..\Run: [piiserviceOE] C:\Program Files\iHateSpam Outlook Express\iHateSpam Outlook Express Edition\piiserviceOE.exe (GIANT Company Software, Inc.) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe File not found O4 - HKLM..\Run: [UserFaultCheck] File not found O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O4 - Startup: C:\Documents and Settings\Rich User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll () O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Domains: rhapsody.com ([mp3] http in Trusted sites) O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://asp11.centra.com/SiteRoots/main/Ins...raUpdaterAx.cab (CentraUpdaterAxCtl Class) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class) O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class) O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-...indows-i586.cab (Java Plug-in 1.4.0) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/08 21:41:00 \| 00,000,050 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/04/10 16:10:18 \| 00,000,080 \| R--- \| M] () - L:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008/06/01 12:00:09 \| 00,000,000 \| ---- \| M] () - Y:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Launcher.exe -- [2007/04/20 02:34:56 \| 00,243,834 \| R--- \| M] () O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (/r) - File not found O34 - HKLM BootExecute: (\??\k:) - File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/12 04:58:51 \| 00,529,408 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Rich User\Desktop\OTL.exe [2009/11/12 04:17:54 \| 00,050,688 \| ---- \| C] (Atribune.org) -- C:\Documents and Settings\Rich User\Desktop\ATF-Cleaner.exe [2009/11/12 04:05:23 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\LastGood [2009/11/11 03:02:55 \| 00,064,288 \| ---- \| C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/11/11 03:02:40 \| 00,093,360 \| ---- \| C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2009/11/11 02:56:34 \| 00,000,000 \| -H-D \| C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/11/11 02:56:04 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Lavasoft [2009/11/11 02:56:03 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/11/11 02:50:09 \| 77,086,488 \| ---- \| C] (Lavasoft ) -- C:\Documents and Settings\Rich User\Desktop\Ad-AwareInstallation.exe [2009/11/11 02:43:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SpywareBlaster [2009/11/11 02:42:19 \| 03,012,768 \| ---- \| C] (Javacool Software LLC ) -- C:\Documents and Settings\Rich User\Desktop\spywareblastersetup42.exe [2009/11/04 08:56:13 \| 02,014,192 \| ---- \| C] (Google) -- C:\Documents and Settings\Rich User\Desktop\GoogleDesktopSetup.exe [2009/11/03 21:04:27 \| 16,409,960 \| ---- \| C] (Safer Networking Limited ) -- C:\Documents and Settings\Rich User\Desktop\spybotsd162.exe [2009/11/03 19:03:57 \| 00,812,344 \| ---- \| C] (Trend Micro Inc.) -- C:\Documents and Settings\Rich User\Desktop\HJTInstall.exe [2009/11/03 16:07:37 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy [2009/11/03 16:07:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/11/03 15:16:47 \| 16,883,056 \| ---- \| C] (Microsoft Corporation) -- C:\Documents and Settings\Rich User\Desktop\IE8-WindowsXP-x86-ENU.exe [2009/11/03 04:16:24 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rich User\Desktop\mbam-setup.exe [2009/10/31 16:05:53 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rich User\Application Data\DisplayTune [2009/10/27 18:23:46 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/27 18:23:43 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/27 18:23:43 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/27 18:23:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/26 09:06:20 \| 00,146,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\regedit.com [2009/10/24 14:26:28 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation [2009/10/24 14:26:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files\NVIDIA Corporation [2009/10/24 14:22:51 \| 86,453,576 \| ---- \| C] (NVIDIA Corporation ) -- C:\Documents and Settings\Rich User\Desktop\191.07_desktop_winxp_32bit_english_whql.exe [2009/10/24 14:05:14 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rich User\Desktop\Unused Shortcuts [2009/10/24 13:45:02 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor [2009/10/24 10:14:05 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\My Documents\Strength - Exercise - Gym etc [2009/10/21 13:44:52 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\SQLTools9_KB970892_ENU [2009/10/21 13:43:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\SQL9_KB970892_ENU [2009/10/21 10:19:06 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Rich User\Desktop\TFC.exe [2009/10/21 00:55:00 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\NtmsData [2009/10/20 18:10:45 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/20 18:10:45 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/20 18:10:45 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/20 18:10:45 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/20 18:09:41 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/20 13:05:30 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/10/18 08:26:20 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\My Documents\Marriage Problems [2009/10/18 04:37:50 \| 00,126,976 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll [2009/10/14 10:22:26 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/14 10:22:12 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Java [2009/10/14 09:55:58 \| 00,073,728 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2006/04/11 22:39:01 \| 00,033,792 \| ---- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll ========== Files - Modified Within 30 Days ========== [2009/11/12 04:58:54 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Rich User\Desktop\OTL.exe [2009/11/12 04:42:15 \| 11,010,048 \| ---- \| M] () -- C:\Documents and Settings\Rich User\ntuser.dat [2009/11/12 04:30:00 \| 00,000,886 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/11/12 04:30:00 \| 00,000,882 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/11/12 04:17:54 \| 00,050,688 \| ---- \| M] (Atribune.org) -- C:\Documents and Settings\Rich User\Desktop\ATF-Cleaner.exe [2009/11/12 04:11:15 \| 03,012,768 \| ---- \| M] (Javacool Software LLC ) -- C:\Documents and Settings\Rich User\Desktop\spywareblastersetup42.exe [2009/11/12 03:17:00 \| 00,000,296 \| ---- \| M] () -- C:\WINDOWS\tasks\System Restore.job [2009/11/12 01:55:00 \| 00,000,878 \| ---- \| M] () -- C:\WINDOWS\tasks\Incremental Backup.job [2009/11/11 04:21:35 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/11/11 04:20:26 \| 00,249,268 \| ---- \| M] () -- C:\WINDOWS\System32\NvApps.xml [2009/11/11 04:19:34 \| 00,001,170 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/11 04:19:04 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/11 04:19:00 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/11/11 04:17:40 \| 00,064,984 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx [2009/11/11 04:17:40 \| 00,054,680 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx [2009/11/11 04:17:40 \| 00,054,680 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx [2009/11/11 04:17:40 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/11/11 04:17:40 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2009/11/11 04:03:25 \| 02,111,690 \| -H-- \| M] () -- C:\Documents and Settings\Rich User\Local Settings\Application Data\IconCache.db [2009/11/11 03:04:21 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata16.sqm [2009/11/11 03:04:21 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt16.sqm [2009/11/11 03:02:40 \| 00,093,360 \| ---- \| M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2009/11/11 02:56:32 \| 00,000,925 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/11/11 02:53:07 \| 77,086,488 \| ---- \| M] (Lavasoft ) -- C:\Documents and Settings\Rich User\Desktop\Ad-AwareInstallation.exe [2009/11/11 02:43:16 \| 00,000,748 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\SpywareBlaster.lnk [2009/11/10 13:42:25 \| 00,000,584 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\query.bat [2009/11/10 13:37:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/09 03:19:17 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata15.sqm [2009/11/09 03:19:17 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt15.sqm [2009/11/09 03:14:47 \| 00,102,660 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\SystemLook.exe [2009/11/09 03:04:15 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata14.sqm [2009/11/09 03:04:15 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt14.sqm [2009/11/08 02:19:46 \| 00,291,328 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\hibb18sz.exe [2009/11/07 16:38:39 \| 00,291,328 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\ucyd262i.exe [2009/11/07 09:07:44 \| 00,291,328 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\h9we6y69.exe [2009/11/07 09:07:08 \| 00,047,616 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\Win32kDiag.exe [2009/11/07 07:03:50 \| 00,001,075 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/11/07 04:05:05 \| 00,371,433 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\querySvc.exe [2009/11/07 04:02:07 \| 00,595,558 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/07 04:02:06 \| 00,737,736 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/07 04:02:06 \| 00,126,480 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/07 03:55:43 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata13.sqm [2009/11/07 03:55:43 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt13.sqm [2009/11/06 04:28:58 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata12.sqm [2009/11/06 04:28:58 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt12.sqm [2009/11/05 13:18:28 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\iTunes.lnk [2009/11/04 09:22:14 \| 00,001,903 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk [2009/11/04 09:22:14 \| 00,001,394 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk [2009/11/04 09:21:31 \| 00,700,784 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\GoogleCalendarSync_Installer.exe [2009/11/04 09:00:31 \| 00,001,001 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk [2009/11/04 08:56:14 \| 02,014,192 \| ---- \| M] (Google) -- C:\Documents and Settings\Rich User\Desktop\GoogleDesktopSetup.exe [2009/11/03 21:38:09 \| 00,348,146 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/03 21:09:34 \| 00,000,991 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\Spybot - Search & Destroy.lnk [2009/11/03 21:07:23 \| 16,409,960 \| ---- \| M] (Safer Networking Limited ) -- C:\Documents and Settings\Rich User\Desktop\spybotsd162.exe [2009/11/03 19:04:59 \| 00,001,792 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\HijackThis.lnk [2009/11/03 19:03:57 \| 00,812,344 \| ---- \| M] (Trend Micro Inc.) -- C:\Documents and Settings\Rich User\Desktop\HJTInstall.exe [2009/11/03 15:55:56 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\Rich User\ntuser.ini [2009/11/03 15:55:42 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata11.sqm [2009/11/03 15:55:42 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt11.sqm [2009/11/03 15:18:48 \| 16,883,056 \| ---- \| M] (Microsoft Corporation) -- C:\Documents and Settings\Rich User\Desktop\IE8-WindowsXP-x86-ENU.exe [2009/11/03 14:57:12 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata10.sqm [2009/11/03 14:57:12 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt10.sqm [2009/11/03 14:49:15 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata09.sqm [2009/11/03 14:49:15 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt09.sqm [2009/11/03 14:49:13 \| 00,001,374 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/11/03 14:39:00 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata08.sqm [2009/11/03 14:39:00 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt08.sqm [2009/11/03 12:36:16 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata07.sqm [2009/11/03 12:36:16 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt07.sqm [2009/11/03 12:01:27 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata06.sqm [2009/11/03 12:01:27 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt06.sqm [2009/11/03 11:51:40 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata05.sqm [2009/11/03 11:51:40 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt05.sqm [2009/11/03 04:38:37 \| 00,000,474 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/03 04:16:29 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rich User\Desktop\mbam-setup.exe [2009/11/03 04:11:08 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Rich User\Desktop\TFC.exe [2009/11/03 02:41:13 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata04.sqm [2009/11/03 02:41:13 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt04.sqm [2009/11/02 16:46:13 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata03.sqm [2009/11/02 16:46:13 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt03.sqm [2009/11/02 15:03:04 \| 00,000,008 \| ---- \| M] () -- C:\WINDOWS\System32\nvModes.dat [2009/11/01 20:28:37 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata02.sqm [2009/11/01 20:28:37 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt02.sqm [2009/11/01 08:47:02 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata01.sqm [2009/11/01 08:47:02 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt01.sqm [2009/11/01 08:15:40 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata00.sqm [2009/11/01 08:15:40 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt00.sqm [2009/11/01 03:54:10 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata19.sqm [2009/11/01 03:54:10 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt19.sqm [2009/11/01 03:40:09 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata18.sqm [2009/11/01 03:40:09 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt18.sqm [2009/11/01 03:29:38 \| 00,000,268 \| -H-- \| M] () -- C:\sqmdata17.sqm [2009/11/01 03:29:38 \| 00,000,244 \| -H-- \| M] () -- C:\sqmnoopt17.sqm [2009/11/01 03:17:12 \| 00,000,280 \| -HS- \| M] () -- C:\boot.ini [2009/11/01 03:17:12 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/10/29 16:01:30 \| 00,001,899 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk [2009/10/27 18:05:56 \| 00,000,634 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\ERUNT.lnk [2009/10/24 14:25:03 \| 86,453,576 \| ---- \| M] (NVIDIA Corporation ) -- C:\Documents and Settings\Rich User\Desktop\191.07_desktop_winxp_32bit_english_whql.exe [2009/10/24 14:16:18 \| 02,125,016 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\nvidia_orb.exe [2009/10/21 04:24:41 \| 00,291,328 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\9ghh207z.exe [2009/10/21 04:16:20 \| 00,331,264 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Desktop\dds.com [2009/10/20 18:59:05 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091103-213809.backup [2009/10/18 13:09:53 \| 00,148,992 \| ---- \| M] () -- C:\Documents and Settings\Rich User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/14 10:22:14 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/10/14 10:22:14 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/14 10:22:14 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/14 10:22:14 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/14 10:22:14 \| 00,073,728 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl ========== Files Created - No Company Name ========== [2009/11/11 05:51:55 \| 00,015,688 \| ---- \| C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/11/11 03:04:20 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/11/11 02:56:32 \| 00,000,925 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/11/11 02:43:16 \| 00,000,748 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\SpywareBlaster.lnk [2009/11/10 13:41:59 \| 00,000,584 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\query.bat [2009/11/09 02:27:51 \| 00,102,660 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\SystemLook.exe [2009/11/08 02:19:43 \| 00,291,328 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\hibb18sz.exe [2009/11/07 16:38:38 \| 00,291,328 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\ucyd262i.exe [2009/11/07 09:07:44 \| 00,291,328 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\h9we6y69.exe [2009/11/07 09:07:08 \| 00,047,616 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\Win32kDiag.exe [2009/11/06 10:23:56 \| 00,371,433 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\querySvc.exe [2009/11/05 13:16:23 \| 00,002,137 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\iTunes.lnk [2009/11/04 09:22:14 \| 00,001,903 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk [2009/11/04 09:22:14 \| 00,001,394 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk [2009/11/04 09:21:29 \| 00,700,784 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\GoogleCalendarSync_Installer.exe [2009/11/04 09:00:31 \| 00,001,001 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk [2009/11/03 21:09:34 \| 00,000,991 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\Spybot - Search & Destroy.lnk [2009/11/03 19:04:59 \| 00,001,792 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\HijackThis.lnk [2009/11/03 04:26:57 \| 00,000,474 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/29 16:01:30 \| 00,001,899 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk [2009/10/27 18:05:56 \| 00,000,634 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\ERUNT.lnk [2009/10/24 14:16:18 \| 02,125,016 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\nvidia_orb.exe [2009/10/24 05:20:09 \| 00,000,008 \| ---- \| C] () -- C:\WINDOWS\System32\nvModes.dat [2009/10/21 04:24:40 \| 00,291,328 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\9ghh207z.exe [2009/10/21 04:16:20 \| 00,331,264 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Desktop\dds.com [2009/10/20 18:10:45 \| 00,236,544 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/20 18:10:45 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/20 18:10:45 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/20 18:10:45 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/10/01 16:02:33 \| 00,122,880 \| ---- \| C] () -- C:\WINDOWS\System32\trc.dll [2009/10/01 16:00:33 \| 00,005,120 \| ---- \| C] () -- C:\WINDOWS\System32\IcdSptSvps.dll [2009/10/01 16:00:32 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\mp3dec.dll [2009/10/01 16:00:32 \| 00,081,920 \| ---- \| C] () -- C:\WINDOWS\System32\dsp_trc.dll [2009/09/30 19:01:16 \| 00,116,224 \| ---- \| C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/07/08 17:36:48 \| 00,006,812 \| ---- \| C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009/05/26 18:36:07 \| 00,000,016 \| -H-- \| C] () -- C:\Program Files\SyncToy_9d19fb51-2315-4056-bff3-2e9f1c028251.dat [2009/05/26 18:28:30 \| 00,348,160 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Local Settings\Application Data\filesync.metadata [2008/10/06 16:53:29 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\A5W.INI [2008/09/19 09:12:48 \| 00,003,558 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Application Data\SAS7_000.DAT [2008/06/30 08:12:17 \| 00,000,132 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Local Settings\Application Data\fusioncache.dat [2008/06/02 09:35:54 \| 00,148,992 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/05/31 21:15:34 \| 00,028,604 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Application Data\wklnhst.dat [2008/05/31 20:56:08 \| 00,002,508 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Application Data\$_hpcst$.hpc [2008/05/31 20:45:48 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Rich User\Application Data\desktop.ini [2008/05/31 20:45:46 \| 02,111,690 \| -H-- \| C] () -- C:\Documents and Settings\Rich User\Local Settings\Application Data\IconCache.db [2008/05/31 20:45:46 \| 00,081,936 \| ---- \| C] () -- C:\Documents and Settings\Rich User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/02/26 05:57:18 \| 00,000,037 \| ---- \| C] () -- C:\WINDOWS\iltwain.ini [2008/02/18 22:33:34 \| 00,446,352 \| ---- \| C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2008/01/07 09:03:53 \| 00,001,755 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/12/25 14:52:13 \| 00,000,997 \| ---- \| C] () -- C:\WINDOWS\raytech.ini [2007/12/25 14:52:03 \| 00,061,440 \| ---- \| C] () -- C:\WINDOWS\System32\nosgeo.dll [2007/12/25 14:52:03 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\mtls.dll [2007/12/25 14:52:02 \| 00,157,696 \| ---- \| C] () -- C:\WINDOWS\System32\jpeg6.dll [2007/12/25 14:52:02 \| 00,121,856 \| ---- \| C] () -- C:\WINDOWS\System32\LORAN.DLL [2007/12/19 09:30:20 \| 00,000,165 \| ---- \| C] () -- C:\WINDOWS\QUICKEN.INI [2007/09/28 14:08:11 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\frontpg.ini [2007/09/28 14:07:17 \| 00,021,791 \| ---- \| C] () -- C:\WINDOWS\System32\smtpctrs.ini [2007/09/28 14:07:17 \| 00,001,037 \| ---- \| C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2007/09/28 14:06:50 \| 00,007,909 \| ---- \| C] () -- C:\WINDOWS\System32\ftpctrs.ini [2007/09/28 14:06:49 \| 00,038,576 \| ---- \| C] () -- C:\WINDOWS\System32\w3ctrs.ini [2007/09/28 14:06:49 \| 00,010,225 \| ---- \| C] () -- C:\WINDOWS\System32\axperf.ini [2007/09/28 14:06:48 \| 00,011,435 \| ---- \| C] () -- C:\WINDOWS\System32\infoctrs.ini [2007/08/30 16:41:27 \| 00,003,654 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2007/07/19 10:14:26 \| 00,000,305 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html [2007/07/05 08:32:11 \| 00,002,345 \| ---- \| C] () -- C:\WINDOWS\CONTOUR.INI [2007/01/03 10:24:36 \| 00,020,698 \| ---- \| C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/01/03 10:22:46 \| 00,030,628 \| ---- \| C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/01/03 10:22:14 \| 00,031,698 \| ---- \| C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/12/06 11:24:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\hpqEmlSz.INI [2006/06/29 13:58:52 \| 00,030,808 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 \| 00,026,489 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/06/20 11:52:30 \| 00,002,304 \| ---- \| C] () -- C:\WINDOWS\System32\Machnm32.sys [2006/05/23 08:34:21 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/05/21 21:16:12 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\YCRWin32.dll [2006/04/25 12:23:08 \| 00,016,384 \| ---- \| C] () -- C:\WINDOWS\System32\WINKRNME.DLL [2006/04/25 11:53:50 \| 00,149,785 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2006/04/18 14:39:28 \| 00,029,779 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 \| 00,026,040 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/04/12 00:31:11 \| 00,068,336 \| ---- \| C] () -- C:\WINDOWS\System32\instwdm.ini [2006/04/12 00:31:11 \| 00,003,072 \| ---- \| C] () -- C:\WINDOWS\CTXFIRES.DLL [2006/04/12 00:31:11 \| 00,000,191 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/04/12 00:31:08 \| 00,532,544 \| ---- \| C] () -- C:\WINDOWS\PIC.dll [2006/04/12 00:31:08 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\CNYUSB.dll [2006/04/12 00:31:08 \| 00,011,776 \| ---- \| C] () -- C:\WINDOWS\HIDMNT.dll [2006/04/12 00:31:08 \| 00,005,120 \| ---- \| C] () -- C:\WINDOWS\HKCYDLL.dll [2006/04/12 00:31:08 \| 00,000,360 \| ---- \| C] () -- C:\WINDOWS\CNYHKey.ini [2006/04/12 00:16:00 \| 00,000,510 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2006/04/11 23:10:50 \| 00,573,440 \| ---- \| C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/04/11 23:10:50 \| 00,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/04/11 22:39:08 \| 00,000,194 \| ---- \| C] () -- C:\WINDOWS\System32\KILL.INI [2006/04/11 22:39:04 \| 00,070,656 \| ---- \| C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2006/04/11 22:39:02 \| 00,038,400 \| ---- \| C] () -- C:\WINDOWS\System32\CTBURST.DLL [2005/08/05 21:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/02 15:19:16 \| 00,050,176 \| ---- \| C] () -- C:\WINDOWS\armcex.dll [2005/05/15 09:54:20 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [2005/05/15 09:27:33 \| 00,040,448 \| ---- \| C] () -- C:\WINDOWS\System32\REGOBJ.DLL [2005/01/12 09:38:00 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005/01/09 15:49:16 \| 00,001,252 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/01/09 15:49:16 \| 00,000,519 \| ---- \| C] () -- C:\WINDOWS\System32\emver.ini [2005/01/09 15:48:33 \| 00,001,075 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/01/09 15:48:30 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/01/09 15:48:24 \| 00,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2005/01/09 09:00:14 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2003/08/11 00:07:40 \| 00,565,248 \| ---- \| C] () -- C:\WINDOWS\System32\hpotscl.dll [1998/08/16 04:00:00 \| 00,004,096 \| ---- \| C] () -- C:\WINDOWS\System32\sysres.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >

JSntgRvr View Member Profile	Nov 12 2009, 08:34 PM Post #99
Global Moderator Posts: 6,836 From: Puerto Rico OS: Windows XP, VISTA Home Premium	Hi, horizonatdawn RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop. Once downloaded, RIGHT-CLICK DelDomains.inf and select: Install (no need to restart) Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently. Perhaps going throughout these steps will help the computer gain some speed: Remove Temporary Files: Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Remove unnecessary startups: This should be done through the System Configuration Utility. Go to Start > Run and type in msconfig. Click OK or hit the Enter key. Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close" I have check the following, and these appear to be unnecessary. Please note that these programs are either User defined, meaning it is up to you to keep them starting-up when Windows start. Most of these are available throughout the start menu: Adobe Photo Downloader Adobe Reader Speed Launcher AlwaysReady Power Message APP AOL Spyware Protection CanonMyPrinter CanonSolutionMenu CarboniteUI.exe ccApp CHotkey CTHelper CTxfiHlp DT Task ehTray Gateway Extended Warranty Google Desktop Search GoToMyPC GrooveMonitor HP Component Manager HP Software Update HPDJ Taskbar Utility IAAnotif ISUSScheduler iTunesHelper ledpointer LogitechVideoRepair LogitechVideoTray LVCOMSX Motive SmartBridge Norton Ghost 14.0 NvCplDaemon NvMediaCenter nwiz PC Pitstop Diskmd3 Reminder PC Pitstop Optimize Scheduler PCPitstop Optimize Registration Reminder PivotSoftware QuickTime Task readericon SunJavaUpdateSched UserFaultCheck WheelMouse H/PC Connection Agent LogitechSoftwareUpdate MsnMsgr Skype swg I don't know if the following program is necessary to start when Windows starts: piiserviceOE ->iHateSpam Outlook Once done, you will be prompted to restart. Go ahead and restart. Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again. Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option. Go here for info on msconfig: Pacs Portal You can look up the startups at the following links to help determine what is needed and what is not: BleepingComputer Answers That Work Windows Startup Run OTL.exe. Click on the Cleanup button and follow the prompts to remove the program and related files. Keep me posted.

horizonatdawn View Member Profile	Nov 13 2009, 07:50 AM Post #100
Geek in Training Posts: 55 OS: xp	Excellent! Once again thanks much to you and rshaffer61 who passed it on to you! I'll keep you posted and we can close this, correct? Rich -----

JSntgRvr View Member Profile	Nov 13 2009, 08:05 AM Post #101
Global Moderator Posts: 6,836 From: Puerto Rico OS: Windows XP, VISTA Home Premium	QUOTE (horizonatdawn @ Nov 13 2009, 09:50 AM) Excellent! Once again thanks much to you and rshaffer61 who passed it on to you! I'll keep you posted and we can close this, correct? Rich ----- I will keep the topic open for a few days, should you require further help.

JSntgRvr View Member Profile	Nov 19 2009, 01:59 PM Post #102
Global Moderator Posts: 6,836 From: Puerto Rico OS: Windows XP, VISTA Home Premium	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

7 Pages

« < 5 6 7

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Web Browsers and Email On browsers like ie and firefox text appears slightly blurry	7 / 580	19th July 2007 - 12:29 AM stealthyasallama started - last by ==SpuD==
Web Browsers and Email IE 7 works fine, Mozilla FireFox and Opera don't.	0 / 361	23rd August 2008 - 04:38 AM katkatkat started - last by katkatkat
Virus, Spyware and Trojan Removal IE and Firefox usually don't open, web pages redirected often with 12	24 / 637	27th September 2009 - 03:56 PM Imp66 started - last by emeraldnzl
Virus, Spyware and Trojan Removal Can't run IE or Firefox and misc other malfunctions	1 / 119	31st October 2009 - 04:39 AM horizonatdawn started - last by kahdah