[code] OTScanIt2 logfile created on: 11/14/2008 6:09:16 AM - Run 1 OTScanIt2 by OldTimer - Version 1.0.0.33b Folder = C:\Documents and Settings\Chandra Tourtelot\Desktop\OTScanIt2 Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 44.99% Memory free 3.85 Gb Paging File | 2.88 Gb Available in Paging File | 74.89% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 104.99 Gb Total Space | 68.13 Gb Free Space | 64.89% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHANDRA Current User Name: Chandra Tourtelot Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Processes - Safe List] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2006/05/23 14:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2006/11/23 01:35:50 | 00,020,480 | ---- | M] () bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> [2006/11/23 01:32:58 | 01,253,376 | ---- | M] (Dell Inc.) aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2008/01/04 13:27:08 | 00,587,096 | ---- | M] (Lavasoft) ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2006/05/23 14:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> [2006/11/23 01:35:50 | 01,392,640 | ---- | M] (Dell Inc.) stsystra.exe -> %SystemRoot%\stsystra.exe -> [2006/03/25 00:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [2006/08/03 19:51:42 | 01,032,192 | ---- | M] (Dell Inc) syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2006/03/08 19:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> [2006/08/22 16:32:18 | 00,184,320 | ---- | M] (CyberLink Corp.) googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2006/12/17 11:42:35 | 00,236,544 | ---- | M] (Google) mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> [2005/08/02 17:59:16 | 00,106,496 | ---- | M] (Corel, Inc.) tmas_oemon.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe -> [2006/08/04 17:15:28 | 00,321,040 | ---- | M] (Trend Micro Inc.) googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/20 12:27:25 | 00,068,856 | ---- | M] (Google Inc.) msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> [2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) googledesktopindex.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIndex.exe -> [2006/12/17 11:42:35 | 00,785,920 | ---- | M] (Google) cfserver.exe -> %SystemDrive%\CFusion\BIN\cfserver.exe -> [2001/05/23 21:13:40 | 03,485,696 | ---- | M] (Macromedia Inc.) dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> [2004/02/05 13:28:16 | 00,118,784 | ---- | M] (Nikon Corporation) nkvmon.exe -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> [2005/11/05 12:39:02 | 00,233,472 | ---- | M] (Nikon Corporation) sqlmangr.exe -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 23:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) cfexec.exe -> %SystemDrive%\CFusion\BIN\cfexec.exe -> [2001/05/23 21:27:32 | 00,430,080 | ---- | M] (Macromedia Inc.) cfrdsservice.exe -> %SystemDrive%\CFusion\BIN\cfrdsservice.exe -> [2001/05/23 21:33:00 | 00,917,504 | ---- | M] (Macromedia Inc.) ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) g2svc.exe -> %ProgramFiles%\Citrix\GoToMyPC\g2svc.exe -> [2007/01/12 17:45:32 | 00,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) g2comm.exe -> %ProgramFiles%\Citrix\GoToMyPC\g2comm.exe -> [2007/01/12 17:45:24 | 00,590,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) g2pre.exe -> %ProgramFiles%\Citrix\GoToMyPC\g2pre.exe -> [2007/01/12 17:45:28 | 00,251,440 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) sqlservr.exe -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -> [2008/05/25 16:44:16 | 09,154,560 | ---- | M] (Microsoft Corporation) g2tray.exe -> %ProgramFiles%\Citrix\GoToMyPC\g2tray.exe -> [2007/01/12 17:45:32 | 00,897,584 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) nmsaccessu.exe -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) spyhunter3.exe -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3.exe -> [2008/09/10 16:16:00 | 00,864,256 | ---- | M] (Enigma Software Group USA, LLC.) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) ose.exe -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) pcctlcom.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\PcCtlCom.exe -> [2008/05/19 15:17:14 | 01,475,936 | ---- | M] (Trend Micro Inc.) tmntsrv.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\Tmntsrv.exe -> [2006/09/25 16:26:26 | 00,345,696 | ---- | M] (Trend Micro Inc.) tmpfw.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\TmPfw.exe -> [2006/11/09 15:03:42 | 00,923,216 | ---- | M] (Trend Micro Inc.) tmproxy.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\tmproxy.exe -> [2006/11/09 15:04:02 | 00,566,872 | ---- | M] (Trend Micro Inc.) pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 14\pccguide.exe -> [2006/11/21 13:02:24 | 01,807,960 | ---- | M] (Trend Micro Inc.) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/11/09 11:18:54 | 00,464,896 | ---- | M] (OldTimer Tools) [Win32 Services - Safe List] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2008/01/04 13:27:08 | 00,587,096 | ---- | M] (Lavasoft) (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2007/10/11 06:48:51 | 00,072,704 | ---- | M] (Adobe Systems) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2006/05/23 14:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (Cold Fusion Application Server) Cold Fusion Application Server [Win32_Own | Auto | Running] -> %SystemDrive%\CFusion\BIN\cfserver.exe -> [2001/05/23 21:13:40 | 03,485,696 | ---- | M] (Macromedia Inc.) (Cold Fusion Executive) ColdFusion Executive [Win32_Own | Auto | Running] -> %SystemDrive%\CFusion\BIN\cfexec.exe -> [2001/05/23 21:27:32 | 00,430,080 | ---- | M] (Macromedia Inc.) (Cold Fusion RDS) ColdFusion RDS [Win32_Own | Auto | Running] -> %SystemDrive%\CFusion\BIN\cfrdsservice.exe -> [2001/05/23 21:33:00 | 00,917,504 | ---- | M] (Macromedia Inc.) (ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) (ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) (getPlus(R) Helper) getPlus(R) Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> [2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) (GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopManager.exe -> [2006/12/17 11:42:35 | 00,086,528 | ---- | M] (Google) (GoToMyPC) GoToMyPC [Win32_Own | Auto | Running] -> %ProgramFiles%\Citrix\GoToMyPC\g2svc.exe -> [2007/01/12 17:45:32 | 00,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/02/18 09:37:34 | 00,138,168 | ---- | M] (Google) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) (McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) (MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) (MSSQL$MICROSOFTSMLBIZ) MSSQL$MICROSOFTSMLBIZ [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -> [2008/05/25 16:44:16 | 09,154,560 | ---- | M] (Microsoft Corporation) (MSSQLServerADHelper) MSSQLServerADHelper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -> [2005/05/03 23:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) (NMSAccessU) NMSAccessU [Win32_Own | Auto | Running] -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) (PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\PcCtlCom.exe -> [2008/05/19 15:17:14 | 01,475,936 | ---- | M] (Trend Micro Inc.) (SQLAgent$MICROSOFTSMLBIZ) SQLAgent$MICROSOFTSMLBIZ [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -> [2005/05/03 22:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) (Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\Tmntsrv.exe -> [2006/09/25 16:26:26 | 00,345,696 | ---- | M] (Trend Micro Inc.) (TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\TmPfw.exe -> [2006/11/09 15:03:42 | 00,923,216 | ---- | M] (Trend Micro Inc.) (tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security 14\tmproxy.exe -> [2006/11/09 15:04:02 | 00,566,872 | ---- | M] (Trend Micro Inc.) (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WLTRYSVC.EXE -> [2006/11/23 01:35:50 | 00,020,480 | ---- | M] () (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (ADM8511) ADMtek ADM8511/AN986 USB To Fast Ethernet Converter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ADM8511.SYS -> [2001/08/17 12:11:18 | 00,020,160 | ---- | M] (ADMtek Incorporated) (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2006/12/17 11:40:41 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2006/05/23 15:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> [2006/11/23 01:34:36 | 00,604,928 | ---- | M] (Broadcom Corporation) (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2006/08/25 08:23:08 | 00,044,544 | ---- | M] (Broadcom Corporation) (Cdr4_xp) Cdr4_xp [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> [2005/09/07 13:29:44 | 00,044,288 | ---- | M] (Sonic Solutions) (Cdralw2k) Cdralw2k [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> [2005/09/07 13:32:58 | 00,024,960 | ---- | M] (Sonic Solutions) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) (drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) (DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWAZL.sys -> [2005/07/22 04:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> [2005/07/22 04:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) (kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/03/17 04:04:14 | 00,013,059 | ---- | M] (Conexant) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2006/08/24 13:33:36 | 00,036,528 | ---- | M] (Sonic Solutions) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> [2005/10/14 16:40:18 | 00,028,544 | ---- | M] (REDC) (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> [2005/10/14 16:40:18 | 00,051,328 | ---- | M] (REDC) (rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> [2005/10/14 16:40:18 | 00,307,968 | ---- | M] (REDC) (sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) (ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2006/03/25 00:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2006/03/08 19:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) (tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) (tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) (tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) (tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) (tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) (tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) (tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) (tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) (tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TM_CFW.sys -> [2006/11/09 16:04:20 | 00,280,392 | ---- | M] (Trend Micro Inc.) (tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> [2008/08/16 02:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) (tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tmtdi.sys -> [2006/11/09 16:04:20 | 00,073,288 | ---- | M] (Trend Micro Inc.) (tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> [2008/08/16 02:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) (vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> [2008/08/16 01:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2005/07/22 04:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) (WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wmiacpi.sys -> [2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2061217 -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2061217 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2061217 -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> www.yahoo.com -> HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 00,816,400 | ---- | M] (Yahoo! Inc.) HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 00,816,400 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/02/18 09:37:33 | 02,403,392 | R--- | M] (Google Inc.) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 00,816,400 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2007/02/18 09:37:33 | 02,403,392 | R--- | M] (Google Inc.) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 00,816,400 | ---- | M] (Yahoo! Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ATICCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay] -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) "atwtusb" -> %SystemRoot%\system32\ATWTUSB.EXE [atwtusb.exe] -> [2006/07/25 16:50:28 | 00,319,488 | ---- | M] () "Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> [2006/11/23 01:35:50 | 01,392,640 | ---- | M] (Dell Inc.) "Corel Photo Downloader" -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe [C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe] -> [2005/08/02 17:59:16 | 00,106,496 | ---- | M] (Corel, Inc.) "Dell QuickSet" -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2006/08/03 19:51:42 | 01,032,192 | ---- | M] (Dell Inc) "dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) "ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) "Google Desktop Search" -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2006/12/17 11:42:35 | 00,236,544 | ---- | M] (Google) "GoToMyPC" -> %ProgramFiles%\Citrix\GoToMyPC\g2svc.exe [C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon] -> [2007/01/12 17:45:32 | 00,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) "ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation) "ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) "MRT" -> %SystemRoot%\system32\MRT.exe ["C:\WINDOWS\system32\MRT.exe" /R] -> [2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) "pccguide.exe" -> %ProgramFiles%\Trend Micro\Internet Security 14\pccguide.exe ["C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"] -> [2006/11/21 13:02:24 | 01,807,960 | ---- | M] (Trend Micro Inc.) "PCMService" -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2006/08/22 16:32:18 | 00,184,320 | ---- | M] (CyberLink Corp.) "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/12/17 11:40:54 | 00,098,304 | ---- | M] (Apple Computer, Inc.) "SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2006/03/25 00:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) "SpyHunter Security Suite" -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3.exe [C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe] -> [2008/09/10 16:16:00 | 00,864,256 | ---- | M] (Enigma Software Group USA, LLC.) "SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/08 19:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DellSupport" -> %ProgramFiles%\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> [2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) "ModemOnHold" -> %ProgramFiles%\NetWaiting\netWaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe] -> File not found "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "OE_OEM" -> %ProgramFiles%\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe ["C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"] -> [2006/08/04 17:15:28 | 00,321,040 | ---- | M] (Trend Micro Inc.) "swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/20 12:27:25 | 00,068,856 | ---- | M] (Google Inc.) "updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> [2006/03/30 15:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated) "Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) %AllUsersProfile%\Start Menu\Programs\Startup\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> [2004/02/05 13:28:16 | 00,118,784 | ---- | M] (Nikon Corporation) %AllUsersProfile%\Start Menu\Programs\Startup\NkvMon.exe.lnk -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> [2005/11/05 12:39:02 | 00,233,472 | ---- | M] (Nikon Corporation) %AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2007/01/22 14:21:00 | 00,815,104 | ---- | M] (Intuit Inc.) %AllUsersProfile%\Start Menu\Programs\Startup\Service Manager.lnk -> %ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2005/05/03 23:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) < Chandra Tourtelot Startup Folder > -> C:\Documents and Settings\Chandra Tourtelot\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] () %UserProfile%\Start Menu\Programs\Startup\Xfire.lnk -> %ProgramFiles%\Xfire\xfire.exe -> [2007/01/19 17:20:49 | 02,362,448 | ---- | M] (Xfire Inc.) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found \\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Search -> [?p=ZCfox000] -> File not found E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MI1933~1\Office10\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Menu: Sun Java Console] -> [2005/11/10 14:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.) {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 14:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.) CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5263 domain(s) found. -> 115 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {6E5E167B-1566-4316-B27F-0DDAB3484CF7} [HKLM] -> http://submit.shutterstock.com/ImageUploader4.cab[Image Uploader Control] -> {77E32299-629F-43C6-AB77-6A1E6D7663F6} [HKLM] -> http://www.nick.com/common/groove/gx/GrooveAX28.cab[Groove Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {B12213CD-4189-415D-A054-7999528459F7} [HKLM] -> http://aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab[pixelStormLauncher Class] -> {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} [HKLM] -> http://www.gamehouse.com/games/zylom/zylomplayer.cab[Zylom Games Player] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [HKLM] -> http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe[Virtools WebPlayer Class] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {12AD002F-7670-4902-9912-EFAA07B3975C} -> (Broadcom 440x 10/100 Integrated Controller) -> {7BA70A98-9A66-458E-A1D5-6862932F6BDB} -> (1394 Net Adapter) -> {CD67D938-93C8-4359-938D-9C686B5F9140} -> (ADMtek ADM8511 USB To Fast Ethernet Converter) -> {FA074578-A5B5-48B1-9F81-56ECBBB9D715} -> (Dell Wireless 1390 WLAN Mini-Card) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2006/12/17 11:42:35 | 00,164,864 | ---- | M] (Google) axlvlr.dll -> -> File not found iyscgo.dll -> -> File not found *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2006/05/23 15:00:44 | 00,061,440 | ---- | M] (ATI Technologies Inc.) GoToMyPC -> %ProgramFiles%\Citrix\GoToMyPC\G2WinLogon.dll -> [2007/01/12 17:45:36 | 00,010,800 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\Chandra Tourtelot\Desktop\wowclient-downloader.exe" -> C:\Documents and Settings\Chandra Tourtelot\Desktop\wowclient-downloader.exe [C:\Documents and Settings\Chandra Tourtelot\Desktop\wowclient-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found "C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temporary Internet Files\Content.IE5\8TAZO92F\wowclient-downloader[1].exe" -> C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temporary Internet Files\Content.IE5\8TAZO92F\wowclient-downloader[1].exe [C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temporary Internet Files\Content.IE5\8TAZO92F\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader] -> File not found "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" -> C:\Program Files\Dell Network Assistant\ezi_hnm2.exe [C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant] -> [2006/10/19 16:36:48 | 00,897,024 | ---- | M] (SingleClick Systems) "C:\Program Files\Dell\MediaDirect\PCMService.exe" -> C:\Program Files\Dell\MediaDirect\PCMService.exe [C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program] -> [2006/08/22 16:32:18 | 00,184,320 | ---- | M] (CyberLink Corp.) "C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" -> C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager] -> [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2007/08/16 17:00:00 | 00,147,456 | ---- | M] (Lime Wire, LLC) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> [2006/11/23 10:45:34 | 02,076,672 | ---- | M] (mIRC Co. Ltd.) "C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> [2006/12/17 11:40:39 | 00,026,112 | ---- | M] (RealNetworks, Inc.) "C:\Program Files\Trillian\trillian.exe" -> C:\Program Files\Trillian\trillian.exe [C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian] -> [2007/12/11 00:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) "C:\Program Files\WolfQuest\WolfQuest.exe" -> C:\Program Files\WolfQuest\WolfQuest.exe [C:\Program Files\WolfQuest\WolfQuest.exe:*:Enabled:WolfQuest] -> File not found "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) "C:\WINDOWS\system32\fxsclnt.exe" -> C:\WINDOWS\system32\fxsclnt.exe [C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console] -> [2008/04/13 19:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{137975e1-91ef-11db-b1e2-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{137975e1-91ef-11db-b1e2-806d6172696f}\Shell \{137975e1-91ef-11db-b1e2-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{137975e1-91ef-11db-b1e2-806d6172696f}\Shell\AutoRun \{137975e1-91ef-11db-b1e2-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{137975e1-91ef-11db-b1e2-806d6172696f}\Shell\AutoRun\command \{137975e1-91ef-11db-b1e2-806d6172696f}\Shell\AutoRun\command\\"" -> D:\Setup.exe [D:\Setup.exe] -> File not found \{361ac05d-0e0d-11da-9aa9-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> File not found [Files/Folders - Created Within 30 Days] 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/11/14 06:08:57 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/14 06:08:31 | 00,635,481 | ---- | C] () gfmhgpnh.exe -> %SystemRoot%\System32\gfmhgpnh.exe -> [2008/11/14 06:04:52 | 00,033,832 | ---- | C] (Microsoft Corporation) MRT.INI -> %SystemRoot%\System32\MRT.INI -> [2008/11/14 06:04:52 | 00,000,127 | ---- | C] () mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/13 18:56:51 | 00,455,296 | ---- | C] (Microsoft Corporation) msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/13 17:32:46 | 01,106,944 | ---- | C] (Microsoft Corporation) LastGood -> %SystemRoot%\LastGood -> [2008/11/13 12:53:37 | 00,000,000 | ---D | C] Malwarebytes -> %AppData%\Malwarebytes -> [2008/11/13 11:38:40 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/11/13 11:38:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/11/13 11:38:34 | 00,000,696 | ---- | C] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/11/13 11:38:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/11/13 11:38:30 | 00,000,000 | ---D | C] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/11/13 11:38:30 | 00,000,000 | ---D | C] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/11/13 11:38:01 | 02,391,552 | ---- | C] (Malwarebytes Corporation ) Xfire.lnk -> %UserProfile%\Start Menu\Programs\Startup\Xfire.lnk -> [2008/11/13 11:36:21 | 00,000,650 | ---- | C] () ERDNT -> %SystemRoot%\ERDNT -> [2008/11/13 11:35:46 | 00,000,000 | ---D | C] ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2008/11/13 11:35:37 | 00,000,767 | ---- | C] () NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008/11/13 11:35:33 | 00,000,611 | ---- | C] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008/11/13 11:35:33 | 00,000,592 | ---- | C] () ERUNT -> %ProgramFiles%\ERUNT -> [2008/11/13 11:35:33 | 00,000,000 | ---D | C] erunt_setup.exe -> %UserProfile%\Desktop\erunt_setup.exe -> [2008/11/13 11:34:48 | 00,791,393 | ---- | C] (Lars Hederer ) SysRestorePoint_v13.zip -> %UserProfile%\Desktop\SysRestorePoint_v13.zip -> [2008/11/13 11:30:57 | 00,009,334 | ---- | C] () VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [2008/11/13 11:10:03 | 00,000,000 | ---D | C] WinRAR -> %AppData%\WinRAR -> [2008/11/13 10:46:47 | 00,000,000 | ---D | C] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/11/13 10:38:37 | 21,458,45248 | -HS- | C] () user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2008/11/13 10:28:23 | 00,578,560 | ---- | C] (Microsoft Corporation) Misc. Support Library (Spybot - Search & Destroy) -> %ProgramFiles%\Misc. Support Library (Spybot - Search & Destroy) -> [2008/11/13 10:08:03 | 00,000,000 | ---D | C] TeaTimer (Spybot - Search & Destroy) -> %ProgramFiles%\TeaTimer (Spybot - Search & Destroy) -> [2008/11/13 10:07:59 | 00,000,000 | ---D | C] SDHelper (Spybot - Search & Destroy) -> %ProgramFiles%\SDHelper (Spybot - Search & Destroy) -> [2008/11/13 10:07:55 | 00,000,000 | ---D | C] File Scanner Library (Spybot - Search & Destroy) -> %ProgramFiles%\File Scanner Library (Spybot - Search & Destroy) -> [2008/11/13 10:07:54 | 00,000,000 | ---D | C] ERUNT -> %SystemRoot%\ERUNT -> [2008/11/13 09:57:54 | 00,000,000 | ---D | C] SDFix -> %SystemDrive%\SDFix -> [2008/11/13 09:51:25 | 00,000,000 | ---D | C] SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2008/11/13 09:51:13 | 01,529,241 | ---- | C] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/11/13 09:38:43 | 00,001,734 | ---- | C] () HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/11/13 09:38:25 | 00,812,344 | ---- | C] (Trend Micro Inc.) spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> [2008/11/13 05:39:43 | 14,968,808 | ---- | C] (Safer Networking Limited ) SpyHunter.lnk -> %AllUsersProfile%\Desktop\SpyHunter.lnk -> [2008/11/12 19:12:51 | 00,000,899 | ---- | C] () Enigma Software Group -> %ProgramFiles%\Enigma Software Group -> [2008/11/12 19:12:15 | 00,000,000 | ---D | C] SpyHunter-Scanner-Install.exe -> %UserProfile%\Desktop\SpyHunter-Scanner-Install.exe -> [2008/11/12 19:11:42 | 09,212,096 | ---- | C] () zufezu.lib -> %CommonProgramFiles%\zufezu.lib -> [2008/11/08 16:59:10 | 00,019,839 | ---- | C] () ikerunyqa.vbs -> %SystemRoot%\ikerunyqa.vbs -> [2008/11/08 16:59:10 | 00,019,658 | ---- | C] () sazire.com -> %SystemRoot%\sazire.com -> [2008/11/08 16:59:10 | 00,019,537 | ---- | C] () yzetijo.inf -> %SystemRoot%\yzetijo.inf -> [2008/11/08 16:59:10 | 00,019,312 | ---- | C] () sako.sys -> %SystemRoot%\sako.sys -> [2008/11/08 16:59:10 | 00,018,986 | ---- | C] () oraqedyxi.lib -> %SystemRoot%\System32\oraqedyxi.lib -> [2008/11/08 16:59:10 | 00,018,454 | ---- | C] () siquzycar.com -> %SystemRoot%\System32\siquzycar.com -> [2008/11/08 16:59:10 | 00,017,877 | ---- | C] () wofefi.vbs -> %SystemRoot%\System32\wofefi.vbs -> [2008/11/08 16:59:10 | 00,016,254 | ---- | C] () luxaqy.dat -> %AppData%\luxaqy.dat -> [2008/11/08 16:59:10 | 00,015,948 | ---- | C] () tuwowagy.db -> %SystemRoot%\System32\tuwowagy.db -> [2008/11/08 16:59:10 | 00,015,941 | ---- | C] () mawami.com -> %CommonProgramFiles%\mawami.com -> [2008/11/08 16:59:10 | 00,015,598 | ---- | C] () higojijij.vbs -> %AllUsersProfile%\Documents\higojijij.vbs -> [2008/11/08 16:59:10 | 00,014,988 | ---- | C] () huky._dl -> %AppData%\huky._dl -> [2008/11/08 16:59:10 | 00,014,303 | ---- | C] () fykyma.bat -> %CommonProgramFiles%\fykyma.bat -> [2008/11/08 16:59:10 | 00,013,458 | ---- | C] () zibig.bat -> %CommonProgramFiles%\zibig.bat -> [2008/11/08 16:59:10 | 00,013,289 | ---- | C] () egyno.bat -> %SystemRoot%\egyno.bat -> [2008/11/08 16:59:10 | 00,013,241 | ---- | C] () omidovodo.com -> %AllUsersProfile%\Application Data\omidovodo.com -> [2008/11/08 16:59:10 | 00,012,768 | ---- | C] () uxeve.pif -> %CommonProgramFiles%\uxeve.pif -> [2008/11/08 16:59:10 | 00,012,503 | ---- | C] () enadi.reg -> %AppData%\enadi.reg -> [2008/11/08 16:59:10 | 00,011,517 | ---- | C] () juwet.ban -> %AppData%\juwet.ban -> [2008/11/08 16:59:10 | 00,011,004 | ---- | C] () fygedoxo.dl -> %AllUsersProfile%\Documents\fygedoxo.dl -> [2008/11/08 16:59:10 | 00,010,998 | ---- | C] () tebep.bat -> %AllUsersProfile%\Documents\tebep.bat -> [2008/11/08 16:59:10 | 00,010,754 | ---- | C] () jovobev.vbs -> %AllUsersProfile%\Application Data\jovobev.vbs -> [2008/11/08 16:59:10 | 00,010,727 | ---- | C] () vworftqf.ini -> %SystemRoot%\System32\vworftqf.ini -> [2008/11/08 16:55:51 | 01,941,723 | -HS- | C] () nhpoek.dll -> %SystemRoot%\System32\nhpoek.dll -> [2008/11/08 16:55:39 | 00,103,936 | ---- | C] () metallica garage inc 2.axp -> %UserProfile%\My Documents\metallica garage inc 2.axp -> [2008/11/05 14:18:11 | 00,003,225 | ---- | C] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/11/02 14:04:22 | 00,054,156 | -H-- | C] () QTFont.for -> %SystemRoot%\QTFont.for -> [2008/11/02 14:04:22 | 00,001,409 | ---- | C] () Furcadia -> %UserProfile%\My Documents\Furcadia -> [2008/10/26 21:01:45 | 00,000,000 | ---D | C] Dragon's Eye Productions -> %UserProfile%\Local Settings\Application Data\Dragon's Eye Productions -> [2008/10/26 21:01:45 | 00,000,000 | ---D | C] Dragon's Eye Productions -> %AllUsersProfile%\Application Data\Dragon's Eye Productions -> [2008/10/26 21:01:45 | 00,000,000 | ---D | C] Furcadia -> %ProgramFiles%\Furcadia -> [2008/10/26 21:01:41 | 00,000,000 | ---D | C] netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/24 22:06:38 | 00,337,408 | ---- | C] (Microsoft Corporation) NOS -> %AllUsersProfile%\Application Data\NOS -> [2008/10/19 11:14:47 | 00,000,000 | ---D | C] NOS -> %ProgramFiles%\NOS -> [2008/10/19 11:14:46 | 00,000,000 | ---D | C] Prefetch -> %SystemRoot%\Prefetch -> [2008/10/16 10:47:20 | 00,000,000 | ---D | C] scripting -> %SystemRoot%\System32\scripting -> [2008/10/16 10:24:51 | 00,000,000 | ---D | C] l2schemas -> %SystemRoot%\l2schemas -> [2008/10/16 10:24:50 | 00,000,000 | ---D | C] en -> %SystemRoot%\System32\en -> [2008/10/16 10:24:49 | 00,000,000 | ---D | C] bits -> %SystemRoot%\System32\bits -> [2008/10/16 10:24:49 | 00,000,000 | ---D | C] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2008/10/16 10:21:23 | 00,000,000 | ---D | C] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2008/10/16 10:14:26 | 00,000,000 | -H-D | C] spmsg.dll -> %SystemRoot%\System32\spmsg.dll -> [2008/10/16 07:59:18 | 00,017,272 | ---- | C] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/15 18:29:49 | 01,846,400 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/15 18:27:39 | 02,189,184 | ---- | C] (Microsoft Corporation) ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/15 18:27:39 | 02,145,280 | ---- | C] (Microsoft Corporation) ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/15 18:27:38 | 02,066,048 | ---- | C] (Microsoft Corporation) ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/15 18:27:38 | 02,023,936 | ---- | C] (Microsoft Corporation) srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/15 18:00:57 | 00,333,824 | ---- | C] (Microsoft Corporation) [Files/Folders - Modified Within 30 Days] 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2006/12/17 11:41:30 | 00,000,000 | ---D | M] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/11/14 06:05:22 | 00,004,232 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/11/14 06:05:21 | 00,005,513 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2007/09/17 16:31:48 | 00,000,000 | ---D | M] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [2007/09/17 15:59:22 | 00,001,372 | ---- | M] () opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2006/12/28 09:56:29 | 00,011,080 | ---- | M] () opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2007/09/17 17:00:11 | 00,008,468 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting -> [2007/09/19 02:03:32 | 00,000,000 | ---D | M] GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\GridLayout.dat -> [2005/04/05 14:39:08 | 00,101,841 | ---- | M] () C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp\{53437f29-e703-11d4-a51f-0010b541cdae}\ -> C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp\{53437f29-e703-11d4-a51f-0010b541cdae} -> [2008/11/13 10:37:52 | 00,000,000 | ---D | M] _IsUser.dll -> C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp\{53437f29-e703-11d4-a51f-0010b541cdae}\_IsUser.dll -> [2001/05/21 14:03:54 | 00,032,768 | R--- | M] () C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp\ -> C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp -> [2008/11/14 06:09:40 | 00,000,000 | ---D | M] Perflib_Perfdata_1038.dat -> C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp\Perflib_Perfdata_1038.dat -> [2008/11/13 12:34:20 | 00,016,384 | ---- | M] () Perflib_Perfdata_410.dat -> C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp\Perflib_Perfdata_410.dat -> [2008/11/13 12:32:15 | 00,016,384 | ---- | M] () 16 C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Chandra Tourtelot\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/11/14 06:07:58 | 00,000,000 | ---D | M] Perflib_Perfdata_930.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_930.dat -> [2008/11/13 12:37:41 | 00,016,384 | ---- | M] () Perflib_Perfdata_a04.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a04.dat -> [2008/11/13 12:32:44 | 00,016,384 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/14 06:08:42 | 00,635,481 | ---- | M] () gfmhgpnh.exe -> %SystemRoot%\System32\gfmhgpnh.exe -> [2008/11/14 06:04:52 | 00,033,832 | ---- | M] (Microsoft Corporation) MRT.INI -> %SystemRoot%\System32\MRT.INI -> [2008/11/14 06:04:52 | 00,000,127 | ---- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/14 06:02:21 | 00,001,393 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/11/13 12:54:49 | 00,002,206 | ---- | M] () win.ini -> %SystemRoot%\win.ini -> [2008/11/13 12:31:59 | 00,000,698 | ---- | M] () aiptbl.ini -> %SystemRoot%\aiptbl.ini -> [2008/11/13 12:31:58 | 00,003,610 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/11/13 12:29:55 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/11/13 12:29:51 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/11/13 12:29:49 | 21,458,45248 | -HS- | M] () Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/11/13 11:38:34 | 00,000,696 | ---- | M] () mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/11/13 11:38:01 | 02,391,552 | ---- | M] (Malwarebytes Corporation ) system.ini -> %SystemRoot%\system.ini -> [2008/11/13 11:36:22 | 00,000,246 | ---- | M] () boot.ini -> %SystemDrive%\boot.ini -> [2008/11/13 11:36:22 | 00,000,209 | RHS- | M] () ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2008/11/13 11:35:37 | 00,000,767 | ---- | M] () NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008/11/13 11:35:33 | 00,000,611 | ---- | M] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008/11/13 11:35:33 | 00,000,592 | ---- | M] () erunt_setup.exe -> %UserProfile%\Desktop\erunt_setup.exe -> [2008/11/13 11:35:02 | 00,791,393 | ---- | M] (Lars Hederer ) SysRestorePoint_v13.zip -> %UserProfile%\Desktop\SysRestorePoint_v13.zip -> [2008/11/13 11:30:58 | 00,009,334 | ---- | M] () HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2008/11/13 10:33:28 | 00,000,686 | ---- | M] () user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2008/11/13 10:28:24 | 00,578,560 | ---- | M] (Microsoft Corporation) SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2008/11/13 09:51:13 | 01,529,241 | ---- | M] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/11/13 09:38:43 | 00,001,734 | ---- | M] () HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/11/13 09:38:25 | 00,812,344 | ---- | M] (Trend Micro Inc.) spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> [2008/11/13 05:45:51 | 14,968,808 | ---- | M] (Safer Networking Limited ) SpyHunter.lnk -> %AllUsersProfile%\Desktop\SpyHunter.lnk -> [2008/11/12 19:12:51 | 00,000,899 | ---- | M] () SpyHunter-Scanner-Install.exe -> %UserProfile%\Desktop\SpyHunter-Scanner-Install.exe -> [2008/11/12 19:11:47 | 09,212,096 | ---- | M] () vworftqf.ini -> %SystemRoot%\System32\vworftqf.ini -> [2008/11/12 05:19:08 | 01,941,723 | -HS- | M] () zufezu.lib -> %CommonProgramFiles%\zufezu.lib -> [2008/11/08 16:59:10 | 00,019,839 | ---- | M] () ikerunyqa.vbs -> %SystemRoot%\ikerunyqa.vbs -> [2008/11/08 16:59:10 | 00,019,658 | ---- | M] () sazire.com -> %SystemRoot%\sazire.com -> [2008/11/08 16:59:10 | 00,019,537 | ---- | M] () yzetijo.inf -> %SystemRoot%\yzetijo.inf -> [2008/11/08 16:59:10 | 00,019,312 | ---- | M] () sako.sys -> %SystemRoot%\sako.sys -> [2008/11/08 16:59:10 | 00,018,986 | ---- | M] () oraqedyxi.lib -> %SystemRoot%\System32\oraqedyxi.lib -> [2008/11/08 16:59:10 | 00,018,454 | ---- | M] () siquzycar.com -> %SystemRoot%\System32\siquzycar.com -> [2008/11/08 16:59:10 | 00,017,877 | ---- | M] () wofefi.vbs -> %SystemRoot%\System32\wofefi.vbs -> [2008/11/08 16:59:10 | 00,016,254 | ---- | M] () luxaqy.dat -> %AppData%\luxaqy.dat -> [2008/11/08 16:59:10 | 00,015,948 | ---- | M] () tuwowagy.db -> %SystemRoot%\System32\tuwowagy.db -> [2008/11/08 16:59:10 | 00,015,941 | ---- | M] () mawami.com -> %CommonProgramFiles%\mawami.com -> [2008/11/08 16:59:10 | 00,015,598 | ---- | M] () higojijij.vbs -> %AllUsersProfile%\Documents\higojijij.vbs -> [2008/11/08 16:59:10 | 00,014,988 | ---- | M] () huky._dl -> %AppData%\huky._dl -> [2008/11/08 16:59:10 | 00,014,303 | ---- | M] () fykyma.bat -> %CommonProgramFiles%\fykyma.bat -> [2008/11/08 16:59:10 | 00,013,458 | ---- | M] () zibig.bat -> %CommonProgramFiles%\zibig.bat -> [2008/11/08 16:59:10 | 00,013,289 | ---- | M] () egyno.bat -> %SystemRoot%\egyno.bat -> [2008/11/08 16:59:10 | 00,013,241 | ---- | M] () omidovodo.com -> %AllUsersProfile%\Application Data\omidovodo.com -> [2008/11/08 16:59:10 | 00,012,768 | ---- | M] () uxeve.pif -> %CommonProgramFiles%\uxeve.pif -> [2008/11/08 16:59:10 | 00,012,503 | ---- | M] () enadi.reg -> %AppData%\enadi.reg -> [2008/11/08 16:59:10 | 00,011,517 | ---- | M] () juwet.ban -> %AppData%\juwet.ban -> [2008/11/08 16:59:10 | 00,011,004 | ---- | M] () fygedoxo.dl -> %AllUsersProfile%\Documents\fygedoxo.dl -> [2008/11/08 16:59:10 | 00,010,998 | ---- | M] () tebep.bat -> %AllUsersProfile%\Documents\tebep.bat -> [2008/11/08 16:59:10 | 00,010,754 | ---- | M] () jovobev.vbs -> %AllUsersProfile%\Application Data\jovobev.vbs -> [2008/11/08 16:59:10 | 00,010,727 | ---- | M] () nhpoek.dll -> %SystemRoot%\System32\nhpoek.dll -> [2008/11/08 16:55:38 | 00,103,936 | ---- | M] () AllState.ini -> %SystemRoot%\AllState.ini -> [2008/11/05 17:28:17 | 00,000,076 | ---- | M] () ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [2008/11/05 17:27:31 | 00,004,161 | ---- | M] () metallica garage inc 2.axp -> %UserProfile%\My Documents\metallica garage inc 2.axp -> [2008/11/05 14:18:11 | 00,003,225 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/04 09:07:30 | 00,559,044 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/04 09:07:30 | 00,467,370 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/04 09:07:30 | 00,081,516 | ---- | M] () MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/11/02 14:13:48 | 00,379,240 | ---- | M] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/11/02 14:04:22 | 00,054,156 | -H-- | M] () QTFont.for -> %SystemRoot%\QTFont.for -> [2008/11/02 14:04:22 | 00,001,409 | ---- | M] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/10/26 21:53:28 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/10/26 21:53:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\dllcache\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) wuweb.dll -> %SystemRoot%\System32\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) wuweb.dll -> %SystemRoot%\System32\dllcache\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) wucltui.dll -> %SystemRoot%\System32\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) wucltui.dll -> %SystemRoot%\System32\dllcache\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\dllcache\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) wuaucpl.cpl -> %SystemRoot%\System32\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) wuaucpl.cpl -> %SystemRoot%\System32\dllcache\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) cdm.dll -> %SystemRoot%\System32\dllcache\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) cdm.dll -> %SystemRoot%\System32\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\dllcache\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) wucltui.dll.mui -> %SystemRoot%\System32\wucltui.dll.mui -> [2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\dllcache\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) wuaucpl.cpl.mui -> %SystemRoot%\System32\wuaucpl.cpl.mui -> [2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation) wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation) wuaueng.dll.mui -> %SystemRoot%\System32\wuaueng.dll.mui -> [2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation) mucltui.dll -> %SystemRoot%\System32\mucltui.dll -> [2008/10/16 14:06:48 | 00,268,648 | ---- | M] (Microsoft Corporation) muweb.dll -> %SystemRoot%\System32\muweb.dll -> [2008/10/16 14:06:48 | 00,208,744 | ---- | M] (Microsoft Corporation) mucltui.dll.mui -> %SystemRoot%\System32\mucltui.dll.mui -> [2008/10/16 14:06:48 | 00,027,496 | ---- | M] (Microsoft Corporation) ntldr -> %SystemDrive%\ntldr -> [2008/10/16 10:18:13 | 00,250,048 | RHS- | M] () netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) < End of report > [/code]