[code] OTScanIt2 logfile created on: 12/9/2008 10:49:26 AM - Run 3 OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt2 Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 283.59 Mb Available Physical Memory | 55.61% Memory free 1.22 Gb Paging File | 0.88 Gb Available in Paging File | 71.95% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 6.65 Gb Free Space | 8.92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL914A Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Processes - Safe List] apache.exe -> %ProgramFiles%\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe -> [2006/06/28 15:06:00 | 00,020,571 | ---- | M] (Apache Software Foundation) apache.exe -> %ProgramFiles%\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe -> [2006/06/28 15:06:00 | 00,020,571 | ---- | M] (Apache Software Foundation) applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2003/04/07 00:07:38 | 00,114,688 | ---- | M] (Intel Corporation) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 17:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools) pe21cfr.exe -> %SystemRoot%\system32\pe21cfr.exe -> [2004/08/25 16:31:36 | 00,131,072 | ---- | M] (PerkinElmer) realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2007/05/30 14:25:44 | 00,185,896 | ---- | M] (RealNetworks, Inc.) taskmgr.exe -> %SystemRoot%\system32\taskmgr.exe -> [2004/08/04 07:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) usnsvc.exe -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/09/26 13:41:56 | 00,503,608 | ---- | M] (Apple Inc.) (MaterialsStudioGateway(18888)) Materials Studio Gateway (18888) [Win32_Own | Auto | Running] -> %ProgramFiles%\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe -> [2006/06/28 15:06:00 | 00,020,571 | ---- | M] (Apache Software Foundation) (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) (PE21CFR) PE21CFR [Win32_Own | Auto | Running] -> %SystemRoot%\system32\pe21cfr.exe -> [2004/08/25 16:31:36 | 00,131,072 | ---- | M] (PerkinElmer) (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZIPM12.DLL -> [2006/05/11 18:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 17:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) (WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Driver Services - Safe List] (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2003/04/15 10:39:46 | 00,090,907 | ---- | M] (Intel Corporation) (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) (MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> [2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmsbw.sys -> [2003/04/15 10:40:54 | 00,113,504 | ---- | M] (Intel Corporation) ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmkchw.sys -> [2003/04/15 10:40:46 | 00,078,752 | ---- | M] (Intel Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.columbia.edu/ -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_CURRENT_USER\: "ProxyEnable" -> 1 -> HKEY_CURRENT_USER\: "ProxyOverride" -> -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\5wm4z2w1.default\prefs.js -> browser.startup.homepage_override.mstone -> "rv:1.9.0.4" -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 -> extensions.enabledItems -> jqs@sun.com:1.0 -> extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.07103010 -> extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.94 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 -> < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated) {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 14:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/10 05:43:31 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2007/11/09 11:09:08 | 00,058,688 | ---- | M] (McAfee, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 09:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/10 05:43:16 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/10 05:43:17 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "HotKeysCmds" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2003/04/07 00:07:38 | 00,114,688 | ---- | M] (Intel Corporation) "IgfxTray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2003/04/07 00:19:52 | 00,155,648 | ---- | M] (Intel Corporation) "KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found "mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2007/05/30 14:25:44 | 00,185,896 | ---- | M] (RealNetworks, Inc.) "Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 17:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "msnmsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\GigaTribe.lnk -> %ProgramFiles%\GigaTribe\gigatribe.exe -> [2007/07/20 15:49:18 | 01,077,248 | ---- | M] (ShalSoft) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Yahoo! Search -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2007/03/21 08:56:03 | 00,000,000 | ---D | M] E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation) Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2007/03/21 08:56:03 | 00,000,000 | ---D | M] Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2007/03/21 08:56:03 | 00,000,000 | ---D | M] Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2007/03/21 08:56:03 | 00,000,000 | ---D | M] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 14:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {5727FF4C-EF4E-4d96-A96C-03AD91910448} [HKLM] -> http://www.srtest.com/srl_bin/sysreqlab_ind.cab[System Requirements Lab Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174579009953[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {A903E5AB-C67E-40FB-94F1-E1305982F6E0} [HKLM] -> http://www.ooxtv.com/stream.ocx[KooPlayer Control] -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {4AE72CD3-8130-4DF7-9579-0870E6649454} -> (Intel(R) PRO/100 VE Network Connection) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\WINDOWS\system32\jusovojo.dll C:\WINDOWS\system32\kokijozu.dll -> %SystemRoot%\system32\jusovojo.dll -> File not found C:\WINDOWS\system32\tijojepe.dll -> %SystemRoot%\system32\tijojepe.dll -> File not found *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> [2003/04/07 00:06:48 | 00,315,392 | ---- | M] (Intel Corporation) NavLogon -> -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 17:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 07:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 07:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe" -> C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe [C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> [2006/06/28 15:06:00 | 00,020,571 | ---- | M] (Apache Software Foundation) "C:\Program Files\AOL\Active Virus Shield\avp.exe" -> C:\Program Files\AOL\Active Virus Shield\avp.exe [C:\Program Files\AOL\Active Virus Shield\avp.exe:*:Enabled:Active Virus Shield] -> File not found "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe [C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:realsched] -> [2007/05/30 14:25:44 | 00,185,896 | ---- | M] (RealNetworks, Inc.) "C:\Program Files\GigaTribe\gigatribe.exe" -> C:\Program Files\GigaTribe\gigatribe.exe [C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe] -> [2007/07/20 15:49:18 | 01,077,248 | ---- | M] (ShalSoft) "C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2007/09/26 13:41:58 | 15,997,240 | ---- | M] (Apple Inc.) "C:\Program Files\McAfee\MSC\mcuimgr.exe" -> C:\Program Files\McAfee\MSC\mcuimgr.exe [C:\Program Files\McAfee\MSC\mcuimgr.exe:*:Enabled:mcuimgr] -> [2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) "C:\Program Files\McAfee\VirusScan\mcods.exe" -> C:\Program Files\McAfee\VirusScan\mcods.exe [C:\Program Files\McAfee\VirusScan\mcods.exe:*:Enabled:mcods] -> [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox] -> [2008/10/31 15:55:59 | 00,307,712 | ---- | M] (Mozilla Corporation) "C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlay] -> [2007/05/30 14:25:47 | 00,214,560 | ---- | M] (RealNetworks, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/08/12 17:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.) "C:\Program Files\SopCast\adv\SopAdver.exe" -> C:\Program Files\SopCast\adv\SopAdver.exe [C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> [2007/03/07 05:27:12 | 00,567,384 | ---- | M] (www.sopcast.com) "C:\Program Files\SopCast\SopCast.exe" -> C:\Program Files\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> [2008/04/30 03:32:48 | 01,892,352 | ---- | M] (www.sopcast.com) "C:\Program Files\SopCast\sopvod.exe" -> C:\Program Files\SopCast\sopvod.exe [C:\Program Files\SopCast\sopvod.exe:*:Disabled:sopvod] -> [2007/03/07 05:26:58 | 01,427,560 | ---- | M] () "C:\Program Files\TVAnts\Tvants.exe" -> C:\Program Files\TVAnts\Tvants.exe [C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts] -> [2007/08/12 23:47:16 | 02,166,784 | ---- | M] (Zhejiang University) "C:\Program Files\Windows Defender\MSASCui.exe" -> C:\Program Files\Windows Defender\MSASCui.exe [C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:MSASCui] -> [2006/11/03 17:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/03/01 17:11:26 | 04,670,968 | ---- | M] (Yahoo! Inc.) "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/03/01 17:11:34 | 00,091,640 | ---- | M] (Yahoo! Inc.) "C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\system32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui] -> [2004/08/04 07:00:00 | 00,514,560 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32] -> [2004/08/04 07:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\taskmgr.exe" -> C:\WINDOWS\system32\taskmgr.exe [C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr] -> [2004/08/04 07:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\WgaTray.exe" -> C:\WINDOWS\system32\WgaTray.exe [C:\WINDOWS\system32\WgaTray.exe:*:Enabled:WgaTray] -> [2008/09/05 23:29:58 | 00,917,032 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\system32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2004/08/04 07:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/04 07:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/03/20 19:47:20 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{0bd33567-ff03-11db-b3cb-000cf1ea3bb7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd33567-ff03-11db-b3cb-000cf1ea3bb7}\Shell \{0bd33567-ff03-11db-b3cb-000cf1ea3bb7}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd33567-ff03-11db-b3cb-000cf1ea3bb7}\Shell\AutoRun \{0bd33567-ff03-11db-b3cb-000cf1ea3bb7}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd33567-ff03-11db-b3cb-000cf1ea3bb7}\Shell\AutoRun\command \{0bd33567-ff03-11db-b3cb-000cf1ea3bb7}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe] -> File not found \{863d2844-f982-11db-b3c8-000cf1ea3bb7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{863d2844-f982-11db-b3c8-000cf1ea3bb7}\Shell \{863d2844-f982-11db-b3c8-000cf1ea3bb7}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{863d2844-f982-11db-b3c8-000cf1ea3bb7}\Shell\AutoRun \{863d2844-f982-11db-b3c8-000cf1ea3bb7}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{863d2844-f982-11db-b3c8-000cf1ea3bb7}\Shell\AutoRun\command \{863d2844-f982-11db-b3c8-000cf1ea3bb7}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe] -> File not found \{fd921a61-87fc-11dc-b3de-000cf1ea3bb7} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd921a61-87fc-11dc-b3de-000cf1ea3bb7}\Shell \{fd921a61-87fc-11dc-b3de-000cf1ea3bb7}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd921a61-87fc-11dc-b3de-000cf1ea3bb7}\Shell\AutoRun \{fd921a61-87fc-11dc-b3de-000cf1ea3bb7}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found [Files/Folders - Created Within 30 Days] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/09 10:42:56 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/09 10:39:03 | 00,647,651 | ---- | C] () sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [2008/12/08 14:51:51 | 00,000,268 | -H-- | C] () sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [2008/12/08 14:51:51 | 00,000,244 | -H-- | C] () Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/08 14:01:14 | 00,000,000 | ---D | C] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/08 14:01:00 | 00,000,696 | ---- | C] () mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/08 14:00:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/08 14:00:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/08 14:00:49 | 00,000,000 | ---D | C] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/08 14:00:48 | 00,000,000 | ---D | C] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/12/08 14:00:01 | 02,538,912 | ---- | C] (Malwarebytes Corporation ) ERDNT -> %SystemRoot%\ERDNT -> [2008/12/08 13:54:37 | 00,000,000 | ---D | C] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008/12/08 13:53:38 | 00,000,611 | ---- | C] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008/12/08 13:53:38 | 00,000,592 | ---- | C] () ERUNT -> %ProgramFiles%\ERUNT -> [2008/12/08 13:53:35 | 00,000,000 | ---D | C] erunt_setup.exe -> %UserProfile%\Desktop\erunt_setup.exe -> [2008/12/08 13:52:08 | 00,791,393 | ---- | C] (Lars Hederer ) pss -> %SystemRoot%\pss -> [2008/12/08 13:50:12 | 00,000,000 | ---D | C] SysRestorePoint_v13 -> %UserProfile%\Desktop\SysRestorePoint_v13 -> [2008/12/08 13:46:13 | 00,000,000 | ---D | C] SysRestorePoint_v13.zip -> %UserProfile%\Desktop\SysRestorePoint_v13.zip -> [2008/12/08 13:45:19 | 00,009,334 | ---- | C] () sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [2008/12/08 13:22:33 | 00,000,268 | -H-- | C] () sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [2008/12/08 13:22:33 | 00,000,244 | -H-- | C] () sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [2008/12/08 12:38:20 | 00,000,268 | -H-- | C] () sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [2008/12/08 12:38:20 | 00,000,244 | -H-- | C] () sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [2008/12/08 11:57:16 | 00,000,268 | -H-- | C] () sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [2008/12/08 11:57:15 | 00,000,244 | -H-- | C] () sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [2008/12/08 11:31:14 | 00,000,268 | -H-- | C] () sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [2008/12/08 11:31:14 | 00,000,244 | -H-- | C] () dmexoboj.exe -> %SystemRoot%\System32\dmexoboj.exe -> [2008/12/08 10:36:01 | 00,033,832 | ---- | C] (Microsoft Corporation) kybocfzl.exe -> %SystemRoot%\System32\kybocfzl.exe -> [2008/12/08 10:35:31 | 00,033,832 | ---- | C] (Microsoft Corporation) sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [2008/12/08 10:35:24 | 00,000,268 | -H-- | C] () sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [2008/12/08 10:35:24 | 00,000,244 | -H-- | C] () PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [2008/12/08 10:23:13 | 00,000,000 | ---D | C] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [2008/12/08 10:03:50 | 00,000,268 | -H-- | C] () sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [2008/12/08 10:03:50 | 00,000,244 | -H-- | C] () sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [2008/12/05 18:16:49 | 00,000,268 | -H-- | C] () sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [2008/12/05 18:16:49 | 00,000,244 | -H-- | C] () mpas-fe.exe -> %UserProfile%\Desktop\mpas-fe.exe -> [2008/12/05 17:32:39 | 11,402,120 | ---- | C] (Microsoft Corporation) For Prof ISSc -> %UserProfile%\Desktop\For Prof ISSc -> [2008/12/01 10:21:48 | 00,000,000 | ---D | C] ifasoyuk.ini -> %SystemRoot%\System32\ifasoyuk.ini -> [2008/11/25 23:50:55 | 01,590,546 | -HS- | C] () Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/11/25 13:55:42 | 00,001,602 | ---- | C] () Firefox Setup 3.0.4.exe -> %UserProfile%\Desktop\Firefox Setup 3.0.4.exe -> [2008/11/25 13:53:00 | 07,508,624 | ---- | C] (Mozilla) VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [2008/11/25 13:32:13 | 00,000,000 | ---D | C] trojan vundo -> %UserProfile%\Desktop\trojan vundo -> [2008/11/25 13:30:56 | 00,000,000 | ---D | C] ineyeyop.ini -> %SystemRoot%\System32\ineyeyop.ini -> [2008/11/25 11:52:04 | 01,589,488 | -HS- | C] () SystemRequirementsLab -> %ProgramFiles%\SystemRequirementsLab -> [2008/11/22 21:42:22 | 00,000,000 | ---D | C] LexFiles.usr -> %SystemRoot%\System32\LexFiles.usr -> [2008/11/21 15:31:53 | 00,000,779 | ---- | C] () LexFiles.ulf -> %SystemRoot%\System32\LexFiles.ulf -> [2008/11/21 15:31:45 | 00,001,964 | ---- | C] () Lexmark_HostCD -> %ProgramFiles%\Lexmark_HostCD -> [2008/11/21 15:31:45 | 00,000,000 | ---D | C] DanceMedley-reduced.mp3 -> %UserProfile%\Desktop\DanceMedley-reduced.mp3 -> [2008/11/09 17:36:27 | 07,816,802 | ---- | C] () [Files/Folders - Modified Within 30 Days] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2007/03/20 19:24:27 | 00,000,000 | ---D | M] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/08 16:02:18 | 00,004,232 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/08 16:01:25 | 00,005,386 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2007/03/22 11:12:50 | 00,000,000 | ---D | M] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2007/03/22 11:12:50 | 00,008,206 | ---- | M] () C:\Documents and Settings\Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp -> [2008/12/09 10:47:16 | 00,000,000 | ---D | M] jre-6u11-windows-i586-p-iftw.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u11-windows-i586-p-iftw.exe -> [2008/11/25 22:49:07 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.) 5 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/09 10:43:19 | 00,000,000 | ---D | M] Perflib_Perfdata_16c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_16c.dat -> [2008/12/08 16:13:46 | 00,016,384 | ---- | M] () 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/09 10:39:16 | 00,647,651 | ---- | M] () MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/12/09 02:07:18 | 00,000,330 | -H-- | M] () My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/12/08 22:37:26 | 00,000,579 | ---- | M] () sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [2008/12/08 14:51:51 | 00,000,268 | -H-- | M] () sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [2008/12/08 14:51:51 | 00,000,244 | -H-- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/08 14:50:50 | 00,013,646 | ---- | M] () Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2008/12/08 14:48:53 | 00,013,569 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/08 14:48:09 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/08 14:47:54 | 00,002,048 | --S- | M] () Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/08 14:01:00 | 00,000,696 | ---- | M] () mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/12/08 14:00:04 | 02,538,912 | ---- | M] (Malwarebytes Corporation ) NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008/12/08 13:53:38 | 00,000,611 | ---- | M] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008/12/08 13:53:38 | 00,000,592 | ---- | M] () erunt_setup.exe -> %UserProfile%\Desktop\erunt_setup.exe -> [2008/12/08 13:52:13 | 00,791,393 | ---- | M] (Lars Hederer ) SysRestorePoint_v13.zip -> %UserProfile%\Desktop\SysRestorePoint_v13.zip -> [2008/12/08 13:45:28 | 00,009,334 | ---- | M] () sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [2008/12/08 13:22:33 | 00,000,268 | -H-- | M] () sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [2008/12/08 13:22:33 | 00,000,244 | -H-- | M] () gihupegu -> %SystemRoot%\System32\gihupegu -> [2008/12/08 13:10:30 | 00,006,456 | -H-- | M] () sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [2008/12/08 12:38:20 | 00,000,268 | -H-- | M] () sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [2008/12/08 12:38:20 | 00,000,244 | -H-- | M] () sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [2008/12/08 11:57:16 | 00,000,268 | -H-- | M] () sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [2008/12/08 11:57:15 | 00,000,244 | -H-- | M] () sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [2008/12/08 11:31:14 | 00,000,268 | -H-- | M] () sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [2008/12/08 11:31:14 | 00,000,244 | -H-- | M] () dmexoboj.exe -> %SystemRoot%\System32\dmexoboj.exe -> [2008/12/08 10:36:01 | 00,033,832 | ---- | M] (Microsoft Corporation) kybocfzl.exe -> %SystemRoot%\System32\kybocfzl.exe -> [2008/12/08 10:35:32 | 00,033,832 | ---- | M] (Microsoft Corporation) sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [2008/12/08 10:35:24 | 00,000,268 | -H-- | M] () sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [2008/12/08 10:35:24 | 00,000,244 | -H-- | M] () sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [2008/12/08 10:03:50 | 00,000,268 | -H-- | M] () sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [2008/12/08 10:03:50 | 00,000,244 | -H-- | M] () sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [2008/12/05 18:16:49 | 00,000,268 | -H-- | M] () sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [2008/12/05 18:16:49 | 00,000,244 | -H-- | M] () mpas-fe.exe -> %UserProfile%\Desktop\mpas-fe.exe -> [2008/12/05 17:33:54 | 11,402,120 | ---- | M] (Microsoft Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:58:36 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:58:32 | 00,015,504 | ---- | M] (Malwarebytes Corporation) AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/02 21:07:27 | 00,000,284 | ---- | M] () McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [2008/12/01 01:00:39 | 00,000,348 | ---- | M] () ifasoyuk.ini -> %SystemRoot%\System32\ifasoyuk.ini -> [2008/11/25 23:51:13 | 01,590,546 | -HS- | M] () Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/11/25 13:55:42 | 00,001,602 | ---- | M] () Firefox Setup 3.0.4.exe -> %UserProfile%\Desktop\Firefox Setup 3.0.4.exe -> [2008/11/25 13:53:16 | 07,508,624 | ---- | M] (Mozilla) ineyeyop.ini -> %SystemRoot%\System32\ineyeyop.ini -> [2008/11/25 11:52:15 | 01,589,488 | -HS- | M] () omnic32.ini -> %SystemRoot%\omnic32.ini -> [2008/11/22 21:04:24 | 00,001,031 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/11/21 17:40:21 | 00,009,216 | ---- | M] () LexFiles.usr -> %SystemRoot%\System32\LexFiles.usr -> [2008/11/21 15:31:54 | 00,000,779 | ---- | M] () LexFiles.ulf -> %SystemRoot%\System32\LexFiles.ulf -> [2008/11/21 15:31:52 | 00,001,964 | ---- | M] () McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [2008/11/15 01:10:58 | 00,000,356 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/13 03:28:25 | 00,314,508 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/13 03:28:25 | 00,040,836 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/13 03:28:24 | 00,360,124 | ---- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/13 03:03:41 | 00,001,393 | ---- | M] () DanceMedley-reduced.mp3 -> %UserProfile%\Desktop\DanceMedley-reduced.mp3 -> [2008/11/09 17:37:54 | 07,816,802 | ---- | M] () [File - Lop Check] Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2008/12/08 14:01:14 | 00,000,000 | RH-D | M] dvdcss -> C:\Documents and Settings\Administrator\Application Data\dvdcss -> [2007/09/10 09:43:07 | 00,000,000 | ---D | M] GigaTribe -> C:\Documents and Settings\Administrator\Application Data\GigaTribe -> [2007/07/26 15:20:21 | 00,000,000 | ---D | M] gtk-2.0 -> C:\Documents and Settings\Administrator\Application Data\gtk-2.0 -> [2008/07/08 12:20:10 | 00,000,000 | ---D | M] Locktime -> C:\Documents and Settings\Administrator\Application Data\Locktime -> [2007/05/01 12:34:57 | 00,000,000 | ---D | M] Move Networks -> C:\Documents and Settings\Administrator\Application Data\Move Networks -> [2008/07/03 09:17:09 | 00,000,000 | ---D | M] MusicIP -> C:\Documents and Settings\Administrator\Application Data\MusicIP -> [2007/04/28 13:45:32 | 00,000,000 | ---D | M] U3 -> C:\Documents and Settings\Administrator\Application Data\U3 -> [2008/08/21 11:57:14 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/08 14:00:49 | 00,000,000 | RH-D | M] Locktime -> C:\Documents and Settings\All Users\Application Data\Locktime -> [2007/05/01 12:32:37 | 00,000,000 | ---D | M] PerkinElmer -> C:\Documents and Settings\All Users\Application Data\PerkinElmer -> [2008/01/04 15:55:36 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/08 14:51:17 | 00,000,000 | --SD | M] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/12/02 21:07:27 | 00,000,284 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2008/11/15 01:10:58 | 00,000,356 | ---- | M] () McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2008/12/01 01:00:39 | 00,000,348 | ---- | M] () MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2008/12/09 02:07:18 | 00,000,330 | -H-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/08 14:48:09 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\dmexoboj.exe:changelist 124 bytes C:\WINDOWS\system32\kybocfzl.exe:changelist 124 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\Administrator\Favorites\Bandwidth Quotas to Improve Network Performance.url:favicon 2366 bytes C:\Documents and Settings\Administrator\Favorites\MRSEC Shared Equipment Sign-Up Calendars.url:favicon 2366 bytes C:\Documents and Settings\Administrator\Favorites\MSN.com.url:favicon 3638 bytes C:\Documents and Settings\Administrator\My Documents\Personal\Personal\Parag\Proposal\Papers\Silicone class project\Silicone: Dow corning.pdf 67415 bytes < End of report > [/code]