[code] OTScanIt2 logfile created on: 12/9/2008 3:18:26 PM - Run 2 OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\OTScanIt2 Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 446.48 Mb Total Physical Memory | 251.13 Mb Available Physical Memory | 56.24% Memory free 1.03 Gb Paging File | 0.81 Gb Available in Paging File | 78.72% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 140.48 Gb Total Space | 7.92 Gb Free Space | 5.63% Space Free | Partition Type: NTFS Drive D: | 8.55 Gb Total Space | 0.62 Gb Free Space | 7.21% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BECKY Current User Name: Compaq_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Processes - Safe List] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) arservice.exe -> %SystemRoot%\arservice.exe -> [2005/08/02 19:19:16 | 00,058,880 | ---- | M] (Microsoft) compaq connections.exe -> %ProgramFiles%\Compaq Connections\5577497\Program\Compaq Connections.exe -> [2007/01/10 10:25:05 | 00,036,903 | ---- | M] (Hewlett-Packard) ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 16:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 16:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/08/05 16:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/26 22:19:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/26 22:19:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/08/17 19:06:12 | 00,061,440 | ---- | M] (Hewlett-Packard Company) mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 16:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2006/05/09 10:50:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> [2003/05/08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools) rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) tablet.exe -> %SystemRoot%\system32\Tablet.exe -> [2002/03/19 10:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) (ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> [2005/08/02 19:19:16 | 00,058,880 | ---- | M] (Microsoft) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/04/13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) (BthServ) Bluetooth Support Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\bthserv.dll -> [2008/04/13 19:11:50 | 00,030,208 | ---- | M] (Microsoft Corporation) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/04/13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) (ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) (ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 16:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/26 22:19:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/08/17 19:06:12 | 00,061,440 | ---- | M] (Hewlett-Packard Company) (McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 16:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) (MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\mhn.dll -> [2004/08/09 22:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2006/05/09 10:50:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) (TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> [2002/03/19 10:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2005/03/09 09:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) (BthEnum) Bluetooth Request Block Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthenum.sys -> [2008/04/13 13:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) (BTHMODEM) Bluetooth Modem Communications Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthmodem.sys -> [2008/04/13 13:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) (BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthpan.sys -> [2008/04/13 13:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) (BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthport.sys -> [2008/06/13 06:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) (BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bthusb.sys -> [2008/04/13 13:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> [2005/12/06 06:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.) (HSX_DP) HSX_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> [2005/12/06 06:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2006/06/14 06:04:12 | 04,299,264 | ---- | M] (Realtek Semiconductor Corp.) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2005/10/05 10:57:08 | 00,012,544 | ---- | M] (Conexant) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2006/05/09 10:50:00 | 03,535,680 | ---- | M] (NVIDIA Corporation) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2006/03/03 10:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2006/03/03 10:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) (PenClass) Pen Class [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\penclass.sys -> [2001/04/09 08:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/09 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rfcomm.sys -> [2008/04/13 13:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [2004/08/03 09:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) (winachsx) winachsx [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> [2005/12/06 06:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\v5vj2j6i.default\prefs.js -> browser.startup.homepage -> "http://www.yahoo.com" -> browser.startup.homepage_override.mstone -> "rv:1.9.0.4" -> extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:3.5 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 -> extensions.enabledItems -> jqs@sun.com:1.0 -> extensions.enabledItems -> firefox@tvunetworks.com:2 -> extensions.enabledItems -> 4 -> extensions.enabledItems -> 1 -> extensions.enabledItems -> 0 -> extensions.enabledItems -> {14198907-D862-49DF-ACF8-B1CD2BC98450}:1.0 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 -> < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {22F84233-6051-464F-A64D-71731A0EB192} [HKLM] -> %SystemRoot%\system32\pmnOhfCv.dll [Reg Error: Value does not exist or could not be read.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/26 22:19:20 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2008/09/05 13:40:36 | 00,208,896 | ---- | M] (Hewlett-Packard) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/26 22:19:19 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [2006/04/18 19:05:46 | 00,552,960 | ---- | M] () < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) "AlwaysReady Power Message APP" -> %SystemRoot%\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/02 19:19:16 | 00,077,312 | ---- | M] (Microsoft) "BluetoothAuthenticationAgent" -> %SystemRoot%\system32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2008/04/13 19:12:41 | 00,110,592 | ---- | M] (Microsoft Corporation) "ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/05 16:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) "ftutil2" -> %SystemRoot%\system32\ftutil2.dll [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> [2004/06/07 09:05:38 | 00,106,496 | ---- | M] (Promise Technology, Inc.) "HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) "HPBootOp" -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run] -> File not found "KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found "NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2008/01/10 01:50:04 | 00,155,648 | ---- | M] (Ahead Software Gmbh) "NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/05/09 10:50:00 | 07,311,360 | ---- | M] (NVIDIA Corporation) "nwiz" -> [nwiz.exe /install] -> File not found "OpwareSE2" -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe ["C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"] -> [2003/05/08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) "PCDrProfiler" -> [] -> File not found "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/09/06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.) "Recguard" -> %SystemRoot%\SMINST\RECGUARD.EXE [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2008/01/10 12:54:38 | 00,237,568 | ---- | M] () "RTHDCPL" -> [RTHDCPL.EXE] -> File not found "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/26 22:19:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Compaq Connections.lnk -> %ProgramFiles%\Compaq Connections\5577497\Program\Compaq Connections.exe -> [2007/01/10 10:25:05 | 00,036,903 | ---- | M] (Hewlett-Packard) %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 15:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) < Compaq_Administrator Startup Folder > -> C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [255] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found \\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [91 00 00 00 [binary data]] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html] -> [2006/04/18 19:05:46 | 00,552,960 | ---- | M] () Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html] -> [2006/04/18 19:05:46 | 00,552,960 | ---- | M] () Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html] -> [2006/04/18 19:05:46 | 00,552,960 | ---- | M] () Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html] -> [2006/04/18 19:05:46 | 00,552,960 | ---- | M] () < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> %ProgramFiles%\AIM\aim.exe [Button: AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU [Button: Run IMVU] -> File not found {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/09/05 13:40:18 | 00,000,706 | ---- | M] () {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/09/05 13:40:18 | 00,000,706 | ---- | M] () {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU [Run IMVU] -> File not found CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> trymedia.com .[http] -> Trusted sites -> trymedia.com .[https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [HKLM] -> http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[CKAVWebScan Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {CFCBEE6F-BE54-4682-84F6-0E3FCDFAE3E2} [HKLM] -> http://www.clubbox.co.kr/neo.fld/NowCAFE.cab[NowCAFE Control] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {099EA48E-65D1-4A3A-8582-32AC5D53072B} -> (NVIDIA nForce Networking Controller) -> {892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> {AF6C2335-30A4-461F-8078-252C34FF0573} -> () -> {B25A8304-B873-4CC5-9E31-35935B2061F2} -> () -> {D11C301B-DB7B-421D-A4CE-05806D47EB7A} -> () -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> auwstl.dll -> -> File not found *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> digeste.dll -> -> File not found *MultiFile Done* -> -> < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> C:\WINDOWS\system32\pmnOhfCv -> -> File not found *MultiFile Done* -> -> < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> [2006/08/01 14:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent] -> [2007/09/07 18:01:54 | 00,043,008 | ---- | M] () "C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" -> C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections] -> [2007/01/10 10:25:05 | 00,036,903 | ---- | M] (Hewlett-Packard) "C:\Program Files\KeyHoleTV\KeyHoleTV.exe" -> C:\Program Files\KeyHoleTV\KeyHoleTV.exe [C:\Program Files\KeyHoleTV\KeyHoleTV.exe:*:Enabled:KeyHole TV Main Application] -> File not found "C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2008/11/13 16:44:26 | 00,307,712 | ---- | M] (Mozilla Corporation) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\Rhapsody\rhapsody.exe" -> C:\Program Files\Rhapsody\rhapsody.exe [C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody] -> [2006/04/17 04:56:40 | 05,632,000 | ---- | M] (RealNetworks, Inc.) "C:\Program Files\Soulseek\slsk.exe" -> C:\Program Files\Soulseek\slsk.exe [C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek] -> [2005/04/17 17:08:10 | 03,112,960 | ---- | M] () "C:\Program Files\TVUPlayer\TVUPlayer.exe" -> C:\Program Files\TVUPlayer\TVUPlayer.exe [C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component] -> [2008/07/18 03:45:56 | 02,067,536 | ---- | M] (TVU networks) "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2008/10/14 12:48:57 | 00,270,128 | ---- | M] (BitTorrent, Inc.) "C:\WINDOWS\system32\clubbox.exe" -> C:\WINDOWS\system32\clubbox.exe [C:\WINDOWS\system32\clubbox.exe:*:Enabled:嬷´¹ú½º æäàïàü¼û °ü¸®àú] -> [2008/11/17 12:53:10 | 01,572,864 | R--- | M] (Nowcom, Co. LTD.) "C:\WINDOWS\system32\FSCAgent.exe" -> C:\WINDOWS\system32\fscagent.exe [C:\WINDOWS\system32\FSCAgent.exe:*:Enabled:클럽박스 파일전송 데몬] -> [2008/02/25 11:24:40 | 00,159,744 | R--- | M] (Nowcom Co., Ltd.) "C:\WINDOWS\system32\grdmgr.exe" -> C:\WINDOWS\system32\grdmgr.exe [C:\WINDOWS\system32\grdmgr.exe:*:Enabled:CDN 파일전송 데몬] -> [2007/12/27 12:24:00 | 00,102,400 | R--- | M] (나우콤) "C:\WINDOWS\system32\pdbox28.exe" -> C:\WINDOWS\system32\pdbox28.exe [C:\WINDOWS\system32\pdbox28.exe:*:Enabled:PDBOX File Transfer Manager] -> [2008/02/28 05:57:34 | 01,622,016 | R--- | M] (Nowcom, Co. LTD.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/08/30 16:02:02 | 00,000,000 | ---- | M] () D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Files/Folders - Created Within 30 Days] Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/09 11:06:54 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/09 11:06:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/09 11:06:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/09 11:06:49 | 00,000,000 | ---D | C] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/09 11:06:49 | 00,000,000 | ---D | C] vCfhOnmp.ini2 -> %SystemRoot%\System32\vCfhOnmp.ini2 -> [2008/12/09 02:22:17 | 00,918,023 | -HS- | C] () _OTScanIt -> %SystemDrive%\_OTScanIt -> [2008/12/09 02:21:15 | 00,000,000 | ---D | C] OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/08 20:26:55 | 00,000,000 | ---D | C] Aiba Masaki - Much Ado About Love - 2005.11.12.avi -> %UserProfile%\Desktop\Aiba Masaki - Much Ado About Love - 2005.11.12.avi -> [2008/12/08 14:39:15 | 12,631,4082 | ---- | C] () vCfhOnmp.ini -> %SystemRoot%\System32\vCfhOnmp.ini -> [2008/12/07 21:42:38 | 00,918,023 | -HS- | C] () xena soundtracks.zip -> %UserProfile%\My Documents\xena soundtracks.zip -> [2008/12/06 23:55:35 | 57,958,0944 | ---- | C] () mcd seph vs kfc cloud.jpg -> %UserProfile%\My Documents\mcd seph vs kfc cloud.jpg -> [2008/12/06 01:27:33 | 00,500,514 | ---- | C] () {14198907-D862-49DF-ACF8-B1CD2BC98450} -> %UserProfile%\Local Settings\Application Data\{14198907-D862-49DF-ACF8-B1CD2BC98450} -> [2008/12/02 17:48:46 | 00,000,000 | ---D | C] Dvm.INI -> %SystemRoot%\Dvm.INI -> [2008/11/28 20:16:06 | 00,000,000 | ---- | C] () withkittyandkid2.wav -> %UserProfile%\My Documents\withkittyandkid2.wav -> [2008/11/28 20:15:53 | 02,892,890 | ---- | C] () withkittyandkid1.wav -> %UserProfile%\My Documents\withkittyandkid1.wav -> [2008/11/28 20:15:25 | 03,474,778 | ---- | C] () [TFS] 071105 Oguri Shun on Bistro SMAP.avi -> %UserProfile%\Desktop\[TFS] 071105 Oguri Shun on Bistro SMAP.avi -> [2008/11/27 01:44:12 | 24,190,9760 | ---- | C] () PLANETARIUM SHOW CASE -> %UserProfile%\Desktop\PLANETARIUM SHOW CASE -> [2008/11/22 02:28:25 | 00,000,000 | ---D | C] LOGiQ - Kanon ~Kanon~.mp4 -> %UserProfile%\Desktop\LOGiQ - Kanon ~Kanon~.mp4 -> [2008/11/22 02:23:00 | 22,812,474 | ---- | C] () clubbox.exe -> %SystemRoot%\System32\clubbox.exe -> [2008/11/17 12:53:10 | 01,572,864 | R--- | C] (Nowcom, Co. LTD.) nowmemdf.sys -> %SystemRoot%\System32\nowmemdf.sys -> [2008/11/13 07:45:58 | 00,015,104 | R--- | C] ((c)NOWCOM) downengine.dll -> %SystemRoot%\System32\downengine.dll -> [2008/11/13 07:36:12 | 00,155,648 | R--- | C] ((주)나우콤) mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/12 08:43:31 | 00,455,296 | ---- | C] (Microsoft Corporation) msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/12 08:43:17 | 01,106,944 | ---- | C] (Microsoft Corporation) gingershelf.jpg -> %UserProfile%\My Documents\gingershelf.jpg -> [2008/11/11 22:31:12 | 00,052,212 | ---- | C] () [Files/Folders - Modified Within 30 Days] 12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs -> [2008/12/09 11:14:55 | 00,000,000 | ---D | M] eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat -> [2005/08/30 16:06:38 | 00,000,268 | -H-- | M] () eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat -> [2005/08/30 16:07:02 | 00,000,268 | -H-- | M] () eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat -> [2005/08/30 16:15:10 | 00,000,268 | -H-- | M] () eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat -> [2005/08/30 16:17:14 | 00,000,268 | -H-- | M] () eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat -> [2007/01/10 09:31:28 | 00,000,268 | -H-- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2007/01/10 10:14:21 | 00,000,000 | ---D | M] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/07 22:00:51 | 00,005,179 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/07 22:01:47 | 00,004,232 | ---- | M] () C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp -> [2008/12/09 15:18:20 | 00,000,000 | ---D | M] IadHide5.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll -> [2007/01/10 10:25:02 | 00,024,613 | ---- | M] (BackWeb) C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP -> [2008/12/09 13:50:18 | 00,000,000 | ---D | M] Perflib_Perfdata_25c.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_25c.dat -> [2008/12/09 11:14:57 | 00,016,384 | ---- | M] () Perflib_Perfdata_48c.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_48c.dat -> [2008/12/09 13:50:18 | 00,016,384 | ---- | M] () NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/09 14:02:45 | 00,000,116 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/09 14:02:44 | 00,104,960 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/09 11:15:19 | 00,001,158 | ---- | M] () wacom.dat -> %SystemRoot%\System32\wacom.dat -> [2008/12/09 11:15:04 | 00,000,317 | ---- | M] () nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2008/12/09 11:14:54 | 00,043,531 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/09 11:14:47 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/09 11:14:36 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/09 11:14:34 | 46,824,2432 | -HS- | M] () bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [2008/12/09 11:13:40 | 00,000,012 | ---- | M] () vCfhOnmp.ini -> %SystemRoot%\System32\vCfhOnmp.ini -> [2008/12/09 10:55:37 | 00,918,023 | -HS- | M] () vCfhOnmp.ini2 -> %SystemRoot%\System32\vCfhOnmp.ini2 -> [2008/12/09 10:55:34 | 00,918,023 | -HS- | M] () Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [2008/12/08 18:39:53 | 00,008,192 | -HS- | M] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/08 15:26:32 | 01,579,996 | -H-- | M] () Aiba Masaki - Much Ado About Love - 2005.11.12.avi -> %UserProfile%\Desktop\Aiba Masaki - Much Ado About Love - 2005.11.12.avi -> [2008/12/08 14:41:48 | 12,631,4082 | ---- | M] () My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/12/07 22:32:47 | 00,000,618 | ---- | M] () FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/12/07 21:46:25 | 00,323,520 | ---- | M] () fscflist.ini -> %SystemRoot%\System32\fscflist.ini -> [2008/12/07 15:17:54 | 00,000,567 | ---- | M] () xena soundtracks.zip -> %UserProfile%\My Documents\xena soundtracks.zip -> [2008/12/06 23:55:35 | 57,958,0944 | ---- | M] () win.ini -> %SystemRoot%\win.ini -> [2008/12/06 21:55:52 | 00,000,658 | ---- | M] () Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [2008/12/06 12:46:20 | 01,431,032 | -HS- | M] () mcd seph vs kfc cloud.jpg -> %UserProfile%\My Documents\mcd seph vs kfc cloud.jpg -> [2008/12/06 01:27:35 | 00,500,514 | ---- | M] () fscagent.ini -> %SystemRoot%\System32\fscagent.ini -> [2008/12/05 22:58:25 | 00,000,080 | ---- | M] () PDBOXGame.html -> %SystemRoot%\System32\PDBOXGame.html -> [2008/12/05 22:58:22 | 00,000,000 | ---- | M] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/03 13:50:04 | 00,000,284 | ---- | M] () agentfile.che -> %SystemRoot%\System32\agentfile.che -> [2008/12/02 23:36:38 | 15,548,428 | ---- | M] () Dvm.INI -> %SystemRoot%\Dvm.INI -> [2008/11/28 20:16:06 | 00,000,000 | ---- | M] () withkittyandkid2.wav -> %UserProfile%\My Documents\withkittyandkid2.wav -> [2008/11/28 20:16:01 | 02,892,890 | ---- | M] () withkittyandkid1.wav -> %UserProfile%\My Documents\withkittyandkid1.wav -> [2008/11/28 20:15:34 | 03,474,778 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/27 20:11:01 | 00,544,988 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/27 20:11:01 | 00,454,600 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/27 20:11:01 | 00,081,636 | ---- | M] () [TFS] 071105 Oguri Shun on Bistro SMAP.avi -> %UserProfile%\Desktop\[TFS] 071105 Oguri Shun on Bistro SMAP.avi -> [2008/11/27 01:49:11 | 24,190,9760 | ---- | M] () PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [2008/11/21 02:07:19 | 00,000,151 | ---- | M] () clubbox.exe -> %SystemRoot%\System32\clubbox.exe -> [2008/11/17 12:53:10 | 01,572,864 | R--- | M] (Nowcom, Co. LTD.) nowmemdf.sys -> %SystemRoot%\System32\nowmemdf.sys -> [2008/11/13 07:45:58 | 00,015,104 | R--- | M] ((c)NOWCOM) downengine.dll -> %SystemRoot%\System32\downengine.dll -> [2008/11/13 07:36:12 | 00,155,648 | R--- | M] ((주)나우콤) imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/13 03:01:36 | 00,001,393 | ---- | M] () gingershelf.jpg -> %UserProfile%\My Documents\gingershelf.jpg -> [2008/11/11 22:31:12 | 00,052,212 | ---- | M] () [File - Lop Check] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/09 11:06:49 | 00,000,000 | -H-D | M] Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [2007/07/03 23:13:44 | 00,000,000 | ---D | M] CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ -> [2008/02/02 14:21:50 | 00,000,000 | -H-D | M] CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2007/01/10 10:16:41 | 00,000,000 | ---D | M] Digital Interactive Systems Corporation -> C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation -> [2007/05/09 18:53:02 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2007/01/10 10:20:37 | 00,000,000 | ---D | M] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2007/01/10 09:57:51 | 00,000,000 | ---D | M] SSScanAppDataDir -> C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir -> [2008/02/02 14:17:01 | 00,000,000 | ---D | M] SSScanWizard -> C:\Documents and Settings\All Users\Application Data\SSScanWizard -> [2008/02/02 14:17:01 | 00,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/06/30 17:31:52 | 00,000,000 | ---D | M] @Alternate Data Stream - 101 bytes -> %AllUsersProfile%\Application Data\TEMP:0CE7F3C9 @Alternate Data Stream - 164 bytes -> %AllUsersProfile%\Application Data\TEMP:4BF2F6B5 Trymedia -> C:\Documents and Settings\All Users\Application Data\Trymedia -> [2007/06/16 14:50:13 | 00,000,000 | ---D | M] TVU Networks -> C:\Documents and Settings\All Users\Application Data\TVU Networks -> [2008/07/25 07:56:16 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/05/09 23:20:38 | 00,000,000 | ---D | M] WildTangent -> C:\Documents and Settings\All Users\Application Data\WildTangent -> [2008/05/04 16:54:14 | 00,000,000 | ---D | M] WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2008/02/10 22:19:02 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Compaq_Administrator\Application Data -> [2008/12/09 11:06:54 | 00,000,000 | RH-D | M] acccore -> C:\Documents and Settings\Compaq_Administrator\Application Data\acccore -> [2007/05/09 23:04:28 | 00,000,000 | ---D | M] Aegisub -> C:\Documents and Settings\Compaq_Administrator\Application Data\Aegisub -> [2008/05/16 22:21:29 | 00,000,000 | ---D | M] Aim -> C:\Documents and Settings\Compaq_Administrator\Application Data\Aim -> [2007/05/09 23:20:55 | 00,000,000 | ---D | M] BitTorrent -> C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent -> [2008/05/01 11:05:57 | 00,000,000 | ---D | M] Cool Record Edit Pro -> C:\Documents and Settings\Compaq_Administrator\Application Data\Cool Record Edit Pro -> [2007/11/25 00:21:01 | 00,000,000 | ---D | M] dvdcss -> C:\Documents and Settings\Compaq_Administrator\Application Data\dvdcss -> [2008/03/13 16:35:53 | 00,000,000 | ---D | M] Eltima Software -> C:\Documents and Settings\Compaq_Administrator\Application Data\Eltima Software -> [2007/06/20 18:52:19 | 00,000,000 | ---D | M] Free Sound Recorder -> C:\Documents and Settings\Compaq_Administrator\Application Data\Free Sound Recorder -> [2008/10/04 13:01:21 | 00,000,000 | ---D | M] GetRight -> C:\Documents and Settings\Compaq_Administrator\Application Data\GetRight -> [2008/04/29 16:01:32 | 00,000,000 | ---D | M] GetRightToGo -> C:\Documents and Settings\Compaq_Administrator\Application Data\GetRightToGo -> [2008/04/26 08:09:55 | 00,000,000 | ---D | M] IMVU -> C:\Documents and Settings\Compaq_Administrator\Application Data\IMVU -> [2008/09/06 19:54:50 | 00,000,000 | ---D | M] IMVUClient -> C:\Documents and Settings\Compaq_Administrator\Application Data\IMVUClient -> [2008/09/06 20:01:38 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit -> [2007/01/10 10:20:37 | 00,000,000 | ---D | M] Moyea -> C:\Documents and Settings\Compaq_Administrator\Application Data\Moyea -> [2007/07/08 18:04:12 | 00,000,000 | ---D | M] MusicIP -> C:\Documents and Settings\Compaq_Administrator\Application Data\MusicIP -> [2007/05/09 23:13:41 | 00,000,000 | ---D | M] NewSoft -> C:\Documents and Settings\Compaq_Administrator\Application Data\NewSoft -> [2008/02/02 15:11:33 | 00,000,000 | ---D | M] ScanSoft -> C:\Documents and Settings\Compaq_Administrator\Application Data\ScanSoft -> [2008/02/02 14:17:03 | 00,000,000 | ---D | M] Sibelius Software -> C:\Documents and Settings\Compaq_Administrator\Application Data\Sibelius Software -> [2007/11/25 00:03:26 | 00,000,000 | ---D | M] TVU Networks -> C:\Documents and Settings\Compaq_Administrator\Application Data\TVU Networks -> [2008/07/03 08:01:59 | 00,000,000 | ---D | M] U3 -> C:\Documents and Settings\Compaq_Administrator\Application Data\U3 -> [2007/07/30 15:15:39 | 00,000,000 | ---D | M] uTorrent -> C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent -> [2008/11/22 23:26:44 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\Compaq_Administrator\Application Data\Viewpoint -> [2007/05/16 16:48:35 | 00,000,000 | ---D | M] WinBatch -> C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch -> [2007/07/10 02:29:09 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/09 02:21:16 | 00,000,000 | --SD | M] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/12/03 13:50:04 | 00,000,284 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/09 23:00:00 | 00,000,065 | RH-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/09 11:14:47 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000f3d0c01be] "001e750a2a57"=hex:94,eb,3b,88,e1,63,ca,3e,94,8a,2d,14,80,a0,ca,a6 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000f3d0c01be] "001e750a2a57"=hex:94,eb,3b,88,e1,63,ca,3e,94,8a,2d,14,80,a0,ca,a6 scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{739A762F-280D-16DA-DF1E-9C63DC748DAC}] scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 17 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 101 bytes C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5 164 bytes C:\Documents and Settings\Compaq_Administrator\Favorites\aibakawaii PDBOX.url:favicon 1406 bytes C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\blood_moon_tonight@yahoo.com\SharingMetadata\tamashii_no_uta@hotmail.com\DFSR\Staging\CS{3C230B97-78DA-9590-F238-FB93E58A4C3D}\01\10-{3C230B97-78DA-9590-F238-FB93E58A4C3D}-v1-{6A409A4C-AC8C-40E9-B74E-32819002EDCA}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\blood_moon_tonight@yahoo.com\SharingMetadata\tamashii_no_uta@hotmail.com\DFSR\Staging\CS{3C230B97-78DA-9590-F238-FB93E58A4C3D}\11\11-{6A409A4C-AC8C-40E9-B74E-32819002EDCA}-v11-{6A409A4C-AC8C-40E9-B74E-32819002EDCA}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API scan completed successfully hidden files: 519 < End of report > [/code]