[code] OTScanIt2 logfile created on: 12/9/2008 7:32:10 PM - Run 2 OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\superblakesdaddy\Desktop\OTScanIt2 Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.94% Memory free 3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.15% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.32 Gb Total Space | 110.12 Gb Free Space | 76.30% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROBERTSO-A6F623 Current User Name: superblakesdaddy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Processes - Safe List] curseclient.exe -> %ProgramFiles%\Curse\CurseClient.exe -> [2008/10/13 11:38:57 | 04,789,760 | ---- | M] () ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) hphipm11.exe -> %SystemRoot%\system32\hphipm11.exe -> [2006/01/06 14:07:26 | 00,077,824 | ---- | M] (HP) hphmon04.exe -> %SystemRoot%\system32\hphmon04.exe -> [2006/01/06 14:07:25 | 00,348,160 | ---- | M] (Hewlett-Packard) hpztsb07.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb07.exe -> [2006/01/06 14:07:25 | 00,188,416 | ---- | M] (HP) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) klnxv19819115.exe -> %AppData%\Google\klnxv19819115.exe -> [2008/12/09 15:53:49 | 00,123,392 | ---- | M] () limewire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe -> [2008/02/12 14:20:43 | 00,147,456 | ---- | M] (Lime Wire, LLC) mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) notepad.exe -> %SystemRoot%\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools) rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [2008/10/29 18:39:36 | 25,798,440 | R--- | M] (Skype Technologies S.A.) skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> [2008/10/29 18:39:36 | 00,076,744 | R--- | M] (Skype Technologies) stsystra.exe -> %SystemRoot%\stsystra.exe -> [2006/03/20 16:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) (ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) (McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) (MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\mhn.dll -> [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) (Pml Driver HPH11) Pml Driver HPH11 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\hphipm11.exe -> [2006/01/06 14:07:26 | 00,077,824 | ---- | M] (HP) (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2008/08/10 21:42:44 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\cercsr6.sys -> [2005/03/22 17:40:18 | 00,039,904 | ---- | M] (Adaptec, Inc.) (Dot4 HPH11) Dot4 HPH11 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hphid411.sys -> [2006/01/06 14:07:26 | 00,050,896 | ---- | M] (HP) (Dot4Print HPH11) Print Class Driver for IEEE-1284.4 HPH11 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hphipr11.sys -> [2006/01/06 14:07:27 | 00,016,112 | ---- | M] (HP) (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hphs2k11.sys -> [2006/01/06 14:07:27 | 00,050,276 | ---- | M] (Hewlett-Packard) (Dot4Usb HPH11) Dot4Usb HPH11 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hphius11.sys -> [2006/01/06 14:07:27 | 00,018,928 | ---- | M] (HP) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> [2006/07/19 15:42:16 | 00,230,400 | ---- | M] (Intel Corporation) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (iastor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> [2005/04/25 10:28:14 | 00,871,040 | ---- | M] (Intel Corporation) (kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008/05/16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> [2008/04/21 07:19:58 | 00,051,648 | ---- | M] (Check Point Software Technologies LTD) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2006/03/20 16:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\USBAUDIO.sys -> [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> [2008/08/10 21:42:52 | 00,353,680 | ---- | M] (Check Point Software Technologies LTD) (WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WPN111.sys -> [2005/09/26 03:02:50 | 00,362,944 | R--- | M] (NETGEAR, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\superblakesdaddy\Application Data\Mozilla\FireFox\Profiles\ionp54ja.default\prefs.js -> browser.startup.homepage_override.mstone -> "rv:1.9.0.4" -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 -> extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.07103010 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 -> < HOSTS File > (597 bytes and 16 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 21:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) "Ad-Watch" -> %ProgramFiles%\Lavasoft\Ad-Aware\Ad-Watch.exe [C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe] -> File not found "ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) "HPDJ Taskbar Utility" -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb07.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe] -> [2006/01/06 14:07:25 | 00,188,416 | ---- | M] (HP) "HPHmon04" -> %SystemRoot%\system32\hphmon04.exe [C:\WINDOWS\system32\hphmon04.exe] -> [2006/01/06 14:07:25 | 00,348,160 | ---- | M] (Hewlett-Packard) "HPHUPD04" -> %ProgramFiles%\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe ["C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"] -> File not found "NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/05/16 13:01:00 | 13,529,088 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/05/16 13:01:00 | 00,086,016 | ---- | M] (NVIDIA Corporation) "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2008/05/16 13:01:00 | 01,630,208 | ---- | M] () "SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2006/03/20 16:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) "ZoneAlarm Client" -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2008/08/10 21:42:46 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Cognac" -> %SystemDrive%\DOCUME~1\SUPERB~1\LOCALS~1\Temp\~tmpb.exe [C:\DOCUME~1\SUPERB~1\LOCALS~1\Temp\~tmpb.exe] -> File not found "CurseClient" -> %ProgramFiles%\Curse\CurseClient.exe [C:\Program Files\Curse\CurseClient.exe -silent] -> [2008/10/13 11:38:57 | 04,789,760 | ---- | M] () "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "Skype" -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2008/10/29 18:39:36 | 25,798,440 | R--- | M] (Skype Technologies S.A.) "WinDNN" -> %AppData%\Google\klnxv19819115.exe ["C:\Documents and Settings\superblakesdaddy\Application Data\Google\klnxv19819115.exe" 2] -> [2008/12/09 15:53:49 | 00,123,392 | ---- | M] () < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < superblakesdaddy Startup Folder > -> C:\Documents and Settings\superblakesdaddy\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> [2008/02/12 14:20:43 | 00,147,456 | ---- | M] (Lime Wire, LLC) < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found \\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] -> {6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {029A299E-4ED8-404E-BB03-7983B51C8EF3} -> (Intel(R) PRO/1000 PL Network Connection) -> {9133729A-337C-4EC0-AD8D-B7ED4239A203} -> (NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) -> < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\superblakesdaddy\Local Settings\Application Data\Abacast\Abaclient.exe" -> C:\Documents and Settings\superblakesdaddy\Local Settings\Application Data\Abacast\Abaclient.exe [C:\Documents and Settings\superblakesdaddy\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient] -> File not found "C:\Documents and Settings\superblakesdaddy\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" -> C:\Documents and Settings\superblakesdaddy\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe [C:\Documents and Settings\superblakesdaddy\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand] -> File not found "C:\Program Files\Curse\CurseClient.exe" -> C:\Program Files\Curse\CurseClient.exe [C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client] -> [2008/10/13 11:38:57 | 04,789,760 | ---- | M] () "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/02/12 14:20:43 | 00,147,456 | ---- | M] (Lime Wire, LLC) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/10/29 18:39:36 | 25,798,440 | R--- | M] (Skype Technologies S.A.) "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> [2008/11/13 01:10:20 | 01,077,904 | ---- | M] (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found "C:\Program Files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2008/07/10 20:34:00 | 01,021,000 | ---- | M] (Blizzard Entertainment) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found "C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App] -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006/01/03 01:16:16 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{334d5939-e6fd-11dc-a6db-001372083384} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{334d5939-e6fd-11dc-a6db-001372083384}\Shell\AutoRun\command \{334d5939-e6fd-11dc-a6db-001372083384}\Shell\AutoRun\command\\"" -> F:\Autorun.exe [F:\Autorun.exe /run] -> File not found \{334d5939-e6fd-11dc-a6db-001372083384} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{334d5939-e6fd-11dc-a6db-001372083384}\Shell\Shell00\Command \{334d5939-e6fd-11dc-a6db-001372083384}\Shell\Shell00\Command\\"" -> F:\Autorun.exe [F:\Autorun.exe /run] -> File not found \{334d5939-e6fd-11dc-a6db-001372083384} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{334d5939-e6fd-11dc-a6db-001372083384}\Shell\Shell01\Command \{334d5939-e6fd-11dc-a6db-001372083384}\Shell\Shell01\Command\\"" -> F:\Autorun.exe [F:\Autorun.exe /action] -> File not found \{334d5939-e6fd-11dc-a6db-001372083384} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{334d5939-e6fd-11dc-a6db-001372083384}\Shell\Shell02\Command \{334d5939-e6fd-11dc-a6db-001372083384}\Shell\Shell02\Command\\"" -> F:\Autorun.exe [F:\Autorun.exe /uninstall] -> File not found [Files/Folders - Created Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> _OTScanIt -> %SystemDrive%\_OTScanIt -> [2008/12/09 19:12:36 | 00,000,000 | ---D | C] OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/09 19:04:38 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/09 19:02:32 | 00,647,651 | ---- | C] () Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/09 18:45:50 | 00,001,602 | ---- | C] () vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [2008/12/09 18:37:10 | 00,352,606 | ---- | C] () Zone Labs -> %ProgramFiles%\Zone Labs -> [2008/12/09 18:37:10 | 00,000,000 | ---D | C] Enigma Software Group -> %ProgramFiles%\Enigma Software Group -> [2008/12/09 16:43:47 | 00,000,000 | ---D | C] ESET -> %UserProfile%\Local Settings\Application Data\ESET -> [2008/12/09 16:14:18 | 00,000,000 | ---D | C] ESET -> %ProgramFiles%\ESET -> [2008/12/09 15:52:48 | 00,000,000 | ---D | C] ESET -> %AllUsersProfile%\Application Data\ESET -> [2008/12/09 15:52:48 | 00,000,000 | ---D | C] Eset.Nod32.Anti-Virus.32-bit.By.nickname.For.HoRaDoT.NeT.rar -> %UserProfile%\Desktop\Eset.Nod32.Anti-Virus.32-bit.By.nickname.For.HoRaDoT.NeT.rar -> [2008/12/09 15:33:17 | 20,128,576 | ---- | C] () lavalicense.dll -> %UserProfile%\Desktop\lavalicense.dll -> [2008/12/09 14:25:31 | 00,435,536 | ---- | C] (Lavasoft) AdAware2008.rar -> %UserProfile%\Desktop\AdAware2008.rar -> [2008/12/09 14:22:29 | 18,042,234 | ---- | C] () Default.rdp -> %UserProfile%\My Documents\Default.rdp -> [2008/12/09 12:43:59 | 00,000,000 | -H-- | C] () zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [2008/12/09 10:00:31 | 00,004,212 | -H-- | C] () ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [2008/12/09 10:00:22 | 00,000,000 | ---D | C] Internet Logs -> %SystemRoot%\Internet Logs -> [2008/12/09 09:59:22 | 00,000,000 | ---D | C] Zone_Alarm_Pro_8___KB943232___Key.rar -> %UserProfile%\Desktop\Zone_Alarm_Pro_8___KB943232___Key.rar -> [2008/12/09 09:49:54 | 27,717,624 | ---- | C] () risien.htm -> %UserProfile%\Desktop\risien.htm -> [2008/12/06 22:34:38 | 00,092,008 | ---- | C] () MRT.INI -> %SystemRoot%\System32\MRT.INI -> [2008/12/06 21:53:56 | 00,000,197 | ---- | C] () Symantec -> %AllUsersProfile%\Application Data\Symantec -> [2008/12/06 21:23:09 | 00,000,000 | ---D | C] Norton -> %AllUsersProfile%\Application Data\Norton -> [2008/12/06 21:20:27 | 00,000,000 | ---D | C] NortonInstaller -> %AllUsersProfile%\Application Data\NortonInstaller -> [2008/12/06 21:20:12 | 00,000,000 | ---D | C] Roguecraft LK 0.4.1.xls -> %UserProfile%\Desktop\Roguecraft LK 0.4.1.xls -> [2008/12/05 12:05:17 | 04,655,104 | ---- | C] () fishing.ini -> %UserProfile%\Desktop\fishing.ini -> [2008/12/04 16:41:18 | 00,000,586 | ---- | C] () hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [2008/12/03 13:05:52 | 00,000,565 | ---- | C] () WoW add-ons -> %UserProfile%\Desktop\WoW add-ons -> [2008/12/02 13:59:59 | 00,000,000 | ---D | C] hpfsched.ini -> %SystemRoot%\hpfsched.ini -> [2008/12/02 13:56:16 | 00,000,034 | ---- | C] () exPressit S.E. 2.2 -> %ProgramFiles%\exPressit S.E. 2.2 -> [2008/12/02 13:54:50 | 00,000,000 | ---D | C] hpfsched.exe -> %SystemRoot%\hpfsched.exe -> [2008/12/02 13:47:48 | 00,036,864 | ---- | C] () hpodinet.dll -> %SystemRoot%\System32\hpodinet.dll -> [2008/12/02 13:47:44 | 00,069,632 | ---- | C] () hphmdl11.dat -> %SystemRoot%\hphmdl11.dat -> [2008/12/02 13:47:37 | 00,004,760 | ---- | C] () END -> %SystemDrive%\END -> [2008/11/21 08:57:53 | 00,000,330 | ---- | C] () MobMapUpdater -> %AppData%\MobMapUpdater -> [2008/11/19 00:53:20 | 00,000,000 | ---D | C] Skype -> %AppData%\Skype -> [2008/11/13 17:26:32 | 00,000,000 | ---D | C] Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk -> [2008/11/13 17:26:25 | 00,002,265 | ---- | C] () Skype -> %CommonProgramFiles%\Skype -> [2008/11/13 17:26:25 | 00,000,000 | ---D | C] Skype -> %ProgramFiles%\Skype -> [2008/11/13 17:26:22 | 00,000,000 | R--D | C] World of Warcraft.lnk -> %AllUsersProfile%\Desktop\World of Warcraft.lnk -> [2008/11/13 01:08:03 | 00,000,871 | ---- | C] () mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/12 03:55:07 | 00,455,296 | ---- | C] (Microsoft Corporation) msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/12 03:54:58 | 01,106,944 | ---- | C] (Microsoft Corporation) [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2008/02/28 13:34:51 | 00,000,000 | ---D | M] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/11/12 03:55:09 | 00,004,232 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/11/12 03:55:09 | 00,004,646 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2008/07/11 16:22:17 | 00,000,000 | ---D | M] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/03/11 10:02:40 | 00,008,206 | ---- | M] () C:\Documents and Settings\superblakesdaddy\Local Settings\Temp\ -> C:\Documents and Settings\superblakesdaddy\Local Settings\Temp -> [2008/12/09 19:28:17 | 00,000,000 | ---D | M] AutoDetect.exe -> C:\Documents and Settings\superblakesdaddy\Local Settings\Temp\AutoDetect.exe -> [2007/11/15 15:24:40 | 00,374,288 | -H-- | M] (Ceedo Technologies Ltd.) 3 C:\Documents and Settings\superblakesdaddy\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\superblakesdaddy\Local Settings\Temp\*.tmp -> nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2008/12/09 19:23:15 | 00,182,723 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/09 19:22:52 | 00,000,006 | -H-- | M] () vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [2008/12/09 19:22:50 | 00,352,606 | ---- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/09 19:22:31 | 00,002,048 | --S- | M] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/09 19:21:55 | 04,822,252 | -H-- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/09 19:02:54 | 00,647,651 | ---- | M] () Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/09 18:45:50 | 00,001,602 | ---- | M] () zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [2008/12/09 18:42:58 | 00,004,212 | -H-- | M] () Eset.Nod32.Anti-Virus.32-bit.By.nickname.For.HoRaDoT.NeT.rar -> %UserProfile%\Desktop\Eset.Nod32.Anti-Virus.32-bit.By.nickname.For.HoRaDoT.NeT.rar -> [2008/12/09 15:33:22 | 20,128,576 | ---- | M] () AdAware2008.rar -> %UserProfile%\Desktop\AdAware2008.rar -> [2008/12/09 14:22:32 | 18,042,234 | ---- | M] () Default.rdp -> %UserProfile%\My Documents\Default.rdp -> [2008/12/09 12:43:59 | 00,000,000 | -H-- | M] () Zone_Alarm_Pro_8___KB943232___Key.rar -> %UserProfile%\Desktop\Zone_Alarm_Pro_8___KB943232___Key.rar -> [2008/12/09 09:59:02 | 27,717,624 | ---- | M] () win.ini -> %SystemRoot%\win.ini -> [2008/12/08 22:09:50 | 00,000,542 | ---- | M] () risien.htm -> %UserProfile%\Desktop\risien.htm -> [2008/12/06 22:34:42 | 00,092,008 | ---- | M] () MRT.INI -> %SystemRoot%\System32\MRT.INI -> [2008/12/06 21:53:56 | 00,000,197 | ---- | M] () Roguecraft LK 0.4.1.xls -> %UserProfile%\Desktop\Roguecraft LK 0.4.1.xls -> [2008/12/05 12:05:21 | 04,655,104 | ---- | M] () fishing.ini -> %UserProfile%\Desktop\fishing.ini -> [2008/12/05 11:08:24 | 00,000,586 | ---- | M] () Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk -> [2008/12/05 08:36:33 | 00,002,265 | ---- | M] () END -> %SystemDrive%\END -> [2008/12/04 09:04:21 | 00,000,330 | ---- | M] () hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [2008/12/03 13:05:54 | 00,000,565 | ---- | M] () hpfsched.ini -> %SystemRoot%\hpfsched.ini -> [2008/12/02 13:56:16 | 00,000,034 | ---- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/13 03:00:44 | 00,001,393 | ---- | M] () World of Warcraft.lnk -> %AllUsersProfile%\Desktop\World of Warcraft.lnk -> [2008/11/13 01:28:00 | 00,000,871 | ---- | M] () popcreg.dat -> %SystemRoot%\popcreg.dat -> [2008/11/11 22:48:47 | 00,000,056 | -H-- | M] () popcinfot.dat -> %SystemRoot%\popcinfot.dat -> [2008/11/11 22:48:47 | 00,000,018 | ---- | M] () popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [2008/11/11 22:48:47 | 00,000,014 | ---- | M] () [File - Lop Check] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/06 21:23:09 | 00,000,000 | RH-D | M] Blizzard -> C:\Documents and Settings\All Users\Application Data\Blizzard -> [2008/09/30 23:15:04 | 00,000,000 | ---D | M] ESET -> C:\Documents and Settings\All Users\Application Data\ESET -> [2008/12/09 15:52:48 | 00,000,000 | ---D | M] Norton -> C:\Documents and Settings\All Users\Application Data\Norton -> [2008/12/08 07:40:57 | 00,000,000 | ---D | M] NortonInstaller -> C:\Documents and Settings\All Users\Application Data\NortonInstaller -> [2008/12/06 21:20:12 | 00,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/04/25 15:22:07 | 00,000,000 | ---D | M] @Alternate Data Stream - 498 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF Application Data -> C:\Documents and Settings\superblakesdaddy\Application Data -> [2008/12/09 15:53:49 | 00,000,000 | -H-D | M] Acreon -> C:\Documents and Settings\superblakesdaddy\Application Data\Acreon -> [2008/07/10 09:10:56 | 00,000,000 | ---D | M] EasyJob Resume Builder -> C:\Documents and Settings\superblakesdaddy\Application Data\EasyJob Resume Builder -> [2008/07/11 16:18:39 | 00,000,000 | ---D | M] LimeWire -> C:\Documents and Settings\superblakesdaddy\Application Data\LimeWire -> [2008/12/09 19:24:27 | 00,000,000 | ---D | M] MobMapUpdater -> C:\Documents and Settings\superblakesdaddy\Application Data\MobMapUpdater -> [2008/11/19 00:53:23 | 00,000,000 | ---D | M] Move Networks -> C:\Documents and Settings\superblakesdaddy\Application Data\Move Networks -> [2008/09/13 19:02:24 | 00,000,000 | ---D | M] Ventrilo -> C:\Documents and Settings\superblakesdaddy\Application Data\Ventrilo -> [2008/03/31 20:39:59 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/09 17:36:23 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/09 19:22:52 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF 498 bytes C:\Documents and Settings\superblakesdaddy\Favorites\Kidd Kraddick in the Morning.url:favicon 894 bytes C:\Documents and Settings\superblakesdaddy\Favorites\The World of Warcraft Armory.url:favicon 1150 bytes scan completed successfully hidden files: 30 < End of report > [/code]