[code] OTScanIt2 logfile created on: 12/24/2008 12:38:41 PM - Run 2 OTScanIt2 by OldTimer - Version 1.0.4.0 Folder = C:\Documents and Settings\DustinS\Desktop\OTScanIt2 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 3.59 Gb Paging File | 2.79 Gb Available in Paging File | 77.71% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 87.37 Gb Free Space | 29.31% Space Free | Partition Type: NTFS Drive D: | 499.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DUSTIN Current User Name: DustinS Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> [2008/03/26 22:41:16 | 00,366,712 | ---- | M] (Emsi Software GmbH) ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2008/03/28 21:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2008/03/28 21:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/08/30 08:55:56 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2008/07/06 17:37:26 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> [2008/11/27 09:21:29 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/08/30 08:55:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> [2007/07/17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) gcasdtserv.exe -> %ProgramFiles%\Microsoft AntiSpyware\gcasDtServ.exe -> [2005/07/12 14:35:20 | 00,756,552 | ---- | M] (Microsoft Corporation) googleupdate.exe -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2008/09/02 15:49:39 | 00,133,104 | ---- | M] (Google Inc.) googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/09/02 14:50:05 | 00,133,104 | ---- | M] (Google Inc.) googlewebaccclient.exe -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccClient.exe -> [2007/07/09 21:24:38 | 01,888,256 | ---- | M] () googlewebaccwarden.exe -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [2007/07/09 21:24:38 | 01,134,592 | ---- | M] () hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> [2006/02/19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2006/02/19 01:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/04 19:29:32 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/04 19:29:33 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/06/28 10:31:38 | 00,079,136 | ---- | M] (Hewlett-Packard Company) mccicmservice.exe -> %CommonProgramFiles%\Motive\McciCMService.exe -> [2007/10/15 15:34:44 | 00,303,104 | ---- | M] (Motive Communications, Inc.) mccitrayapp_ssr.exe -> %ProgramFiles%\HughesNetTools\1\McciTrayApp_SSR.exe -> [2007/11/20 15:36:25 | 01,454,592 | ---- | M] (Motive Communications, Inc.) mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> [2007/07/17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) nvraidservice.exe -> %SystemRoot%\system32\nvraidservice.exe -> [2004/09/02 01:25:12 | 00,083,968 | R--- | M] (NVIDIA Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/21 18:43:24 | 00,477,184 | ---- | M] (OldTimer Tools) pdagent.exe -> %ProgramFiles%\Raxco\PerfectDisk\PDAgent.exe -> [2006/08/25 09:06:14 | 00,439,824 | ---- | M] (Raxco Software, Inc.) pdengine.exe -> %ProgramFiles%\Raxco\PerfectDisk\PDEngine.exe -> [2006/08/25 09:06:26 | 00,566,800 | ---- | M] (Raxco Software, Inc.) rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> [2007/10/16 17:30:10 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) searchfilterhost.exe -> %SystemRoot%\system32\searchfilterhost.exe -> [2008/05/26 21:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation) searchindexer.exe -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) searchprotocolhost.exe -> %SystemRoot%\system32\searchprotocolhost.exe -> [2008/05/26 21:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation) soffice.bin -> %ProgramFiles%\OpenOffice.org 2.3\program\soffice.bin -> [2007/09/10 21:48:26 | 02,510,848 | ---- | M] (OpenOffice.org) soffice.exe -> %ProgramFiles%\OpenOffice.org 2.3\program\soffice.exe -> [2007/09/10 21:47:20 | 02,359,296 | ---- | M] (OpenOffice.org) vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) windowssearch.exe -> %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) wmpnetwk.exe -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> [2007/07/16 14:17:40 | 00,103,664 | ---- | M] (Yahoo! Inc.) zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> [2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) zunebusenum.exe -> %SystemRoot%\system32\ZuneBusEnum.exe -> [2008/11/10 12:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) zunelauncher.exe -> %ProgramFiles%\Zune\ZuneLauncher.exe -> [2008/11/10 12:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> [2008/03/26 22:41:16 | 00,366,712 | ---- | M] (Emsi Software GmbH) (AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> -> File not found (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2008/03/28 21:54:05 | 00,536,576 | ---- | M] (ATI Technologies Inc.) (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2008/03/28 20:05:00 | 00,593,920 | ---- | M] () (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/08/30 08:55:56 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/08/30 08:55:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (DirMS_Defragmentation) DirMS_Defragmentation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MATCO\DirmsService.exe -> [2006/11/27 07:48:50 | 00,245,760 | ---- | M] () (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) (gupdate1c90d44578553a4) Google Update Service (gupdate1c90d44578553a4) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2008/09/02 15:49:39 | 00,133,104 | ---- | M] (Google Inc.) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) (Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\irmon.dll -> [2008/04/13 18:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/04 19:29:32 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/06/28 10:31:38 | 00,079,136 | ---- | M] (Hewlett-Packard Company) (McciCMService) McciCMService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Motive\McciCMService.exe -> [2007/10/15 15:34:44 | 00,303,104 | ---- | M] (Motive Communications, Inc.) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) (PDAgent) PDAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Raxco\PerfectDisk\PDAgent.exe -> [2006/08/25 09:06:14 | 00,439,824 | ---- | M] (Raxco Software, Inc.) (PDEngine) PDEngine [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Raxco\PerfectDisk\PDEngine.exe -> [2006/08/25 09:06:26 | 00,566,800 | ---- | M] (Raxco Software, Inc.) (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (WSearch) Windows Search [Win32_Own | Auto | Running] -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2008/01/19 00:37:14 | 00,055,296 | ---- | M] (Microsoft Corporation) (ZuneBusEnum) Zune Bus Enumerator [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZuneBusEnum.exe -> [2008/11/10 12:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) (ZuneNetworkSvc) Zune Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Zune\ZuneNss.exe -> [2008/11/10 12:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) (ZuneWlanCfgSvc) Zune Wireless Configuration Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ZuneWlanCfgSvc.exe -> [2008/11/10 12:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (3c1807pd) U.S. Robotics V.92 Fax Win Int [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\3c1807pd.sys -> [2005/11/18 19:02:00 | 00,329,056 | ---- | M] (U.S. Robotics Corporation) (3c1807pd) U.S. Robotics V.92 Fax Win Int [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\3c1807pd.sys -> [2005/11/18 19:02:00 | 00,329,056 | ---- | M] (U.S. Robotics Corporation) (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\AGRSM.sys -> [2001/10/22 14:14:56 | 01,100,128 | R--- | M] (Agere Systems) (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\AGRSM.sys -> [2001/10/22 14:14:56 | 01,100,128 | R--- | M] (Agere Systems) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2004/11/17 05:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2004/11/17 05:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) (AmdPPM) AMD HwPState Processor Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\AmdPPM.sys -> [2007/04/16 21:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) (AmdPPM) AMD HwPState Processor Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\AmdPPM.sys -> [2007/04/16 21:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2008/03/29 00:21:53 | 02,873,856 | ---- | M] (ATI Technologies Inc.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2008/03/29 00:21:53 | 02,873,856 | ---- | M] (ATI Technologies Inc.) (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/08/30 08:55:54 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/08/30 08:55:54 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/07/06 17:37:21 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/07/06 17:37:21 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008/07/06 17:38:36 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008/07/06 17:38:36 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) (BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BANTExt.sys -> [2005/04/07 16:18:34 | 00,003,840 | ---- | M] () (BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BANTExt.sys -> [2005/04/07 16:18:34 | 00,003,840 | ---- | M] () (BIOS) BIOS [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BIOS.sys -> [2005/03/16 00:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) (BIOS) BIOS [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BIOS.sys -> [2005/03/16 00:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) (BS_I2cIo) BS_I2cIo [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BS_I2cIo.sys -> [2006/12/11 20:02:24 | 00,016,768 | ---- | M] (BIOSTAR Group) (BS_I2cIo) BS_I2cIo [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BS_I2cIo.sys -> [2006/12/11 20:02:24 | 00,016,768 | ---- | M] (BIOSTAR Group) (DefragFS) DefragFS [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\DefragFs.sys -> [2006/08/10 13:34:36 | 00,062,480 | ---- | M] (Raxco Software, Inc.) (DefragFS) DefragFS [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\DefragFs.sys -> [2006/08/10 13:34:36 | 00,062,480 | ---- | M] (Raxco Software, Inc.) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2007/01/19 11:46:10 | 00,049,920 | ---- | M] (HP) (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2007/01/19 11:46:10 | 00,049,920 | ---- | M] (HP) (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2007/01/19 11:46:10 | 00,016,496 | ---- | M] (HP) (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2007/01/19 11:46:10 | 00,016,496 | ---- | M] (HP) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2007/01/19 11:46:12 | 00,021,568 | ---- | M] (HP) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2007/01/19 11:46:12 | 00,021,568 | ---- | M] (HP) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007/10/16 17:38:30 | 04,615,168 | ---- | M] (Realtek Semiconductor Corp.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007/10/16 17:38:30 | 04,615,168 | ---- | M] (Realtek Semiconductor Corp.) (irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\irsir.sys -> [2001/08/17 07:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) (irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\irsir.sys -> [2001/08/17 07:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) (kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) (kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) (KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> [2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) (KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> [2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) (kwkxusb) Kyocera Wireless USB CDMA Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\kwusb2k.sys -> [2005/09/26 09:43:36 | 00,029,952 | R--- | M] (Kyocera Wireless Corporation) (kwkxusb) Kyocera Wireless USB CDMA Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\kwusb2k.sys -> [2005/09/26 09:43:36 | 00,029,952 | R--- | M] (Kyocera Wireless Corporation) (motccgp) Motorola USB Composite Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgp.sys -> [2007/06/18 15:19:50 | 00,017,920 | ---- | M] (Motorola) (motccgp) Motorola USB Composite Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgp.sys -> [2007/06/18 15:19:50 | 00,017,920 | ---- | M] (Motorola) (motccgpfl) MotCcgpFlService [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgpfl.sys -> [2007/01/23 19:03:44 | 00,007,680 | ---- | M] (Motorola) (motccgpfl) MotCcgpFlService [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motccgpfl.sys -> [2007/01/23 19:03:44 | 00,007,680 | ---- | M] (Motorola) (motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motmodem.sys -> [2007/06/18 15:18:26 | 00,023,680 | ---- | M] (Motorola) (motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motmodem.sys -> [2007/06/18 15:18:26 | 00,023,680 | ---- | M] (Motorola) (motport) Motorola USB Diagnostic Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motport.sys -> [2007/06/18 15:18:26 | 00,023,680 | ---- | M] (Motorola) (motport) Motorola USB Diagnostic Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\motport.sys -> [2007/06/18 15:18:26 | 00,023,680 | ---- | M] (Motorola) (moufiltr) Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\moufiltr.sys -> [2006/09/06 05:12:34 | 00,006,784 | ---- | M] (Micro Innovations) (moufiltr) Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\moufiltr.sys -> [2006/09/06 05:12:34 | 00,006,784 | ---- | M] (Micro Innovations) (MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMP50.sys -> [2007/10/15 15:36:07 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMP50.sys -> [2007/10/15 15:36:07 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRESP50.sys -> [2007/10/15 15:36:07 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRESP50.sys -> [2007/10/15 15:36:07 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> [2004/09/02 01:24:38 | 00,082,816 | R--- | M] (NVIDIA Corporation) (nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> [2004/09/02 01:24:38 | 00,082,816 | R--- | M] (NVIDIA Corporation) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2004/10/05 02:38:12 | 00,033,280 | R--- | M] (NVIDIA Corporation) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2004/10/05 02:38:12 | 00,033,280 | R--- | M] (NVIDIA Corporation) (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2004/10/05 02:38:16 | 00,012,928 | R--- | M] (NVIDIA Corporation) (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2004/10/05 02:38:16 | 00,012,928 | R--- | M] (NVIDIA Corporation) (nvraid) NVIDIA nForce(tm) RAID Class Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvraid.sys -> [2004/09/02 01:24:40 | 00,067,968 | R--- | M] (NVIDIA Corporation) (nvraid) NVIDIA nForce(tm) RAID Class Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvraid.sys -> [2004/09/02 01:24:40 | 00,067,968 | R--- | M] (NVIDIA Corporation) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rootmdm.sys -> [2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rootmdm.sys -> [2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) (RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtenicxp.sys -> [2008/01/03 08:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) (RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtenicxp.sys -> [2008/01/03 08:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> [2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) (srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> [2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\USBAUDIO.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\USBAUDIO.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) (usbser) Motorola USB Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser.sys -> [2008/04/13 12:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) (usbser) Motorola USB Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser.sys -> [2008/04/13 12:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) (usbsermpt) Motorola USB Modem Driver for MPT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbsermpt.sys -> [2007/06/17 17:57:22 | 00,022,768 | ---- | M] (Microsoft Corporation) (usbsermpt) Motorola USB Modem Driver for MPT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbsermpt.sys -> [2007/06/17 17:57:22 | 00,022,768 | ---- | M] (Microsoft Corporation) (usbsermptxp) Motorola USB Modem Driver for MPT XP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbsermptxp.sys -> [2007/10/26 00:14:13 | 00,025,600 | ---- | M] (Microsoft Corporation) (usbsermptxp) Motorola USB Modem Driver for MPT XP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbsermptxp.sys -> [2007/10/26 00:14:13 | 00,025,600 | ---- | M] (Microsoft Corporation) (USRpdA) U.S. Robotics 56K PCI Faxmodem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\USRpdA.sys -> [2001/08/17 12:28:26 | 00,113,762 | ---- | M] (U.S. Robotics Corporation) (USRpdA) U.S. Robotics 56K PCI Faxmodem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\USRpdA.sys -> [2001/08/17 12:28:26 | 00,113,762 | ---- | M] (U.S. Robotics Corporation) (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> [2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> [2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) (Wdf01000) Wdf01000 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdf01000.sys -> [2008/03/27 15:27:46 | 00,503,008 | ---- | M] (Microsoft Corporation) (Wdf01000) Wdf01000 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdf01000.sys -> [2008/03/27 15:27:46 | 00,503,008 | ---- | M] (Microsoft Corporation) (WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Wibukey.sys -> [2001/12/27 09:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG) (WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Wibukey.sys -> [2001/12/27 09:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG) (WinUSB) WinUSB [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\winusb.sys -> [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) (WinUSB) WinUSB [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\winusb.sys -> [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) (zumbus) Zune Bus Enumerator Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\zumbus.sys -> [2008/09/12 17:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) (zumbus) Zune Bus Enumerator Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\zumbus.sys -> [2008/09/12 17:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/05/30 15:18:26 | 00,808,472 | ---- | M] (Yahoo! Inc.) HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\] > -> -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/05/30 15:18:26 | 00,808,472 | ---- | M] (Yahoo! Inc.) HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\DustinS\Application Data\Mozilla\FireFox\Profiles\qjq7asa4.default\prefs.js -> browser.search.defaultenginename -> "Yahoo" -> browser.search.selectedEngine -> "Yahoo" -> browser.startup.homepage -> "www.google.com" -> browser.startup.homepage_override.mstone -> "rv:1.9.0.3" -> extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 -> extensions.enabledItems -> {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 -> extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 -> extensions.enabledItems -> jqs@sun.com:1.0 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.3 -> < HOSTS File > (291276 bytes and 10071 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.123topsearch.com 127.0.0.1 123topsearch.com 127.0.0.1 www.132.com 127.0.0.1 132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 127.0.0.1 www.163ns.com 127.0.0.1 163ns.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/05/30 15:18:26 | 00,808,472 | ---- | M] (Yahoo! Inc.) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated) {206E52E0-D52E-11D4-AD54-0000E86C26F6} [HKLM] -> %ProgramFiles%\FreshDevices\FreshDownload\fdcatch.dll [] -> [2006/11/20 11:54:08 | 00,212,480 | ---- | M] (FreshDevices Corp.) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2008/08/30 08:55:56 | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {69A87B7D-DE56-4136-9655-716BA50C19C7} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [2007/07/09 21:24:38 | 00,311,296 | ---- | M] () {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/04 19:29:35 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008/07/06 17:38:27 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) {ADECBED6-0366-4377-A739-E69DFBA04663} [HKLM] -> %ProgramFiles%\Moyea\FLV Downloader\MoyeaCth.dll [Catcher Class] -> [2007/12/05 09:25:24 | 00,094,208 | ---- | M] (Moyea Software Co., Ltd.) {c647928f-47b8-4be4-b7bf-b7f134a9248b} [HKLM] -> %SystemRoot%\system32\litovelu.dll [Reg Error: Value does not exist or could not be read.] -> File not found {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/04 19:29:32 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/04 19:29:35 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008/07/06 17:38:27 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) "{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [2007/07/09 21:24:38 | 00,311,296 | ---- | M] () "{ED0E8CA5-42FB-4B18-997B-769E0408E79D}" [HKLM] -> %ProgramFiles%\FreshDevices\FreshDownload\fdiebar.dll [FreshDownload Bar] -> [2007/03/20 08:29:16 | 00,232,960 | ---- | M] (FreshDevices Corp.) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/05/30 15:18:26 | 00,808,472 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008/07/06 17:38:27 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [2007/07/09 21:24:38 | 00,311,296 | ---- | M] () < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> [2008/07/06 17:38:27 | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [2007/07/09 21:24:38 | 00,311,296 | ---- | M] () < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "3c1807pd" -> [C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd] -> File not found "Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) "Alcmtr" -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 17:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) "AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2008/11/27 09:21:29 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) "CPMdbe75bdd" -> %SystemRoot%\system32\nekisito.DLL [Rundll32.exe "c:\windows\system32\nekisito.dll",a] -> File not found "d8d46841" -> %SystemRoot%\system32\sayeheli.DLL [rundll32.exe "C:\WINDOWS\system32\sayeheli.dll",b] -> File not found "gcasServ" -> %ProgramFiles%\Microsoft AntiSpyware\gcasServ.exe ["C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"] -> [2005/07/12 14:35:18 | 00,473,928 | ---- | M] (Microsoft Corporation) "HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2006/02/19 01:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) "HughesNetTools_McciTrayApp" -> %ProgramFiles%\HughesNetTools\1\McciTrayApp_SSR.exe [C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe] -> [2007/11/20 15:36:25 | 01,454,592 | ---- | M] (Motive Communications, Inc.) "Media Codec Update Service" -> %ProgramFiles%\Essentials Codec Pack\update.exe [C:\Program Files\Essentials Codec Pack\update.exe -silent] -> [2007/04/08 10:44:40 | 00,303,104 | ---- | M] (MediaCodec.Org) "NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 09:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh) "NVRaidService" -> %SystemRoot%\system32\nvraidservice.exe [C:\WINDOWS\system32\nvraidservice.exe] -> [2004/09/02 01:25:12 | 00,083,968 | R--- | M] (NVIDIA Corporation) "RTHDCPL" -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/10/16 17:30:10 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) "SkyTel" -> %SystemRoot%\SkyTel.exe [SkyTel.EXE] -> [2007/10/11 10:04:04 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.) "StartCCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> [2008/01/21 11:17:18 | 00,061,440 | ---- | M] (Advanced Micro Devices, Inc.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/04 19:29:33 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "USRpdA" -> [C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA] -> File not found "yujerekeni" -> %SystemRoot%\system32\vazurowi.DLL [Rundll32.exe "C:\WINDOWS\system32\vazurowi.dll",s] -> File not found "ZoneAlarm Client" -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) "Zune Launcher" -> %ProgramFiles%\Zune\ZuneLauncher.exe ["c:\Program Files\Zune\ZuneLauncher.exe"] -> [2008/11/10 12:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\DustinS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/02 14:50:05 | 00,133,104 | ---- | M] (Google Inc.) "WMPNSCFG" -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) "Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> [2007/07/16 14:17:38 | 04,670,704 | ---- | M] (Yahoo! Inc.) < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "iLike" -> %ProgramFiles%\iLike\1.1.41\ilikesidebar.exe [C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate] -> [2008/02/12 13:21:00 | 00,063,024 | ---- | M] (iLike) < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "iLike" -> %ProgramFiles%\iLike\1.1.41\ilikesidebar.exe [C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate] -> [2008/02/12 13:21:00 | 00,063,024 | ---- | M] (iLike) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "yujerekeni" -> %SystemRoot%\system32\vazurowi.DLL [Rundll32.exe "C:\WINDOWS\system32\vazurowi.dll",s] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "yujerekeni" -> %SystemRoot%\system32\vazurowi.DLL [Rundll32.exe "C:\WINDOWS\system32\vazurowi.dll",s] -> File not found < Run [HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\DustinS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/02 14:50:05 | 00,133,104 | ---- | M] (Google Inc.) "WMPNSCFG" -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) "Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> [2007/07/16 14:17:38 | 04,670,704 | ---- | M] (Yahoo! Inc.) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) %AllUsersProfile%\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [2007/07/09 21:24:38 | 01,134,592 | ---- | M] () %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < DustinS Startup Folder > -> C:\Documents and Settings\DustinS\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk -> %ProgramFiles%\OpenOffice.org 2.0\program\quickstart.exe -> File not found %UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk -> %ProgramFiles%\OpenOffice.org 2.3\program\quickstart.exe -> [2007/08/17 22:57:56 | 00,393,216 | ---- | M] () < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004] > -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Refresh Pa&ge with Full Quality -> %ProgramFiles%\BellSouth Accelerator Technology\pac-page.html [C:\Program Files\BellSouth Accelerator Technology\pac-page.html] -> File not found Refresh Pi&cture with Full Quality -> %ProgramFiles%\BellSouth Accelerator Technology\pac-image.html [C:\Program Files\BellSouth Accelerator Technology\pac-image.html] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> Refresh Pa&ge with Full Quality -> %ProgramFiles%\BellSouth Accelerator Technology\pac-page.html [C:\Program Files\BellSouth Accelerator Technology\pac-page.html] -> File not found Refresh Pi&cture with Full Quality -> %ProgramFiles%\BellSouth Accelerator Technology\pac-image.html [C:\Program Files\BellSouth Accelerator Technology\pac-image.html] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {09249CAB-8F9C-4C54-8F65-F7A69B742A1A}:Exec [HKLM] -> %ProgramFiles%\FreshDevices\FreshDownload\fd.exe [Button: FreshDownload] -> [2007/03/20 08:29:14 | 00,677,888 | ---- | M] (FreshDevices Corp.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> [2001/08/01 16:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.) < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5232 domain(s) found. -> 50 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5248 domain(s) found. -> 51 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5246 domain(s) found. -> 51 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5246 domain(s) found. -> 51 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3256 domain(s) found. -> 116 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 71 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3256 domain(s) found. -> 116 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 71 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5248 domain(s) found. -> 51 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199561465230[WUWebControl Class] -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [HKLM] -> http://www.systemrequirementslab.com/sysreqlab2.cab[System Requirements Lab Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199561273074[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1E1BAEA6-22A6-48E9-835C-9C99605AFC2E} -> (Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC) -> {C7D3D2FB-C923-4C84-9B53-176E962FC0A2} -> () -> {E58D3489-EC72-4B78-A79E-AF6E180D689F} -> (1394 Net Adapter) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> wbsys.dll -> %SystemRoot%\system32\wbsys.dll -> [2003/02/26 21:27:44 | 00,036,864 | ---- | M] (Stardock.Net, Inc) avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> [2008/07/06 17:37:28 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\didemoji.dll -> %SystemRoot%\system32\didemoji.dll -> File not found c:\windows\system32\nekisito.dll -> %SystemRoot%\system32\nekisito.dll -> File not found *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2008/03/28 21:55:33 | 00,126,976 | ---- | M] (ATI Technologies Inc.) WB -> %ProgramFiles%\AlienGUIse\fastload.dll -> [2001/12/20 22:34:52 | 00,024,576 | ---- | M] (Stardock) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\nekisito.dll [SSODL] -> File not found < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\nekisito.dll [STS] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> %ProgramFiles%\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2008/05/26 21:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation) "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" [HKLM] -> %ProgramFiles%\Microsoft AntiSpyware\shellextension.dll [Microsoft AntiSpyware Service Hook] -> [2005/06/24 14:24:20 | 00,101,080 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\Ares Lite Edition\AresLite.exe" -> C:\Program Files\Ares Lite Edition\AresLite.exe [C:\Program Files\Ares Lite Edition\AresLite.exe:*:Enabled:AresLite] -> File not found "C:\Program Files\Ares\Ares.exe" -> C:\Program Files\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> File not found "C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2008/08/30 08:55:56 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008/08/30 08:54:18 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\Blubster\Blubster.exe" -> C:\Program Files\Blubster\Blubster.exe [C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster] -> [2008/09/05 02:43:38 | 01,571,328 | ---- | M] (MP2P Technologies.) "C:\Program Files\CallWave\IAM.exe" -> C:\Program Files\CallWave\IAM.exe [C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave] -> File not found "C:\Program Files\FreshDevices\FreshDownload\fdgo.exe" -> C:\Program Files\FreshDevices\FreshDownload\fdgo.exe [C:\Program Files\FreshDevices\FreshDownload\fdgo.exe:*:Enabled:fdgo] -> [2007/03/20 08:29:20 | 00,351,744 | ---- | M] () "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found "C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found "C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/15 09:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/20 22:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/20 23:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/20 20:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/04/20 22:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/20 23:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2006/02/16 21:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/19 04:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/16 23:19:34 | 00,192,512 | ---- | M] () "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2006/02/19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/20 23:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.) "C:\Program Files\Orb Networks\Orb\bin\Orb.exe" -> C:\Program Files\Orb Networks\Orb\bin\Orb.exe [C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb] -> [2008/01/29 20:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe" -> C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe [C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan] -> [2008/01/29 20:19:32 | 00,573,440 | ---- | M] (Orb Networks) "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" -> C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe [C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> [2008/03/27 19:00:24 | 05,844,992 | ---- | M] (Orb Networks) "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" -> C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray] -> [2008/05/13 19:29:04 | 00,507,904 | ---- | M] (Orb Networks) "C:\Program Files\U.S. Robotics\ControlCenter\ctrlcntr.exe" -> C:\Program Files\U.S. Robotics\ControlCenter\ctrlcntr.exe [C:\Program Files\U.S. Robotics\ControlCenter\ctrlcntr.exe:*:Enabled:ctrlcntr] -> [2004/06/22 12:57:02 | 03,112,448 | ---- | M] (U.S. Robotics) "C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe" -> C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe [C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe:*:Disabled:Reminder] -> [2004/03/13 11:38:36 | 00,977,408 | ---- | M] () "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/07/16 14:17:38 | 04,670,704 | ---- | M] (Yahoo! Inc.) "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/07/16 14:17:40 | 00,091,376 | ---- | M] (Yahoo! Inc.) "C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\system32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui] -> [2008/04/13 18:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\system32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2008/04/13 18:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/05/02 04:49:39 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/06/01 16:38:24 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Files/Folders - Created Within 30 Days] OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/24 12:29:58 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\My Documents\OTScanIt2.exe -> [2008/12/24 12:28:30 | 00,648,118 | ---- | C] () gamePlay[2].swf -> %UserProfile%\My Documents\gamePlay[2].swf -> [2008/12/23 19:40:24 | 00,701,978 | ---- | C] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/23 18:57:41 | 01,620,706 | -H-- | C] () ComboFix.exe -> %UserProfile%\My Documents\ComboFix.exe -> [2008/12/21 18:40:08 | 02,885,624 | ---- | C] () hijackthis1 -> %UserProfile%\My Documents\hijackthis1 -> [2008/12/21 18:36:02 | 00,012,567 | ---- | C] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/21 18:35:04 | 00,001,734 | ---- | C] () Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/12/21 18:35:02 | 00,000,000 | ---D | C] HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> [2008/12/21 18:31:46 | 00,812,344 | ---- | C] (Trend Micro Inc.) FixVundo.exe -> %UserProfile%\My Documents\FixVundo.exe -> [2008/12/21 16:30:43 | 00,173,456 | ---- | C] (Symantec Corporation) Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [2008/12/20 11:28:52 | 00,001,729 | ---- | C] () 40902500.xml -> %UserProfile%\My Documents\40902500.xml -> [2008/12/20 11:24:56 | 00,054,404 | ---- | C] () ileheyas.ini -> %SystemRoot%\System32\ileheyas.ini -> [2008/12/19 23:51:37 | 00,000,120 | -HS- | C] () ilesatem.ini -> %SystemRoot%\System32\ilesatem.ini -> [2008/12/19 11:51:22 | 00,000,120 | -HS- | C] () awewiven.ini -> %SystemRoot%\System32\awewiven.ini -> [2008/12/18 23:51:04 | 00,000,120 | -HS- | C] () emekezok.ini -> %SystemRoot%\System32\emekezok.ini -> [2008/12/18 11:50:43 | 00,000,120 | -HS- | C] () owejahum.ini -> %SystemRoot%\System32\owejahum.ini -> [2008/12/16 23:50:02 | 00,000,120 | -HS- | C] () ibozitik.ini -> %SystemRoot%\System32\ibozitik.ini -> [2008/12/16 11:49:46 | 00,000,120 | -HS- | C] () ekubajeg.ini -> %SystemRoot%\System32\ekubajeg.ini -> [2008/12/15 23:49:27 | 00,000,120 | -HS- | C] () igisujiw.ini -> %SystemRoot%\System32\igisujiw.ini -> [2008/12/15 11:49:13 | 00,000,120 | -HS- | C] () vcssetup.exe -> %UserProfile%\My Documents\vcssetup.exe -> [2008/12/08 22:28:20 | 02,714,112 | ---- | C] (Microsoft Corporation) Msft_User_ZuneDriver_01_07_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf -> [2008/12/08 05:23:17 | 00,000,000 | -H-- | C] () Msft_Kernel_WinUSB_01007.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf -> [2008/12/08 05:23:17 | 00,000,000 | -H-- | C] () MsftWdf_user_01_07_00.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_user_01_07_00.Wdf -> [2008/12/08 05:22:14 | 00,000,000 | -H-- | C] () Deb -> %UserProfile%\My Documents\Deb -> [2008/12/07 16:37:08 | 00,000,000 | ---D | C] O.J.Simpson.If.I.Did.It.eBook.PDF-3r1c.zip -> %UserProfile%\My Documents\O.J.Simpson.If.I.Did.It.eBook.PDF-3r1c.zip -> [2008/12/07 02:23:28 | 00,352,990 | ---- | C] () USBAUDIO.sys -> %SystemRoot%\System32\drivers\USBAUDIO.sys -> [2008/12/04 15:54:32 | 00,060,032 | ---- | C] (Microsoft Corporation) usbaudio.sys -> %SystemRoot%\System32\dllcache\usbaudio.sys -> [2008/12/04 15:54:32 | 00,060,032 | ---- | C] (Microsoft Corporation) Zune.lnk -> %AllUsersProfile%\Desktop\Zune.lnk -> [2008/12/01 05:20:05 | 00,000,628 | ---- | C] () References.doc -> %UserProfile%\Desktop\References.doc -> [2008/11/29 07:34:56 | 00,024,064 | ---- | C] () hippacomplete.doc -> %UserProfile%\Desktop\hippacomplete.doc -> [2008/11/29 07:30:25 | 00,052,224 | ---- | C] () Hipaa3.xml -> %UserProfile%\Desktop\Hipaa3.xml -> [2008/11/28 20:40:49 | 00,078,783 | ---- | C] () Hipaa3.odt -> %UserProfile%\Desktop\Hipaa3.odt -> [2008/11/28 19:57:27 | 00,020,811 | ---- | C] () [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 330 C:\Documents and Settings\DustinS\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\DustinS\Local Settings\Temp\*.tmp -> 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> Filzip.ini -> %SystemRoot%\Filzip.ini -> [2008/12/24 12:36:47 | 00,000,041 | ---- | M] () OTScanIt2.exe -> %UserProfile%\My Documents\OTScanIt2.exe -> [2008/12/24 12:29:44 | 00,648,118 | ---- | M] () incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008/12/24 09:28:21 | 31,072,909 | ---- | M] () GoogleUpdateTaskUser.job -> %SystemRoot%\tasks\GoogleUpdateTaskUser.job -> [2008/12/24 09:14:00 | 00,001,204 | ---- | M] () popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [2008/12/24 09:03:10 | 00,000,025 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/23 19:56:44 | 00,004,232 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/23 19:56:43 | 00,005,815 | ---- | M] () gamePlay[2].swf -> %UserProfile%\My Documents\gamePlay[2].swf -> [2008/12/23 19:40:26 | 00,701,978 | ---- | M] () vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [2008/12/23 18:59:59 | 00,352,919 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/23 18:59:51 | 00,012,696 | ---- | M] () Perflib_Perfdata_9f8.dat -> %AllUsersProfile%\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_9f8.dat -> [2008/12/23 18:59:35 | 00,016,384 | ---- | M] () Perflib_Perfdata_32c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_32c.dat -> [2008/12/23 18:59:22 | 00,016,384 | ---- | M] () GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2008/12/23 18:59:13 | 00,001,152 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/23 18:59:09 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/23 18:58:52 | 00,002,048 | --S- | M] () fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [2008/12/23 18:57:59 | 01,770,308 | -HS- | M] () fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [2008/12/23 18:57:58 | 15,418,3712 | -HS- | M] () NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2008/12/23 18:57:51 | 07,340,032 | -H-- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2008/12/23 18:57:51 | 00,000,178 | -HS- | M] () .googlewebacchosts -> %AppData%\.googlewebacchosts -> [2008/12/23 18:57:42 | 00,000,000 | ---- | M] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/23 18:57:41 | 01,620,706 | -H-- | M] () miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008/12/22 08:47:42 | 00,368,010 | ---- | M] () ComboFix.exe -> %UserProfile%\My Documents\ComboFix.exe -> [2008/12/21 18:40:08 | 02,885,624 | ---- | M] () hijackthis1 -> %UserProfile%\My Documents\hijackthis1 -> [2008/12/21 18:36:02 | 00,012,567 | ---- | M] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/21 18:35:04 | 00,001,734 | ---- | M] () HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> [2008/12/21 18:31:49 | 00,812,344 | ---- | M] (Trend Micro Inc.) FixVundo.exe -> %UserProfile%\My Documents\FixVundo.exe -> [2008/12/21 16:30:44 | 00,173,456 | ---- | M] (Symantec Corporation) win.ini -> %SystemRoot%\win.ini -> [2008/12/20 16:36:17 | 00,000,676 | ---- | M] () SwSys2.bmp -> %SystemRoot%\SwSys2.bmp -> [2008/12/20 13:29:07 | 00,004,757 | ---- | M] () SwSys1.bmp -> %SystemRoot%\SwSys1.bmp -> [2008/12/20 13:29:07 | 00,004,757 | ---- | M] () Global.sw2 -> %AllUsersProfile%\Documents\Global.sw2 -> [2008/12/20 13:29:07 | 00,004,757 | ---- | M] () 40902500.xml -> %UserProfile%\My Documents\40902500.xml -> [2008/12/20 11:43:02 | 00,054,404 | ---- | M] () Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [2008/12/20 11:28:53 | 00,001,729 | ---- | M] () nonokoya -> %SystemRoot%\System32\nonokoya -> [2008/12/20 10:48:32 | 00,006,456 | -H-- | M] () ileheyas.ini -> %SystemRoot%\System32\ileheyas.ini -> [2008/12/19 23:51:39 | 00,000,120 | -HS- | M] () ilesatem.ini -> %SystemRoot%\System32\ilesatem.ini -> [2008/12/19 11:51:22 | 00,000,120 | -HS- | M] () wininit.ini -> %SystemRoot%\wininit.ini -> [2008/12/19 05:56:30 | 00,000,389 | ---- | M] () awewiven.ini -> %SystemRoot%\System32\awewiven.ini -> [2008/12/18 23:51:07 | 00,000,120 | -HS- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/12/18 21:36:54 | 00,291,276 | R--- | M] () J.D. Stalker Story.odt -> %UserProfile%\My Documents\J.D. Stalker Story.odt -> [2008/12/18 20:42:29 | 00,014,449 | ---- | M] () emekezok.ini -> %SystemRoot%\System32\emekezok.ini -> [2008/12/18 11:50:46 | 00,000,120 | -HS- | M] () microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008/12/17 09:07:42 | 00,093,445 | ---- | M] () owejahum.ini -> %SystemRoot%\System32\owejahum.ini -> [2008/12/16 23:50:04 | 00,000,120 | -HS- | M] () ibozitik.ini -> %SystemRoot%\System32\ibozitik.ini -> [2008/12/16 11:49:48 | 00,000,120 | -HS- | M] () ekubajeg.ini -> %SystemRoot%\System32\ekubajeg.ini -> [2008/12/15 23:49:29 | 00,000,120 | -HS- | M] () Google Chrome.lnk -> %UserProfile%\Desktop\Google Chrome.lnk -> [2008/12/15 15:06:14 | 00,002,260 | ---- | M] () igisujiw.ini -> %SystemRoot%\System32\igisujiw.ini -> [2008/12/15 11:49:13 | 00,000,120 | -HS- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/14 20:55:47 | 00,052,736 | ---- | M] () NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/12 11:10:15 | 00,000,116 | ---- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/12/10 03:02:59 | 00,001,393 | ---- | M] () vcssetup.exe -> %UserProfile%\My Documents\vcssetup.exe -> [2008/12/08 22:28:20 | 02,714,112 | ---- | M] (Microsoft Corporation) Msft_User_ZuneDriver_01_07_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf -> [2008/12/08 05:23:17 | 00,000,000 | -H-- | M] () Msft_Kernel_WinUSB_01007.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf -> [2008/12/08 05:23:17 | 00,000,000 | -H-- | M] () MsftWdf_user_01_07_00.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_user_01_07_00.Wdf -> [2008/12/08 05:22:14 | 00,000,000 | -H-- | M] () O.J.Simpson.If.I.Did.It.eBook.PDF-3r1c.zip -> %UserProfile%\My Documents\O.J.Simpson.If.I.Did.It.eBook.PDF-3r1c.zip -> [2008/12/07 02:23:30 | 00,352,990 | ---- | M] () hosts.20081218-213654.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081218-213654.backup -> [2008/12/04 19:32:10 | 00,290,674 | R--- | M] () Zune.lnk -> %AllUsersProfile%\Desktop\Zune.lnk -> [2008/12/01 05:20:05 | 00,000,628 | ---- | M] () References.doc -> %UserProfile%\Desktop\References.doc -> [2008/11/29 07:34:56 | 00,024,064 | ---- | M] () hippacomplete.doc -> %UserProfile%\Desktop\hippacomplete.doc -> [2008/11/29 07:30:26 | 00,052,224 | ---- | M] () Hipaa3.xml -> %UserProfile%\Desktop\Hipaa3.xml -> [2008/11/28 20:40:49 | 00,078,783 | ---- | M] () Hipaa3.odt -> %UserProfile%\Desktop\Hipaa3.odt -> [2008/11/28 19:57:28 | 00,020,811 | ---- | M] () SketchUpInstaller.exe -> %UserProfile%\Local Settings\Temp\{C60AF406-3511-434F-8903-52F6591366BF}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\SketchUpInstaller.exe -> [2007/12/03 01:20:08 | 31,828,642 | ---- | M] (Macrovision Corporation) GoogleToolbarInstaller_EN.exe -> %UserProfile%\Local Settings\Temp\{C60AF406-3511-434F-8903-52F6591366BF}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\GoogleToolbarInstaller_EN.exe -> [2007/12/03 01:05:28 | 00,844,328 | ---- | M] (Google) sgs.exe -> %UserProfile%\Local Settings\Temp\{C60AF406-3511-434F-8903-52F6591366BF}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\sgs.exe -> [2007/12/03 01:05:28 | 00,376,248 | ---- | M] () gtapi.dll -> %UserProfile%\Local Settings\Temp\{C60AF406-3511-434F-8903-52F6591366BF}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\gtapi.dll -> [2007/12/03 01:05:28 | 00,045,056 | ---- | M] () _isED.exe -> %UserProfile%\Local Settings\Temp\_isED.exe -> [2007/04/05 13:39:32 | 00,455,600 | R--- | M] (Macrovision Corporation) _is5D.exe -> %UserProfile%\Local Settings\Temp\_is5D.exe -> [2007/04/05 13:39:32 | 00,455,600 | R--- | M] (Macrovision Corporation) _is58.exe -> %UserProfile%\Local Settings\Temp\_is58.exe -> [2007/04/05 13:39:32 | 00,455,600 | R--- | M] (Macrovision Corporation) _is51.exe -> %UserProfile%\Local Settings\Temp\_is51.exe -> [2007/04/05 13:39:32 | 00,455,600 | R--- | M] (Macrovision Corporation) ISSetup.dll -> %UserProfile%\Local Settings\Temp\{AC577729-6053-47E6-9BA6-0CABFB5081FE}\ISSetup.dll -> [2007/04/05 13:36:12 | 00,492,032 | R--- | M] (Macrovision Corporation) ISSetup.dll -> %UserProfile%\Local Settings\Temp\{9E7A934D-CA97-47A7-8068-0D371B232FC4}\ISSetup.dll -> [2007/04/05 13:36:12 | 00,492,032 | R--- | M] (Macrovision Corporation) ISSetup.dll -> %UserProfile%\Local Settings\Temp\{64076405-83A9-4A71-A03A-ACC2A9D95E9D}\ISSetup.dll -> [2007/04/05 13:36:12 | 00,492,032 | R--- | M] (Macrovision Corporation) ISSetup.dll -> %UserProfile%\Local Settings\Temp\{2E6C8B90-259C-4084-AA9F-FBF69DA90819}\ISSetup.dll -> [2007/04/05 13:36:12 | 00,492,032 | R--- | M] (Macrovision Corporation) ISSetup.dll -> %UserProfile%\Local Settings\Temp\{2E5B8008-5B2B-4207-B26A-D06FC85C4732}\ISSetup.dll -> [2007/04/05 00:36:12 | 00,492,032 | R--- | M] (Macrovision Corporation) _isAB.exe -> %UserProfile%\Local Settings\Temp\_isAB.exe -> [2007/01/19 13:46:42 | 00,455,600 | R--- | M] (Macrovision Corporation) _Setup.dll -> %UserProfile%\Local Settings\Temp\{2E5B8008-5B2B-4207-B26A-D06FC85C4732}\_Setup.dll -> [2006/05/17 10:21:08 | 00,373,680 | R--- | M] (Macrovision Corporation) _Setup.dll -> %UserProfile%\Local Settings\Temp\{AC577729-6053-47E6-9BA6-0CABFB5081FE}\_Setup.dll -> [2006/05/17 10:21:04 | 00,164,784 | R--- | M] (Macrovision Corporation) _Setup.dll -> %UserProfile%\Local Settings\Temp\{9E7A934D-CA97-47A7-8068-0D371B232FC4}\_Setup.dll -> [2006/05/17 10:21:04 | 00,164,784 | R--- | M] (Macrovision Corporation) _Setup.dll -> %UserProfile%\Local Settings\Temp\{64076405-83A9-4A71-A03A-ACC2A9D95E9D}\_Setup.dll -> [2006/05/17 10:21:04 | 00,164,784 | R--- | M] (Macrovision Corporation) _Setup.dll -> %UserProfile%\Local Settings\Temp\{2E6C8B90-259C-4084-AA9F-FBF69DA90819}\_Setup.dll -> [2006/05/17 10:21:04 | 00,164,784 | R--- | M] (Macrovision Corporation) < End of report > [/code]