[code] OTScanIt2 logfile created on: 12/31/2008 5:36:41 PM - Run 2 OTScanIt2 by OldTimer - Version 1.0.4.2 Folder = C:\Documents and Settings\Zack\Desktop\OTScanIt2 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 170.57 Mb Available Physical Memory | 33.38% Memory free 1.22 Gb Paging File | 0.78 Gb Available in Paging File | 63.91% Paging File free Paging file location(s): C:\pagefile.sys 766 800; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 44.17 Gb Free Space | 59.32% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FEF4TRXQT Current User Name: Zack Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) avengine.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE -> [2008/07/02 12:26:56 | 00,193,792 | ---- | M] (Panda Security, S.L.) ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> [2002/09/30 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) cthelper.exe -> %SystemRoot%\system32\CTHELPER.EXE -> [2003/02/20 17:45:40 | 00,028,672 | ---- | M] (Creative Technology Ltd) ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> [2002/10/29 09:18:24 | 00,049,152 | ---- | M] (Creative Technology Ltd) hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2007/12/11 12:10:26 | 00,267,048 | ---- | M] (Apple Inc.) mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) mspmspsv.exe -> %SystemRoot%\system32\MsPMSPSv.exe -> [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) nosign.exe -> %SystemRoot%\nosign.exe -> [2005/09/28 17:37:14 | 00,022,016 | ---- | M] () otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/29 14:23:14 | 00,477,696 | ---- | M] (OldTimer Tools) pavfnsvr.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe -> [2008/07/10 11:02:00 | 00,169,216 | ---- | M] (Panda Security, S.L.) pavjobs.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\pavjobs.exe -> [2008/07/17 18:33:02 | 00,197,888 | ---- | M] (Panda Security, S.L.) pavprsrv.exe -> %CommonProgramFiles%\Panda Security\PavShld\PavPrSrv.exe -> [2008/02/04 16:26:48 | 00,062,768 | ---- | M] (Panda Security, S.L.) pavsrv51.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\PAVSRV51.EXE -> [2008/07/04 13:28:26 | 00,288,512 | ---- | M] (Panda Security, S.L.) psctrls.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe -> [2008/07/16 13:45:20 | 00,181,504 | ---- | M] (Panda Security, S.L.) pshost.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\FIREWALL\PSHost.exe -> [2008/06/12 14:31:40 | 00,226,608 | ---- | M] (Panda Software International) psimsvc.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe -> [2008/06/19 11:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) psksvc.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\psksvc.exe -> [2008/06/25 15:43:08 | 00,028,928 | ---- | M] (Panda Security, S.L.) realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2004/12/20 14:54:09 | 00,180,269 | ---- | M] (RealNetworks, Inc.) tpsrv.exe -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -> [2008/07/17 12:35:58 | 00,157,440 | ---- | M] (Panda Security, S.L.) viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2004/08/11 00:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) (Gwmsrv) Panda Goodware Cache Manager [Win32_Shared | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\GWMsrv.dll -> [2008/07/02 13:09:36 | 00,060,160 | ---- | M] (Panda Security, S.L.) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.) (Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\irmon.dll -> [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) (MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) (Panda Software Controller) Panda Software Controller [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe -> [2008/07/16 13:45:20 | 00,181,504 | ---- | M] (Panda Security, S.L.) (PAVFNSVR) Panda Function Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe -> [2008/07/10 11:02:00 | 00,169,216 | ---- | M] (Panda Security, S.L.) (PavPrSrv) Panda Process Protection Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Panda Security\PavShld\PavPrSrv.exe -> [2008/02/04 16:26:48 | 00,062,768 | ---- | M] (Panda Security, S.L.) (PAVSRV) Panda On-Access Anti-Malware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\PAVSRV51.EXE -> [2008/07/04 13:28:26 | 00,288,512 | ---- | M] (Panda Security, S.L.) (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) (PSHost) Panda Host Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\FIREWALL\PSHost.exe -> [2008/06/12 14:31:40 | 00,226,608 | ---- | M] (Panda Software International) (PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe -> [2008/06/19 11:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) (PskSvcRetail) Panda PSK service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\psksvc.exe -> [2008/06/25 15:43:08 | 00,028,928 | ---- | M] (Panda Security, S.L.) (TPSrv) Panda TPSrv [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -> [2008/07/17 12:35:58 | 00,157,440 | ---- | M] (Panda Security, S.L.) (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2004/08/11 00:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) (WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) (WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\MsPMSPSv.exe -> [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (APPFLT) App Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPFLT.SYS -> [2008/06/25 14:42:18 | 00,073,728 | ---- | M] (Panda Security, S.L.) (ASFWHide) ASFWHide [Kernel | On_Demand | Stopped] -> %UserProfile%\Local Settings\Temp\ASFWHide -> [2008/08/16 14:29:54 | 00,004,096 | ---- | M] () (ComFiltr) Panda Anti-Dialer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\COMFiltr.sys -> [2008/12/30 18:58:23 | 00,013,880 | ---- | M] () (ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctac32k.sys -> [2003/02/20 17:22:38 | 00,135,040 | ---- | M] (Creative Technology Ltd) (ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> [2003/03/26 16:33:58 | 00,498,688 | ---- | M] (Creative Technology Ltd) (ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctdvda2k.sys -> [2003/03/27 10:58:56 | 00,287,920 | ---- | M] (Creative Technology Ltd) (ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctprxy2k.sys -> [2003/02/20 17:24:18 | 00,006,144 | ---- | M] (Creative Technology Ltd) (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> [2003/02/20 17:24:34 | 00,135,248 | ---- | M] (Creative Technology Ltd) (DSAFLT) DSA Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\dsaflt.sys -> [2008/06/18 15:06:02 | 00,052,992 | ---- | M] (Panda Security, S.L.) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2003/03/04 11:56:26 | 00,145,408 | ---- | M] (Intel Corporation) (ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyCDFL.sys -> [2002/05/28 04:40:28 | 00,004,480 | ---- | M] (Elaborate Bytes) (ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> [2002/04/04 03:40:29 | 00,013,300 | ---- | M] (Elaborate Bytes AG) (emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emupia2k.sys -> [2003/02/20 17:24:46 | 00,116,000 | ---- | M] (Creative Technology Ltd) (FNETMON) NetMon Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fnetmon.sys -> [2008/03/28 10:25:06 | 00,022,072 | ---- | M] (Panda Security, S.L.) (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) (ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ha10kx2k.sys -> [2003/03/26 16:31:40 | 00,823,616 | ---- | M] (Creative Technology Ltd) (hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hap16v2k.sys -> [2003/03/26 16:32:02 | 00,141,536 | ---- | M] (Creative Technology Ltd) (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2004/09/29 00:11:42 | 00,051,120 | R--- | M] (HP) (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2004/09/29 00:11:46 | 00,016,496 | R--- | M] (HP) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2004/09/29 00:10:16 | 00,021,744 | ---- | M] (HP) (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> [2002/08/20 16:28:54 | 00,170,499 | ---- | M] (Conexant Systems) (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2002/08/20 16:28:18 | 01,175,536 | ---- | M] (Conexant Systems) (IDSFLT) Ids Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\idsflt.sys -> [2008/06/18 15:06:04 | 00,193,792 | ---- | M] (Panda Security, S.L.) (irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\irsir.sys -> [2001/08/17 15:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) (kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2001/10/22 15:46:42 | 00,009,855 | ---- | M] (Conexant) (MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) (MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\MxlW2k.sys -> [2005/08/20 09:49:59 | 00,028,164 | ---- | M] (MusicMatch, Inc.) (NETFLTDI) Panda Net Driver [TDI Layer] [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NETFLTDI.SYS -> [2008/07/11 13:58:26 | 00,158,848 | ---- | M] (Panda Security, S.L.) (NETIMFLT01060034) PANDA NDIS IM Filter Miniport v1.6.0.34 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\neti1634.sys -> [2008/06/26 10:25:28 | 00,197,888 | ---- | M] (Panda Security, S.L.) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2001/08/22 10:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> [2003/03/26 16:32:32 | 00,189,504 | ---- | M] (Creative Technology Ltd.) (pavboot) Panda boot driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) (PAVDRV) PAVDRV [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\pavdrv51.sys -> [2008/04/28 10:35:14 | 00,084,024 | ---- | M] (Panda Security, S.L.) (PavProc) Panda Process Protection Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PavProc.sys -> [2008/02/07 11:03:08 | 00,179,640 | ---- | M] (Panda Security, S.L.) (PavTPK.sys) PavTPK.sys [Kernel | On_Demand | Running] -> -> File not found (PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PFMODNT.SYS -> [2003/03/05 13:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2002/09/03 11:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/01/26 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rootmdm.sys -> [2002/09/03 11:56:37 | 00,005,888 | ---- | M] (Microsoft Corporation) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (ShldDrv) Panda File Shield Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ShlDrv51.sys -> [2008/03/04 14:59:42 | 00,041,144 | ---- | M] (Panda Security, S.L.) (SNDP610) Dual Mode Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sndp610.sys -> [2005/09/27 21:48:58 | 00,219,392 | ---- | M] () (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2002/08/20 16:22:06 | 00,604,240 | ---- | M] (Conexant Systems) (WNMFLT) Wifi Monitor Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wnmflt.sys -> [2008/06/18 15:06:10 | 00,046,720 | ---- | M] (Panda Security, S.L.) (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2002/09/03 12:14:25 | 00,012,032 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_Url" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: Main\\"Default_Search_Url" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\] > -> -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: Main\\"Default_Page_Url" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: Main\\"Default_Search_Url" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: Main\\"Page_Transitions" -> -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\: "ProxyOverride" -> 127.0.0.1 -> < HOSTS File > (250869 bytes and 8795 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.1001-search.info 127.0.0.1 1001-search.info 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.123topsearch.com 127.0.0.1 123topsearch.com 127.0.0.1 www.132.com 127.0.0.1 132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 127.0.0.1 www.139mm.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/11/03 13:17:44 | 00,054,248 | ---- | M] (Adobe Systems Incorporated) {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> [2008/02/22 03:25:19 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) {A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKLM] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO] -> File not found {daa873d4-958c-453c-81ca-3fe6f3676a87} [HKLM] -> %SystemRoot%\system32 [Reg Error: Value does not exist or could not be read.] -> [2008/12/31 13:48:26 | 00,000,000 | ---D | M] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll [Verizon Broadband Toolbar] -> File not found "{BA52B914-B692-46c4-B683-905236F6F655}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\] > -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "APVXDWIN" -> ["C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s] -> File not found "AsioReg" -> %SystemRoot%\system32\CTASIO.DLL [REGSVR32.EXE /S CTASIO.DLL] -> [2003/02/20 17:27:24 | 00,110,592 | ---- | M] (Creative Technology Ltd) "CloneCDElbyCDFL" -> %ProgramFiles%\Elaborate Bytes\CloneCD\ElbyCheck.exe ["C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL] -> [2001/12/06 07:09:08 | 00,045,056 | ---- | M] (Elaborate Bytes) "CTDVDDet" -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE] -> [2002/09/30 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) "CTHelper" -> %SystemRoot%\system32\CTHELPER.EXE [CTHELPER.EXE] -> [2003/02/20 17:45:40 | 00,028,672 | ---- | M] (Creative Technology Ltd) "CTSysVol" -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe] -> [2002/10/29 09:18:24 | 00,049,152 | ---- | M] (Creative Technology Ltd) "HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) "HPHUPD08" -> %ProgramFiles%\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe] -> [2005/06/01 11:35:55 | 00,049,152 | ---- | M] (Hewlett-Packard) "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2007/12/11 12:10:26 | 00,267,048 | ---- | M] (Apple Inc.) "mmtask" -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe ["C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"] -> File not found "Nosign_Dual" -> %SystemRoot%\nosign.exe [C:\WINDOWS\nosign.EXE "Dual Mode Camera"] -> [2005/09/28 17:37:14 | 00,022,016 | ---- | M] () "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/12/11 10:56:54 | 00,286,720 | ---- | M] (Apple Inc.) "SCANINICIO" -> %ProgramFiles%\Panda Security\Panda Antivirus Pro 2009\Inicio.exe ["C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"] -> [2008/07/07 13:43:56 | 00,050,432 | ---- | M] (Panda Security, S.L.) "TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2004/12/20 14:54:09 | 00,180,269 | ---- | M] (RealNetworks, Inc.) "UpdReg" -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 01:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.) "Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "MMUpdate" -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\UpdtStub.exe [C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\UpdtStub.exe] -> [2002/08/14 16:29:26 | 00,020,480 | ---- | M] (MUSICMATCH, Inc.) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/12/11 10:56:54 | 00,286,720 | ---- | M] (Apple Inc.) "SB Audigy 2 Startup Menu" -> [ /L:ENG] -> File not found "WinMX" -> %SystemDrive%\Progra~1\WinMX\WinMX.exe [C:\Progra~1\WinMX\WinMX.exe -m] -> File not found < RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "FlashPlayerUpdate" -> %SystemRoot%\system32\Macromed\Flash\FlashUtil9b.exe [C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe] -> [2006/11/09 13:46:28 | 00,190,072 | R--- | M] (Adobe Systems, Inc.) < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DWQueuedReporting" -> %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007/03/13 15:38:52 | 00,039,264 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DWQueuedReporting" -> %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007/03/13 15:38:52 | 00,039,264 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\] > -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/12/11 10:56:54 | 00,286,720 | ---- | M] (Apple Inc.) "SB Audigy 2 Startup Menu" -> [ /L:ENG] -> File not found "WinMX" -> %SystemDrive%\Progra~1\WinMX\WinMX.exe [C:\Progra~1\WinMX\WinMX.exe -m] -> File not found < RunOnce [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\] > -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "FlashPlayerUpdate" -> %SystemRoot%\system32\Macromed\Flash\FlashUtil9b.exe [C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe] -> [2006/11/09 13:46:28 | 00,190,072 | R--- | M] (Adobe Systems, Inc.) < Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup -> < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Zack Startup Folder > -> C:\Documents and Settings\Zack\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"CDRAutoRun" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"CDRAutoRun" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005] > -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\] > -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Menu: Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\"{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\] > -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\"{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4616 domain(s) found. -> 41 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4623 domain(s) found. -> .[msn] -> My Computer -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 1 range(s) not assigned to a zone. < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4622 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 1 range(s) not assigned to a zone. < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4622 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 1 range(s) not assigned to a zone. < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\] > -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4623 domain(s) found. -> .[msn] -> My Computer -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\] > -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1454471165-1085031214-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 1 range(s) not assigned to a zone. < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {B49C4597-8721-4789-9250-315DFBD9F525} [HKLM] -> http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab[IWinAmpActiveX Class] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {03F15865-C86E-49C1-951C-55BBBE34215D} -> (Intel(R) PRO/100 VE Network Connection) -> {19315E63-E7A3-402A-9A48-AF0953E95BE3} -> () -> {A8A59999-CF09-4734-B1DE-DAD989F14125} -> (1394 Net Adapter) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> avldr -> %SystemRoot%\system32\avldr.dll -> [2008/03/18 15:58:10 | 00,058,672 | ---- | M] (Panda Security, S.L.) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 18:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2007/12/11 12:10:18 | 17,152,808 | ---- | M] (Apple Inc.) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> File not found "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe [C:\Program Files\McAfee.com\VSO\mcvsshld.exe:*:Disabled:McAfee VirusScan ActiveShield Resource] -> File not found "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found "C:\Program Files\WinMX\WinMX.exe" -> C:\Program Files\WinMX\WinMX.exe [C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application] -> File not found "C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found "C:\WINDOWS\system32\LEXPPS.EXE" -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/07/20 01:49:21 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 7/26/2003 5:21:49 AM Computer Name = FEF4TRXQT | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 7/29/2003 7:37:20 PM Computer Name = FEF4TRXQT | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 7/29/2003 7:37:20 PM Computer Name = FEF4TRXQT | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 7/29/2003 7:37:21 PM Computer Name = FEF4TRXQT | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 7/29/2003 7:37:21 PM Computer Name = FEF4TRXQT | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 7/29/2003 7:37:21 PM Computer Name = FEF4TRXQT | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 7/29/2003 7:37:21 PM Computer Name = FEF4TRXQT | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 7/29/2003 7:37:22 PM Computer Name = FEF4TRXQT | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Application [ Error ] 7/30/2003 2:36:34 PM Computer Name = FEF4TRXQT | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 12/31/2008 6:35:44 PM Computer Name = FEF4TRXQT | Source = Application Hang | ID = 1002 -> Description = Hanging application OTScanIt2.exe, version 1.0.4.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System [ Error ] 7/21/2003 3:40:41 PM Computer Name = FEF4TRXQT | Source = W32Time | ID = 39452706 -> Description = The time service has detected that the system time needs to be changed by +170967915 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.45:123->207.46.232.182:123) is working properly. System [ Error ] 7/23/2003 1:03:51 AM Computer Name = FEF4TRXQT | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. System [ Error ] 7/25/2003 1:11:02 PM Computer Name = FEF4TRXQT | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. System [ Error ] 7/27/2003 2:07:36 PM Computer Name = FEF4TRXQT | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.45 for the Network Card with network address 0007E954BF27 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 7/27/2003 2:09:05 PM Computer Name = FEF4TRXQT | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. System [ Error ] 7/29/2003 10:20:19 PM Computer Name = FEF4TRXQT | Source = W32Time | ID = 39452706 -> Description = The time service has detected that the system time needs to be changed by +170967915 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.44:123->207.46.197.32:123) is working properly. System [ Error ] 7/29/2003 10:22:33 PM Computer Name = FEF4TRXQT | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. System [ Error ] 7/29/2003 7:32:03 PM Computer Name = FEF4TRXQT | Source = W32Time | ID = 39452706 -> Description = The time service has detected that the system time needs to be changed by +170989225 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.44:123->207.46.197.32:123) is working properly. System [ Error ] 12/30/2008 7:38:25 PM Computer Name = FEF4TRXQT | Source = Windows Update Agent | ID = 16 -> Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. System [ Error ] 12/30/2008 7:57:14 PM Computer Name = FEF4TRXQT | Source = W32Time | ID = 39452706 -> Description = The time service has detected that the system time needs to be changed by -86373 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.44:123->207.46.232.182:123) is working properly. [Files/Folders - Created Within 30 Days] OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/31 17:24:59 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/31 17:24:45 | 00,648,611 | ---- | C] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/30 18:50:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) HP Product Assistant -> %AllUsersProfile%\Application Data\HP Product Assistant -> [2008/12/15 17:36:41 | 00,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 192 C:\Documents and Settings\Zack\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Zack\Local Settings\Temp\*.tmp -> 192 C:\Documents and Settings\Zack\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Zack\Local Settings\Temp\*.tmp -> 34 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 34 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> uoilqowfT.dll -> %UserProfile%\Local Settings\Temp\uoilqowfT.dll -> [2008/12/31 17:31:17 | 00,053,248 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/31 17:24:52 | 00,648,611 | ---- | M] () pfdnnt.act -> %SystemRoot%\System32\drivers\etc\pfdnnt.act -> [2008/12/31 17:22:55 | 00,000,141 | ---- | M] () IdsFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\IdsFlt.cfg.bck -> [2008/12/31 13:29:17 | 00,000,252 | ---- | M] () IdsFlt.cfg -> %SystemRoot%\System32\drivers\etc\IdsFlt.cfg -> [2008/12/31 13:29:17 | 00,000,252 | ---- | M] () NetFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\NetFlt.cfg.bck -> [2008/12/31 13:29:17 | 00,000,068 | ---- | M] () NetFlt.cfg -> %SystemRoot%\System32\drivers\etc\NetFlt.cfg -> [2008/12/31 13:29:17 | 00,000,068 | ---- | M] () WnmFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\WnmFlt.cfg.bck -> [2008/12/31 13:29:17 | 00,000,056 | ---- | M] () WnmFlt.cfg -> %SystemRoot%\System32\drivers\etc\WnmFlt.cfg -> [2008/12/31 13:29:17 | 00,000,056 | ---- | M] () APPFLTR.CFG.bck -> %SystemRoot%\System32\drivers\APPFLTR.CFG.bck -> [2008/12/31 13:29:16 | 00,001,132 | ---- | M] () APPFLTR.CFG -> %SystemRoot%\System32\drivers\APPFLTR.CFG -> [2008/12/31 13:29:16 | 00,001,132 | ---- | M] () DsaFlt.cfg.bck -> %SystemRoot%\System32\drivers\etc\DsaFlt.cfg.bck -> [2008/12/31 13:29:16 | 00,000,056 | ---- | M] () DsaFlt.cfg -> %SystemRoot%\System32\drivers\etc\DsaFlt.cfg -> [2008/12/31 13:29:16 | 00,000,056 | ---- | M] () DsaFlt.rls.bck -> %SystemRoot%\System32\drivers\etc\DsaFlt.rls.bck -> [2008/12/31 13:29:06 | 00,620,460 | ---- | M] () DsaFlt.rls -> %SystemRoot%\System32\drivers\etc\DsaFlt.rls -> [2008/12/31 13:29:06 | 00,620,460 | ---- | M] () PAV_FOG.OPC -> %SystemRoot%\System32\PAV_FOG.OPC -> [2008/12/31 13:29:04 | 00,008,627 | ---- | M] () MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/12/31 03:00:11 | 00,000,330 | -H-- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/30 19:15:37 | 00,210,432 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/12/30 19:00:56 | 00,443,556 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/12/30 19:00:56 | 00,383,254 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/12/30 19:00:56 | 00,053,608 | ---- | M] () COMFiltr.sys -> %SystemRoot%\System32\drivers\COMFiltr.sys -> [2008/12/30 18:58:23 | 00,013,880 | ---- | M] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/12/30 18:57:47 | 00,054,156 | -H-- | M] () NetAdapt.cfg -> %SystemRoot%\System32\drivers\etc\NetAdapt.cfg -> [2008/12/30 18:57:01 | 00,000,088 | ---- | M] () NetAR.wlt.bck -> %SystemRoot%\System32\drivers\etc\NetAR.wlt.bck -> [2008/12/30 18:57:00 | 00,000,060 | ---- | M] () NetAR.wlt -> %SystemRoot%\System32\drivers\etc\NetAR.wlt -> [2008/12/30 18:57:00 | 00,000,060 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/30 18:56:36 | 00,000,006 | -H-- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/30 18:56:35 | 00,002,206 | ---- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/30 18:56:34 | 00,002,048 | --S- | M] () NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2008/12/30 18:56:03 | 08,912,896 | -H-- | M] () BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [2008/12/30 18:56:03 | 00,030,036 | ---- | M] () BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [2008/12/30 18:56:03 | 00,030,036 | ---- | M] () BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [2008/12/30 18:56:03 | 00,029,760 | ---- | M] () BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [2008/12/30 18:56:03 | 00,029,760 | ---- | M] () settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [2008/12/30 18:56:03 | 00,001,080 | ---- | M] () settings.sfm -> %SystemRoot%\System32\settings.sfm -> [2008/12/30 18:56:03 | 00,001,080 | ---- | M] () DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> %SystemRoot%\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> [2008/12/30 18:56:03 | 00,000,288 | ---- | M] () DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> %SystemRoot%\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> [2008/12/30 18:56:03 | 00,000,288 | ---- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2008/12/30 18:55:47 | 00,000,278 | -HS- | M] () {00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> %SystemRoot%\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> [2008/12/30 18:55:41 | 04,481,358 | ---- | M] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/30 18:55:40 | 04,838,090 | -H-- | M] () APPFCONT.DAT.bck -> %SystemRoot%\System32\drivers\APPFCONT.DAT.bck -> [2008/12/30 18:52:07 | 00,233,332 | ---- | M] () APPFCONT.DAT -> %SystemRoot%\System32\drivers\APPFCONT.DAT -> [2008/12/30 18:52:07 | 00,233,332 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/30 18:38:33 | 00,005,485 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/30 18:38:33 | 00,004,232 | ---- | M] () AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/16 16:01:02 | 00,000,284 | ---- | M] () mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/12/10 03:01:49 | 00,001,393 | ---- | M] () MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/09/23 15:01:04 | 00,049,152 | ---- | M] () index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2008/09/23 15:01:03 | 00,032,768 | ---- | M] () index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2008/09/23 15:01:03 | 00,032,768 | ---- | M] () cteng_1_2_71221934781.dat -> %SystemRoot%\Temp\cteng_1_2_71221934781.dat -> [2008/09/21 11:12:31 | 00,215,832 | ---- | M] () cteng_index.dat -> %SystemRoot%\Temp\cteng_index.dat -> [2008/09/21 11:12:31 | 00,001,021 | ---- | M] () cteng_1_2_41221925795.dat -> %SystemRoot%\Temp\cteng_1_2_41221925795.dat -> [2008/09/21 11:12:30 | 00,185,408 | ---- | M] () cteng_1_2_231222005624.dat -> %SystemRoot%\Temp\cteng_1_2_231222005624.dat -> [2008/09/21 11:12:29 | 00,255,036 | ---- | M] () cteng_1_2_221221932219.dat -> %SystemRoot%\Temp\cteng_1_2_221221932219.dat -> [2008/09/21 11:12:29 | 00,230,992 | ---- | M] () cteng_1_2_211221974301.dat -> %SystemRoot%\Temp\cteng_1_2_211221974301.dat -> [2008/09/21 11:12:28 | 00,245,804 | ---- | M] () cteng_1_2_181221883326.dat -> %SystemRoot%\Temp\cteng_1_2_181221883326.dat -> [2008/09/21 11:12:27 | 00,215,444 | ---- | M] () cteng_1_2_141222008488.dat -> %SystemRoot%\Temp\cteng_1_2_141222008488.dat -> [2008/09/21 11:12:26 | 00,177,732 | ---- | M] () cteng_1_2_151221925481.dat -> %SystemRoot%\Temp\cteng_1_2_151221925481.dat -> [2008/09/21 11:12:26 | 00,148,072 | ---- | M] () cteng_1_2_131222006567.dat -> %SystemRoot%\Temp\cteng_1_2_131222006567.dat -> [2008/09/21 11:12:25 | 00,231,668 | ---- | M] () cteng_1_1_91221976101.dat -> %SystemRoot%\Temp\cteng_1_1_91221976101.dat -> [2008/09/21 11:12:24 | 00,066,936 | ---- | M] () cteng_1_1_81221850983.dat -> %SystemRoot%\Temp\cteng_1_1_81221850983.dat -> [2008/09/21 11:12:21 | 00,066,724 | ---- | M] () cteng_1_1_41221925811.dat -> %SystemRoot%\Temp\cteng_1_1_41221925811.dat -> [2008/09/21 11:12:20 | 00,082,352 | ---- | M] () cteng_1_1_71221975206.dat -> %SystemRoot%\Temp\cteng_1_1_71221975206.dat -> [2008/09/21 11:12:20 | 00,056,884 | ---- | M] () cteng_1_1_211221886997.dat -> %SystemRoot%\Temp\cteng_1_1_211221886997.dat -> [2008/09/21 11:12:19 | 00,070,288 | ---- | M] () cteng_1_1_201222003478.dat -> %SystemRoot%\Temp\cteng_1_1_201222003478.dat -> [2008/09/21 11:12:19 | 00,062,684 | ---- | M] () cteng_1_1_181222003012.dat -> %SystemRoot%\Temp\cteng_1_1_181222003012.dat -> [2008/09/21 11:12:19 | 00,042,400 | ---- | M] () cteng_1_1_141222008500.dat -> %SystemRoot%\Temp\cteng_1_1_141222008500.dat -> [2008/09/21 11:12:18 | 00,066,152 | ---- | M] () cteng_1_1_161221984202.dat -> %SystemRoot%\Temp\cteng_1_1_161221984202.dat -> [2008/09/21 11:12:18 | 00,058,464 | ---- | M] () cteng_1_1_131221898707.dat -> %SystemRoot%\Temp\cteng_1_1_131221898707.dat -> [2008/09/21 11:12:17 | 00,080,356 | ---- | M] () cteng_1_1_111221973407.dat -> %SystemRoot%\Temp\cteng_1_1_111221973407.dat -> [2008/09/21 11:12:17 | 00,069,588 | ---- | M] () cteng_1_1_101221817707.dat -> %SystemRoot%\Temp\cteng_1_1_101221817707.dat -> [2008/09/21 11:12:16 | 00,047,996 | ---- | M] () cteng_1_2_71221764532.dat -> %SystemRoot%\Temp\cteng_1_2_71221764532.dat -> [2008/09/18 18:50:40 | 00,190,136 | ---- | M] () cteng_1_2_211221714200.dat -> %SystemRoot%\Temp\cteng_1_2_211221714200.dat -> [2008/09/18 18:50:39 | 00,270,044 | ---- | M] () cteng_1_2_231221724098.dat -> %SystemRoot%\Temp\cteng_1_2_231221724098.dat -> [2008/09/18 18:50:39 | 00,218,752 | ---- | M] () cteng_1_2_181221769656.dat -> %SystemRoot%\Temp\cteng_1_2_181221769656.dat -> [2008/09/18 18:50:38 | 00,194,100 | ---- | M] () cteng_1_2_141221772351.dat -> %SystemRoot%\Temp\cteng_1_2_141221772351.dat -> [2008/09/18 18:50:37 | 00,170,640 | ---- | M] () cteng_1_2_131221756217.dat -> %SystemRoot%\Temp\cteng_1_2_131221756217.dat -> [2008/09/18 18:50:36 | 00,178,008 | ---- | M] () cteng_1_1_91221715996.dat -> %SystemRoot%\Temp\cteng_1_1_91221715996.dat -> [2008/09/18 18:50:36 | 00,085,496 | ---- | M] () cteng_1_1_71221764534.dat -> %SystemRoot%\Temp\cteng_1_1_71221764534.dat -> [2008/09/18 18:50:35 | 00,078,032 | ---- | M] () cteng_1_1_81221764531.dat -> %SystemRoot%\Temp\cteng_1_1_81221764531.dat -> [2008/09/18 18:50:35 | 00,063,952 | ---- | M] () cteng_1_1_41221764534.dat -> %SystemRoot%\Temp\cteng_1_1_41221764534.dat -> [2008/09/18 18:50:34 | 00,082,352 | ---- | M] () cteng_1_1_201221719600.dat -> %SystemRoot%\Temp\cteng_1_1_201221719600.dat -> [2008/09/18 18:50:34 | 00,074,388 | ---- | M] () cteng_1_1_211221769030.dat -> %SystemRoot%\Temp\cteng_1_1_211221769030.dat -> [2008/09/18 18:50:34 | 00,070,948 | ---- | M] () cteng_1_1_141221772364.dat -> %SystemRoot%\Temp\cteng_1_1_141221772364.dat -> [2008/09/18 18:50:33 | 00,069,612 | ---- | M] () cteng_1_2_41221683909.dat -> %SystemRoot%\Temp\cteng_1_2_41221683909.dat -> [2008/09/17 18:48:32 | 00,172,356 | ---- | M] () cteng_1_1_161221664831.dat -> %SystemRoot%\Temp\cteng_1_1_161221664831.dat -> [2008/09/17 18:48:29 | 00,073,120 | ---- | M] () cteng_1_1_101221643377.dat -> %SystemRoot%\Temp\cteng_1_1_101221643377.dat -> [2008/09/17 18:48:28 | 00,055,304 | ---- | M] () cteng_1_1_131221601569.dat -> %SystemRoot%\Temp\cteng_1_1_131221601569.dat -> [2008/09/16 22:28:54 | 00,087,748 | ---- | M] () cteng_1_1_111221617769.dat -> %SystemRoot%\Temp\cteng_1_1_111221617769.dat -> [2008/09/16 22:28:53 | 00,078,444 | ---- | M] () cteng_1_2_171221562760.dat -> %SystemRoot%\Temp\cteng_1_2_171221562760.dat -> [2008/09/16 16:45:08 | 00,233,476 | ---- | M] () cteng_1_2_201221548605.dat -> %SystemRoot%\Temp\cteng_1_2_201221548605.dat -> [2008/09/16 04:27:49 | 00,254,316 | ---- | M] () cteng_8_2_11219319937.dat -> %SystemRoot%\Temp\cteng_8_2_11219319937.dat -> [2008/09/15 17:55:59 | 00,006,124 | ---- | M] () cteng_1_2_221221403229.dat -> %SystemRoot%\Temp\cteng_1_2_221221403229.dat -> [2008/09/15 17:55:57 | 00,222,040 | ---- | M] () cteng_1_2_161221293905.dat -> %SystemRoot%\Temp\cteng_1_2_161221293905.dat -> [2008/09/15 17:55:54 | 00,197,336 | ---- | M] () cteng_1_2_151221288504.dat -> %SystemRoot%\Temp\cteng_1_2_151221288504.dat -> [2008/09/15 17:55:53 | 00,138,496 | ---- | M] () cteng_1_1_181221378499.dat -> %SystemRoot%\Temp\cteng_1_1_181221378499.dat -> [2008/09/15 17:55:48 | 00,064,008 | ---- | M] () cteng_1_1_121221160009.dat -> %SystemRoot%\Temp\cteng_1_1_121221160009.dat -> [2008/09/15 17:55:46 | 00,064,192 | ---- | M] () IGdi.dll -> %SystemRoot%\Temp\{CB4544EA-C189-41FE-9E3A-76591DDB852B}\IGdi.dll -> [2008/09/14 19:34:54 | 00,159,744 | ---- | M] (InstallShield Software Corporation) index.dat -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/08/31 15:11:50 | 09,519,104 | ---- | M] () index.dat -> %UserProfile%\Local Settings\Temp\History\History.IE5\index.dat -> [2008/08/31 15:11:50 | 00,540,672 | ---- | M] () index.dat -> %UserProfile%\Local Settings\Temp\Cookies\index.dat -> [2008/08/31 15:11:50 | 00,196,608 | ---- | M] () sfdb.dat -> %UserProfile%\Local Settings\Temp\jkos-Zack\engine\bases\sfdb.dat -> [2008/08/12 18:40:55 | 00,000,084 | ---- | M] () kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\kosglue-7.0.25.0.dll -> [2008/08/12 18:40:12 | 00,729,152 | ---- | M] (Kaspersky Lab) msvcr80.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\msvcr80.dll -> [2008/08/12 18:40:12 | 00,626,688 | ---- | M] (Microsoft Corporation) msvcp80.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\msvcp80.dll -> [2008/08/12 18:40:12 | 00,548,864 | ---- | M] (Microsoft Corporation) kave.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\kave.dll -> [2008/08/12 18:40:12 | 00,282,624 | ---- | M] (Kaspersky Lab.) prLoader.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\prLoader.dll -> [2008/08/12 18:40:12 | 00,184,320 | ---- | M] (Kaspersky Lab) prremote.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\prremote.dll -> [2008/08/12 18:40:12 | 00,090,112 | ---- | M] (Kaspersky Lab) ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\ikave.dll -> [2008/08/12 18:40:12 | 00,065,536 | ---- | M] () msvcm80.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\msvcm80.dll -> [2008/08/12 18:40:11 | 00,479,232 | ---- | M] (Microsoft Corporation) ScanningProcess.exe -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\ScanningProcess.exe -> [2008/08/12 18:40:11 | 00,139,264 | ---- | M] (Kaspersky Lab.) FSSync.dll -> %UserProfile%\Local Settings\Temp\jkos-Zack\binaries\FSSync.dll -> [2008/08/12 18:40:11 | 00,038,400 | ---- | M] (Kaspersky Lab) Perflib_Perfdata_c28.dat -> %SystemRoot%\Temp\Perflib_Perfdata_c28.dat -> [2008/07/16 02:07:02 | 00,016,384 | ---- | M] () hprbehp.exe -> %UserProfile%\Local Settings\Temp\HPSU1P8W._ZX\hprbehp.exe -> [2008/07/16 00:30:19 | 00,094,208 | ---- | M] () hprbeh.dll -> %UserProfile%\Local Settings\Temp\HPSU1P8W._ZX\hprbeh.dll -> [2008/07/16 00:30:18 | 00,069,632 | ---- | M] (Hewlett-Packard Co.) hp_prn_hlp_update.exe -> %UserProfile%\Local Settings\Temp\hp_prn_hlp_update.exe -> [2008/07/16 00:26:41 | 00,531,970 | ---- | M] (Hewlett-Packard Company ) zauninst.exe -> %UserProfile%\Local Settings\Temp\zauninst.exe -> [2008/07/09 14:14:16 | 00,692,624 | ---- | M] () jre-6u7-windows-i586-p-iftw_bdb28397.exe -> %UserProfile%\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe -> [2008/06/10 07:53:46 | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) index.dat -> %UserProfile%\Local Settings\Temp\History\History.IE5\MSHist012007122320071224\index.dat -> [2007/12/24 06:50:14 | 00,049,152 | ---- | M] () avg75free_503a1224[1].exe -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\T5XAVBH2\avg75free_503a1224[1].exe -> [2007/12/18 17:35:53 | 32,824,688 | ---- | M] () free.grisoft[1].com -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\T5XAVBH2\free.grisoft[1].com -> [2007/12/18 17:33:40 | 00,023,337 | ---- | M] () www.grisoft[1].com -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\FQ87HGWQ\www.grisoft[1].com -> [2007/12/18 17:30:46 | 00,023,987 | ---- | M] () getseal[1].com&size=S&use_flash=NO&use_transparent=YES&lang=en -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPI3WH6Z\getseal[1].com&size=S&use_flash=NO&use_transparent=YES&lang=en -> [2007/11/15 21:32:40 | 00,000,013 | ---- | M] () getseal[1].com&size=M&use_flash=NO&use_transparent=NO&lang=en -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\RL9J26Q9\getseal[1].com&size=M&use_flash=NO&use_transparent=NO&lang=en -> [2007/11/15 21:26:59 | 00,002,477 | ---- | M] () getseal[1].com&size=M&use_flash=YES&use_transparent=NO -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\K567AN0H\getseal[1].com&size=M&use_flash=YES&use_transparent=NO -> [2007/11/11 16:31:55 | 00,004,144 | ---- | M] () LoginAuth[1].com%2F&hl=en -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\4H2ZS167\LoginAuth[1].com%2F&hl=en -> [2007/11/06 18:46:54 | 00,002,981 | ---- | M] () get_video[1].com -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\2AU1PTO2\get_video[1].com -> [2007/11/01 17:09:58 | 01,738,827 | ---- | M] () getseal[1].com&size=S&use_flash=YES&use_transparent=YES&lang=en -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\T5XAVBH2\getseal[1].com&size=S&use_flash=YES&use_transparent=YES&lang=en -> [2007/10/30 21:34:42 | 00,004,153 | ---- | M] () getseal[1].com&size=S&use_flash=NO&use_transparent=YES&lang=en -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLENCTYR\getseal[1].com&size=S&use_flash=NO&use_transparent=YES&lang=en -> [2007/10/21 18:53:29 | 00,002,480 | ---- | M] () opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2007/03/01 23:17:22 | 00,008,222 | ---- | M] () hprbupdatep.exe -> %UserProfile%\Local Settings\Temp\HPSUGJYN.DJ1\signed\hprbupdatep.exe -> [2006/06/16 16:29:03 | 00,112,184 | ---- | M] () hprbUpdate.exe -> %UserProfile%\Local Settings\Temp\HPSUGJYN.DJ1\signed\hprbUpdate.exe -> [2006/06/12 15:30:13 | 00,050,744 | ---- | M] (Hewlett-Packard Co.) PRScript[1].dll -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\9HOAYTS8\PRScript[1].dll -> [2005/11/10 01:47:43 | 00,009,890 | ---- | M] () PRScript[1].dll -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\FQ87HGWQ\PRScript[1].dll -> [2005/11/10 00:29:40 | 00,008,682 | ---- | M] () ravenshield_sp_demo.exe -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for ravenshieldspdemo.zip\ravenshield_sp_demo.exe -> [2005/06/30 13:30:43 | 22,235,1360 | ---- | M] (InstallShield Software Corporation) index.dat -> %UserProfile%\Local Settings\Temp\History\History.IE5\MSHist012005040620050407\index.dat -> [2005/04/06 22:46:30 | 00,081,920 | ---- | M] () DeadAIM.exe -> %UserProfile%\Local Settings\Temp\Temporary Directory 5 for Important Programs.zip\DeadAIM.exe -> [2003/06/01 22:09:24 | 00,662,292 | ---- | M] (JDennis.net ) DeadAIM.exe -> %UserProfile%\Local Settings\Temp\Temporary Directory 4 for Important Programs.zip\DeadAIM.exe -> [2003/06/01 22:09:24 | 00,662,292 | ---- | M] (JDennis.net ) DeadAIM.exe -> %UserProfile%\Local Settings\Temp\Temporary Directory 3 for Important Programs.zip\DeadAIM.exe -> [2003/06/01 22:09:24 | 00,662,292 | ---- | M] (JDennis.net ) DeadAIM.exe -> %UserProfile%\Local Settings\Temp\Temporary Directory 2 for Important Programs.zip\DeadAIM.exe -> [2003/06/01 22:09:24 | 00,662,292 | ---- | M] (JDennis.net ) DeadAIM.exe -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for Important Programs.zip\DeadAIM.exe -> [2003/06/01 22:09:24 | 00,662,292 | ---- | M] (JDennis.net ) ISRT.DLL -> %SystemRoot%\Temp\{CB4544EA-C189-41FE-9E3A-76591DDB852B}\ISRT.DLL -> [2003/04/01 11:18:30 | 00,327,680 | ---- | M] (InstallShield Software Corporation) _ISRES.DLL -> %SystemRoot%\Temp\{CB4544EA-C189-41FE-9E3A-76591DDB852B}\_ISRES.DLL -> [2003/03/05 17:45:24 | 00,290,816 | ---- | M] (InstallShield Software Corporation) blueprint screensaver.exe -> %SystemRoot%\Temp\blueprint screensaver.exe -> [2002/11/19 17:38:04 | 02,104,775 | R--- | M] () q3a_csd.exe -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for Q3A_CRACKED_SERVER_DETECTOR.ZIP\q3a_csd.exe -> [2000/01/06 13:51:24 | 00,081,920 | ---- | M] () [Alternate Data Streams] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable @Alternate Data Stream - 11736 bytes -> %SystemRoot%\dahotfix.log:ygjzbg @Alternate Data Stream - 11736 bytes -> %SystemRoot%\KB873339.log:mvsvvk @Alternate Data Stream - 11736 bytes -> %SystemRoot%\ocmsn.log:hngpuk @Alternate Data Stream - 11736 bytes -> %SystemRoot%\Palace.reg:tgixpb @Alternate Data Stream - 11736 bytes -> %SystemRoot%\Q810833.log:msbxmi @Alternate Data Stream - 11736 bytes -> %SystemRoot%\Santa Fe Stucco.bmp:djspiy @Alternate Data Stream - 3567 bytes -> %SystemRoot%\Gone Fishing.bmp:jhusyb @Alternate Data Stream - 3567 bytes -> %SystemRoot%\ocmsn.log:ipotuh @Alternate Data Stream - 3567 bytes -> %SystemRoot%\Q329048.log:sprarw @Alternate Data Stream - 3567 bytes -> %SystemRoot%\Q329441.log:ehtqlo @Alternate Data Stream - 3567 bytes -> %SystemRoot%\Q817606.log:xuehiv @Alternate Data Stream - 3567 bytes -> %SystemRoot%\setup.log:odviet @Alternate Data Stream - 9237 bytes -> %SystemRoot%\DtcInstall.log:qgcner @Alternate Data Stream - 9237 bytes -> %SystemRoot%\Palace.reg:zozvom @Alternate Data Stream - 9237 bytes -> %SystemRoot%\Q329115.log:mhbljm @Alternate Data Stream - 9237 bytes -> %SystemRoot%\Q814033.log:etucot @Alternate Data Stream - 9237 bytes -> %SystemRoot%\sessmgr.setup.log:vkkcki [File - Lop Check] Application Data -> C:\Documents and Settings\Admin\Application Data -> [2008/09/04 17:15:44 | 00,000,000 | RH-D | M] Aim -> C:\Documents and Settings\Admin\Application Data\Aim -> [2006/07/31 09:28:11 | 00,000,000 | ---D | M] Panda Security -> C:\Documents and Settings\Admin\Application Data\Panda Security -> [2008/10/15 18:30:36 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\Admin\Application Data\Viewpoint -> [2008/08/16 14:34:08 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2004/07/19 17:26:03 | 00,000,000 | RH-D | M] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/15 17:36:41 | 00,000,000 | RH-D | M] Backup -> C:\Documents and Settings\All Users\Application Data\Backup -> [2008/09/15 17:46:14 | 00,000,000 | ---D | M] BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2004/07/20 02:03:34 | 00,000,000 | ---D | M] MailFrontier -> C:\Documents and Settings\All Users\Application Data\MailFrontier -> [2008/08/19 13:54:09 | 00,000,000 | ---D | M] Motive -> C:\Documents and Settings\All Users\Application Data\Motive -> [2006/07/29 03:17:39 | 00,000,000 | ---D | M] MSN6 -> C:\Documents and Settings\All Users\Application Data\MSN6 -> [2004/12/14 18:25:47 | 00,000,000 | ---D | M] Panda Security -> C:\Documents and Settings\All Users\Application Data\Panda Security -> [2008/10/15 18:30:36 | 00,000,000 | ---D | M] Panda Software -> C:\Documents and Settings\All Users\Application Data\Panda Software -> [2008/11/07 18:59:19 | 00,000,000 | ---D | M] Trymedia -> C:\Documents and Settings\All Users\Application Data\Trymedia -> [2004/12/17 17:18:10 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/06/13 13:41:33 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Default User\Application Data -> [2004/07/19 17:26:03 | 00,000,000 | RH-D | M] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2008/05/17 14:13:11 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2004/07/20 01:53:32 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Zack\Application Data -> [2008/08/16 14:12:14 | 00,000,000 | RH-D | M] Aim -> C:\Documents and Settings\Zack\Application Data\Aim -> [2008/08/16 14:10:25 | 00,000,000 | ---D | M] Anvil Studio -> C:\Documents and Settings\Zack\Application Data\Anvil Studio -> [2004/10/29 19:47:12 | 00,000,000 | ---D | M] Corel -> C:\Documents and Settings\Zack\Application Data\Corel -> [2005/10/11 18:52:52 | 00,000,000 | ---D | M] CyberLink -> C:\Documents and Settings\Zack\Application Data\CyberLink -> [2004/09/05 22:42:44 | 00,000,000 | ---D | M] MSN6 -> C:\Documents and Settings\Zack\Application Data\MSN6 -> [2005/10/23 21:30:02 | 00,000,000 | ---D | M] MSNInstaller -> C:\Documents and Settings\Zack\Application Data\MSNInstaller -> [2004/12/14 18:28:21 | 00,000,000 | ---D | M] Musicmatch -> C:\Documents and Settings\Zack\Application Data\Musicmatch -> [2005/08/17 15:00:06 | 00,000,000 | ---D | M] Roxio -> C:\Documents and Settings\Zack\Application Data\Roxio -> [2007/05/19 20:42:43 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\Zack\Application Data\Viewpoint -> [2007/06/14 19:14:36 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/30 18:59:42 | 00,000,000 | --SD | M] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/12/16 16:01:02 | 00,000,284 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2002/09/03 11:46:18 | 00,000,065 | RH-- | M] () MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2008/12/31 03:00:11 | 00,000,330 | -H-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/30 18:56:36 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\ocmsn.log:hngpuk 11736 bytes C:\WINDOWS\ocmsn.log:ipotuh 3567 bytes C:\WINDOWS\Gone Fishing.bmp:jhusyb 3567 bytes C:\WINDOWS\Santa Fe Stucco.bmp:djspiy 11736 bytes C:\WINDOWS\sessmgr.setup.log:vkkcki 9237 bytes C:\WINDOWS\setup.log:odviet 3567 bytes C:\WINDOWS\dahotfix.log:ygjzbg 11736 bytes C:\WINDOWS\DtcInstall.log:qgcner 9237 bytes C:\WINDOWS\Q329048.log:sprarw 3567 bytes C:\WINDOWS\Q329115.log:mhbljm 9237 bytes C:\WINDOWS\Q329441.log:ehtqlo 3567 bytes C:\WINDOWS\Q810833.log:msbxmi 11736 bytes C:\WINDOWS\Q814033.log:etucot 9237 bytes C:\WINDOWS\Q817606.log:xuehiv 3567 bytes C:\WINDOWS\KB873339.log:mvsvvk 11736 bytes C:\WINDOWS\Palace.reg:tgixpb 11736 bytes C:\WINDOWS\Palace.reg:zozvom 9237 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 18 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\Admin\Favorites\Dummy Fudge Recipe Paula Deen Food Network.url:favicon 894 bytes C:\Documents and Settings\Admin\Favorites\Low Vision Aids - Low Vision Products for Vision Loss and Impaired Vision at ActiveForever.com.url:favicon 894 bytes C:\Documents and Settings\Zack\My Documents\My Music\Rory Gallagher\Rory Gallagher - Bullfrog Blues France 1980.dat:SummaryInformation 88 bytes C:\Documents and Settings\Zack\My Documents\My Music\Rory Gallagher\Rory Gallagher - Bullfrog Blues France 1980.dat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes scan completed successfully hidden files: 322 < End of report > [/code]