OTListIt logfile created on: 3/17/2009 9:29:23 AM - Run 1 OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\Ingrid Moreland\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.36 Mb Total Physical Memory | 504.11 Mb Available Physical Memory | 49.26% Memory free 1.66 Gb Paging File | 1.17 Gb Available in Paging File | 70.46% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 180.30 Gb Total Space | 125.85 Gb Free Space | 69.80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Computer Name: 9535DEE118EC44B Current User Name: Ingrid Moreland Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2004/04/27 00:52:46 | 00,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\shwserv.exe PRC - [2005/09/05 21:25:46 | 02,211,840 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe PRC - [2005/10/10 21:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2005/01/31 08:50:24 | 00,066,335 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe PRC - [2005/01/31 08:49:08 | 03,084,630 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.0\bin\postmaster.exe PRC - [2004/07/09 00:26:54 | 00,118,877 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2005/01/31 08:49:08 | 03,084,630 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.0\bin\postgres.exe PRC - [2005/01/31 08:49:08 | 03,084,630 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.0\bin\postgres.exe PRC - [2005/01/31 08:49:08 | 03,084,630 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.0\bin\postgres.exe PRC - [2005/01/31 08:49:08 | 03,084,630 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.0\bin\postgres.exe PRC - [2004/04/27 00:51:56 | 00,090,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2003/05/23 13:43:00 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe PRC - [2003/07/11 15:51:16 | 00,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe PRC - [2004/04/13 20:45:30 | 00,290,905 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.EXE PRC - [2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2003/10/10 05:14:46 | 00,393,216 | ---- | M] (2Wire, Inc.) -- C:\Program Files\2Wire\2PortalMon.exe PRC - [2003/07/14 10:55:44 | 00,212,992 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe PRC - [2003/10/06 23:26:10 | 00,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\usbsircs\usbsircs.exe PRC - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008/07/16 15:51:34 | 00,140,592 | ---- | M] (AOL LLC.) -- c:\program files\winamp toolbar\WinampTbServer.exe PRC - [2009/03/16 13:09:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/02/19 20:43:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/03/17 09:18:56 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid Moreland\Desktop\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2007/11/10 01:58:25 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) SRV - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2004/04/27 00:52:46 | 00,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\shwserv.exe -- (Giga Pocket Hardware Detector [Auto | Running]) SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) SRV - [2005/09/05 21:25:46 | 02,211,840 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe -- (MySQL [Auto | Running]) SRV - File not found -- -- (MyWebSearchService [Auto | Stopped]) SRV - [2005/10/10 21:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2005/01/31 08:50:24 | 00,066,335 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe -- (pgsql-8.0 [Auto | Running]) SRV - [2009/01/07 14:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped]) SRV - [2009/01/21 15:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped]) SRV - [2003/09/25 16:38:56 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\halsv.exe -- (Sony TV Tuner Controller [On_Demand | Stopped]) SRV - [2004/04/27 00:51:56 | 00,090,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe -- (Sony TV Tuner Manager [On_Demand | Running]) SRV - [2004/07/09 00:27:20 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service [On_Demand | Stopped]) SRV - [2004/07/09 00:26:54 | 00,118,877 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service [Auto | Running]) SRV - [2004/07/09 00:19:04 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) SRV - [2004/07/09 00:17:54 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter [On_Demand | Stopped]) SRV - [2004/07/09 20:28:14 | 01,826,816 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped]) SRV - [2004/06/16 06:42:34 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped]) SRV - [2004/06/22 14:58:14 | 00,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped]) SRV - [2004/06/16 06:41:06 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped]) SRV - [2003/10/30 15:48:10 | 01,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer [On_Demand | Stopped]) SRV - [2004/06/16 06:42:34 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP [On_Demand | Stopped]) SRV - [2004/06/22 14:58:14 | 00,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP [On_Demand | Stopped]) SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running]) SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running]) SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) SRV - [2009/03/16 13:09:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2002/04/01 17:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running]) DRV - [2003/05/23 13:44:00 | 01,171,648 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2000/12/05 18:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\DMICall.sys -- (DMICall [System | Running]) DRV - [1998/07/10 04:31:00 | 00,007,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D [Auto | Running]) DRV - [2003/09/17 14:44:42 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running]) DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2008/08/04 06:32:56 | 00,453,632 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock [Auto | Running]) DRV - [2008/08/04 06:32:56 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running]) DRV - [2001/08/17 15:06:02 | 00,154,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\Icam4USB.sys -- (Icam4USB [On_Demand | Stopped]) DRV - [2004/04/13 20:20:08 | 00,015,781 | R--- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running]) DRV - [2005/10/10 21:49:00 | 03,530,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2009/02/23 11:11:46 | 00,130,424 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running]) DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2001/06/21 21:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running]) DRV - [2004/06/02 18:47:58 | 00,768,512 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\smrt.sys -- (smrt [On_Demand | Running]) DRV - [2003/10/01 17:48:24 | 00,594,048 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running]) DRV - [2001/06/21 21:39:02 | 00,020,032 | R--- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped]) DRV - [2004/06/16 05:05:46 | 00,136,832 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\pfc027.sys -- (SoC PC-Camera Service [On_Demand | Stopped]) DRV - [2004/04/08 10:43:52 | 00,347,648 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\WlanUIG.sys -- (WlanUIG [On_Demand | Stopped]) DRV - [2003/08/10 22:48:04 | 00,177,664 | R--- | M] (2wire) -- C:\WINDOWS\system32\DRIVERS\wltwo51b.sys -- (wltwo51b [On_Demand | Running]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1 FF - prefs.js..extensions.enabledItems: {4244319C-5619-4E73-AA90-0646C4AE21BD}:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.1.20080801 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 FF - HKLM\software\mozilla\Firefox\Extensions\\{4244319C-5619-4E73-AA90-0646C4AE21BD}: C:\DOCUMENTS AND SETTINGS\INGRID MORELAND\LOCAL SETTINGS\APPLICATION DATA\{4244319C-5619-4E73-AA90-0646C4AE21BD} [2009/03/08 15:27:42 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/16 13:09:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 11:25:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/16 13:10:13 | 00,000,000 | ---D | M] [2008/08/27 07:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid Moreland\Application Data\mozilla\Extensions [2008/08/27 07:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid Moreland\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/03/16 19:31:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid Moreland\Application Data\mozilla\Firefox\Profiles\5zev6it9.default\extensions [2008/09/26 15:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid Moreland\Application Data\mozilla\Firefox\Profiles\5zev6it9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2008/08/26 06:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid Moreland\Application Data\mozilla\Firefox\Profiles\5zev6it9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2006/05/27 10:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ingrid Moreland\Application Data\mozilla\Firefox\Profiles\5zev6it9.default\extensions\{E8F388AC-4DC7-4C06-AEDA-E0CB1682EEA0} [2008/08/26 06:39:17 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Application Data\Mozilla\FireFox\Profiles\5zev6it9.default\searchplugins\aim-search.xml [2008/01/14 01:59:27 | 00,000,998 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Application Data\Mozilla\FireFox\Profiles\5zev6it9.default\searchplugins\aolsearch.gif [2008/01/14 01:59:27 | 00,000,293 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Application Data\Mozilla\FireFox\Profiles\5zev6it9.default\searchplugins\aolsearch.src [2008/01/06 07:19:27 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Application Data\Mozilla\FireFox\Profiles\5zev6it9.default\searchplugins\aolsearch.xml [2008/07/05 15:37:55 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Application Data\Mozilla\FireFox\Profiles\5zev6it9.default\searchplugins\winampsearch.gif [2008/07/05 15:37:55 | 00,000,362 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Application Data\Mozilla\FireFox\Profiles\5zev6it9.default\searchplugins\winampsearch.src [2008/04/19 11:53:39 | 00,001,360 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Application Data\Mozilla\FireFox\Profiles\5zev6it9.default\searchplugins\winampsearch.xml [2009/03/16 19:31:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/03/07 16:44:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/06/05 16:03:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2009/03/16 13:10:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/02/19 20:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/02/19 20:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/02/19 14:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/02/19 14:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/02/19 14:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/02/19 14:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/02/19 14:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/02/19 14:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/02/19 14:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (222502 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 87.118.99.131 www.winmx.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 7809 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - Reg Error: Key error. File not found O4 - HKLM..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.) O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" File not found O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /install () O4 - HKLM..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY (Conexant Systems, Inc.) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc) O4 - HKLM..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation) O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (Veoh Networks) O4 - HKCU..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (Adobe Systems, Inc.) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; YPC 3.0.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.habbo.com/client?forwardId=2&roomId=21868919" (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE (2Wire Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk = C:\Program Files\sony\usbsircs\usbsircs.exe (Sony Corporation) O4 - Startup: C:\Documents and Settings\Ingrid Moreland\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Ingrid Moreland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8 - Extra context menu item: &Search - ?p=ZSfox000 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161284829265 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} http://download.solitaire.com/download/solitaire.cab (Sol2axctl Class) O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class) O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab (Java Plug-in 1.4.2_05) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (qyrgij.dll) - C:\WINDOWS\system32\qyrgij.dll () O20 - AppInit_DLLs: (iiucyh.dll) - File not found O20 - AppInit_DLLs: (fozokx.dll) - C:\WINDOWS\system32\fozokx.dll () O20 - AppInit_DLLs: () - File not found O20 - AppInit_DLLs: (ljqmgs.dll) - C:\WINDOWS\system32\ljqmgs.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\fwlkeouw: DllName - rsanonr.dll - File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/16 12:46:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{54cc1f56-7a37-11d9-b86f-806d6172696f}\Shell\AutoRun\command - "" = R:\Autorun.exe -- File not found [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\WINDOWS\*.tmp files] [2009/03/17 09:24:59 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/03/17 09:18:56 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ingrid Moreland\Desktop\OTListIt2.exe [2009/03/17 09:18:43 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Ingrid Moreland\Desktop\Rooter.exe [2009/03/14 03:00:23 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/03/10 03:01:24 | 00,000,000 | ---D | C] -- C:\ce07099011e5cd21798de0a78a0d94 [2009/03/10 03:01:05 | 00,000,000 | ---D | C] -- C:\f3fd769ee7eca7e916d52519 [2009/03/09 18:54:52 | 00,000,000 | ---D | C] -- C:\34c3e26416bd0adc8fdbab4d80 [2009/03/09 18:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ingrid Moreland\Application Data\Malwarebytes [2009/03/09 18:02:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/03/09 18:02:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/03/09 18:02:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/03/09 18:02:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/03/09 18:02:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/03/09 18:00:01 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ingrid Moreland\Desktop\mbam-setup.exe [2009/03/09 17:59:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/03/09 17:58:58 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Ingrid Moreland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/03/09 17:58:55 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Ingrid Moreland\Desktop\NTREGOPT.lnk [2009/03/09 17:58:55 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Ingrid Moreland\Desktop\ERUNT.lnk [2009/03/09 17:58:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/03/09 17:58:22 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ingrid Moreland\Desktop\erunt_setup.exe [2009/03/09 06:06:04 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\ljqmgs.dll [2009/03/09 06:05:14 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$ [2009/03/09 06:04:30 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\QYRGIJ.DLL [2009/03/09 06:01:06 | 00,141,312 | -HS- | C] () -- C:\WINDOWS\System32\fozokx.dll [2009/03/09 04:00:13 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\pokumala.dll [2009/03/08 23:20:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2009/03/08 22:19:38 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009/03/08 22:19:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2009/03/08 20:14:17 | 75,976,928 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ingrid Moreland\Desktop\avg_iswt_stf_en_85_276a1439.exe [2009/03/08 17:35:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ingrid Moreland\Local Settings\Application Data\mhxgdxqq [2009/03/08 17:35:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ingrid Moreland\Application Data\mhxgdxqq [2009/03/08 15:27:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ingrid Moreland\Local Settings\Application Data\{4244319C-5619-4E73-AA90-0646C4AE21BD} [2009/03/08 15:27:39 | 00,134,144 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\emaqibuzi.dll [2009/03/08 15:12:24 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll [2009/03/08 15:12:21 | 00,113,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\ca03eff.sys [2009/03/08 15:11:54 | 00,000,002 | ---- | C] () -- C:\1551611691 [2009/03/08 12:27:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ingrid Moreland\Local Settings\Application Data\ESET [2009/03/08 12:04:51 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009/03/08 12:04:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2009/03/08 11:27:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ingrid Moreland\Application Data\PC Tools [2009/03/08 11:27:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2009/03/08 03:11:14 | 01,808,081 | -HS- | C] () -- C:\WINDOWS\System32\adiduyag.ini [2009/03/08 03:10:59 | 00,141,824 | -HS- | C] () -- C:\WINDOWS\System32\wnvozi.dll [2009/03/08 00:53:10 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2009/03/08 00:52:57 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009/03/08 00:52:57 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2009/03/08 00:52:48 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2009/03/08 00:52:42 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2009/03/08 00:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2009/03/08 00:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2009/03/08 00:50:22 | 18,191,016 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Ingrid Moreland\Desktop\sdsetup.exe [2009/03/07 16:46:58 | 00,045,056 | ---- | C] (R&A Software Solutions) -- C:\WINDOWS\System32\wndRestrict.ocx [2009/03/07 16:46:57 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomct2.ocx [2009/03/07 16:46:57 | 00,147,456 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbzip11.dll [2009/03/07 16:46:57 | 00,143,360 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbuzip10.dll [2009/03/07 16:46:57 | 00,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX [2009/03/07 16:46:57 | 00,007,716 | ---- | C] () -- C:\WINDOWS\System32\URLHIST.tlb [2009/03/07 16:46:56 | 00,209,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX [2009/03/07 16:46:56 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx [2009/03/07 16:46:15 | 02,386,440 | ---- | C] (AE Software Technologies ) -- C:\Documents and Settings\Ingrid Moreland\Desktop\dwasher.exe [2009/03/07 16:44:35 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/03/07 03:10:35 | 01,808,094 | -HS- | C] () -- C:\WINDOWS\System32\irapimis.ini [2009/03/06 03:09:58 | 00,142,336 | -HS- | C] () -- C:\WINDOWS\System32\efqufu.dll [2009/03/02 09:37:29 | 00,001,884 | ---- | C] () -- C:\Documents and Settings\Ingrid Moreland\Desktop\Vanguard.lnk [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\*.tmp files] [2009/03/17 09:18:56 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ingrid Moreland\Desktop\OTListIt2.exe [2009/03/17 09:18:45 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Desktop\Rooter.exe [2009/03/17 07:00:11 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/03/17 06:38:11 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2009/03/16 13:08:37 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/03/14 13:05:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/03/11 06:14:35 | 00,039,369 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/03/11 05:40:31 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/03/11 05:39:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/03/11 05:39:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/03/11 03:08:41 | 10,731,39712 | -HS- | M] () -- C:\hiberfil.sys [2009/03/11 03:08:41 | 00,205,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/03/11 03:01:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/03/09 18:02:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/03/09 18:00:26 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ingrid Moreland\Desktop\mbam-setup.exe [2009/03/09 17:58:58 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/03/09 17:58:55 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Desktop\NTREGOPT.lnk [2009/03/09 17:58:55 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Desktop\ERUNT.lnk [2009/03/09 17:58:28 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ingrid Moreland\Desktop\erunt_setup.exe [2009/03/09 09:30:17 | 00,480,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/03/09 09:30:17 | 00,409,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/03/09 09:30:17 | 00,064,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/03/09 09:07:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wezileme [2009/03/09 06:06:02 | 00,141,312 | ---- | M] () -- C:\WINDOWS\System32\pokumala.dll [2009/03/09 06:06:02 | 00,141,312 | ---- | M] () -- C:\WINDOWS\System32\ljqmgs.dll [2009/03/09 06:04:30 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\QYRGIJ.DLL [2009/03/09 06:01:01 | 00,141,312 | -HS- | M] () -- C:\WINDOWS\System32\fozokx.dll [2009/03/09 06:01:01 | 00,141,312 | -HS- | M] () -- C:\WINDOWS\System32\bejanapo.dll [2009/03/08 20:18:21 | 75,976,928 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ingrid Moreland\Desktop\avg_iswt_stf_en_85_276a1439.exe [2009/03/08 15:27:40 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\emaqibuzi.dll [2009/03/08 15:12:41 | 00,113,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\ca03eff.sys [2009/03/08 15:12:24 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll [2009/03/08 15:11:59 | 00,000,002 | ---- | M] () -- C:\1551611691 [2009/03/08 15:11:25 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [2009/03/08 15:11:25 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe [2009/03/08 15:11:05 | 00,102,400 | -HS- | M] () -- C:\WINDOWS\System32\fusizota.dll [2009/03/08 03:32:35 | 01,808,081 | -HS- | M] () -- C:\WINDOWS\System32\adiduyag.ini [2009/03/08 03:10:58 | 00,141,824 | -HS- | M] () -- C:\WINDOWS\System32\wnvozi.dll [2009/03/08 00:52:48 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2009/03/08 00:51:06 | 18,191,016 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Ingrid Moreland\Desktop\sdsetup.exe [2009/03/07 16:46:25 | 02,386,440 | ---- | M] (AE Software Technologies ) -- C:\Documents and Settings\Ingrid Moreland\Desktop\dwasher.exe [2009/03/07 16:44:35 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/03/07 03:10:48 | 01,808,094 | -HS- | M] () -- C:\WINDOWS\System32\irapimis.ini [2009/03/07 03:10:36 | 00,107,008 | -HS- | M] () -- C:\WINDOWS\System32\pimihiva.dll [2009/03/07 03:10:35 | 00,141,312 | -HS- | M] () -- C:\WINDOWS\System32\mijifine.dll [2009/03/06 15:10:18 | 00,105,984 | -HS- | M] () -- C:\WINDOWS\System32\linuyasi.dll [2009/03/06 08:22:23 | 00,222,502 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/03/06 03:09:57 | 00,142,336 | -HS- | M] () -- C:\WINDOWS\System32\efqufu.dll [2009/03/06 03:09:55 | 00,107,520 | -HS- | M] () -- C:\WINDOWS\System32\numagitu.dll [2009/03/05 15:09:37 | 00,105,984 | -HS- | M] () -- C:\WINDOWS\System32\kosuyapu.dll [2009/03/05 07:45:14 | 00,000,662 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Application Data\wklnhst.dat [2009/03/02 09:37:29 | 00,001,884 | ---- | M] () -- C:\Documents and Settings\Ingrid Moreland\Desktop\Vanguard.lnk [2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/02/23 11:11:46 | 00,130,424 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10151AE6 @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3AB6321 < End of report >