[code] OTScanIt2 logfile created on: 4/27/2009 3:35:00 PM - Run 1 OTScanIt2 by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\ROMANO03\Desktop\OTScanIt2 Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.07 Mb Total Physical Memory | 417.72 Mb Available Physical Memory | 40.87% Memory free 2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.31% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.45 Gb Total Space | 66.52 Gb Free Space | 89.35% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: M51-203-A Current User Name: Romano03 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2005/06/01 04:02:00 | 00,368,640 | ---- | M] (ATI Technologies Inc.) ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> [2007/05/29 17:33:22 | 00,052,840 | ---- | M] (Symantec Corporation) ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2007/05/29 17:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2007/05/29 17:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) collector.exe -> %ProgramFiles%\LANDesk\LDClient\collector.exe -> [2007/11/30 05:09:10 | 00,262,144 | ---- | M] (LANDesk Software, Ltd.) defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> [2007/10/07 21:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) dll32.exe -> %SystemRoot%\system32\dll32.exe -> [2009/04/27 09:36:16 | 00,015,360 | ---- | M] () explorer.exe -> %SystemRoot%\Explorer.EXE -> [2004/08/04 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) gooredfix[1].exe -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\4W4WH63H\GooredFix[1].exe -> [2009/04/27 15:25:10 | 00,094,208 | ---- | M] () hpzipm12.exe -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe -> [2005/04/29 17:44:06 | 00,069,632 | ---- | M] (HP) iap.exe -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> [2004/02/13 11:47:02 | 00,155,648 | ---- | M] (Dell Inc) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2004/08/04 06:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) issuser.exe -> %ProgramFiles%\LANDesk\LDClient\issuser.exe -> [2008/03/24 07:05:28 | 00,406,528 | ---- | M] (LANDesk Software, Ltd.) localsch.exe -> %ProgramFiles%\LANDesk\LDClient\LocalSch.EXE -> [2007/11/30 05:22:44 | 00,196,608 | ---- | M] (LANDesk Software, Ltd.) mspmspsv.exe -> %SystemRoot%\system32\MsPMSPSv.exe -> [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools) pds.exe -> %SystemRoot%\system32\CBA\pds.exe -> [2007/08/31 07:13:00 | 00,032,819 | ---- | M] (LANDesk Software Ltd.) policy.client.invoker.exe -> %ProgramFiles%\LANDesk\LDClient\policy.client.invoker.exe -> [2008/03/11 06:45:02 | 00,118,784 | ---- | M] (LANDesk Software, Ltd.) prt9532.exe -> %SystemDrive%\prt9570\PRT9532.EXE -> [1998/11/25 18:10:58 | 00,242,688 | ---- | M] (Media Architects) rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe -> [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) rcgui.exe -> %ProgramFiles%\LANDesk\LDClient\rcgui.exe -> [2008/03/04 10:57:30 | 00,258,048 | ---- | M] (LANDesk Software, Ltd.) residentagent.exe -> %ProgramFiles%\LANDesk\Shared Files\residentagent.exe -> [2008/06/02 10:42:32 | 00,155,648 | ---- | M] (LANDesk Software, Ltd.) roxmediadb.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> [2006/08/09 20:47:09 | 00,856,064 | ---- | M] (Sonic Solutions) rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> [2007/10/07 21:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> [2007/10/07 21:48:36 | 00,116,664 | ---- | M] (symantec) softmon.exe -> %ProgramFiles%\LANDesk\LDClient\softmon.exe -> [2008/05/30 09:17:10 | 00,331,776 | ---- | M] (LANDesk Software, Ltd.) spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2007/07/26 20:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) tmcsvc.exe -> %ProgramFiles%\LANDesk\LDClient\tmcsvc.exe -> [2007/11/30 05:25:18 | 00,192,512 | ---- | M] (LANDesk Software, Ltd.) vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> [2007/10/07 21:48:40 | 00,125,368 | ---- | M] (Symantec Corporation) wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe -> [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2004/08/04 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Ati2evxx.exe -> [2005/06/01 04:02:00 | 00,368,640 | ---- | M] (ATI Technologies Inc.) (CBA8) LANDesk(R) Management Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\Shared Files\residentagent.exe -> [2008/06/02 10:42:32 | 00,155,648 | ---- | M] (LANDesk Software, Ltd.) (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2007/05/29 17:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2007/05/29 17:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> [2007/10/07 21:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) (Iap) Iap [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> [2004/02/13 11:47:02 | 00,155,648 | ---- | M] (Dell Inc) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) (Intel Local Scheduler Service) Intel Local Scheduler Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\LocalSch.EXE -> [2007/11/30 05:22:44 | 00,196,608 | ---- | M] (LANDesk Software, Ltd.) (Intel PDS) Intel PDS [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CBA\pds.exe -> [2007/08/31 07:13:00 | 00,032,819 | ---- | M] (LANDesk Software Ltd.) (Intel Targeted Multicast) LANDesk Targeted Multicast [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\tmcsvc.exe -> [2007/11/30 05:25:18 | 00,192,512 | ---- | M] (LANDesk Software, Ltd.) (ISSUSER) LANDesk Remote Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\issuser.exe -> [2008/03/24 07:05:28 | 00,406,528 | ---- | M] (LANDesk Software, Ltd.) (LANDesk Policy Invoker) LANDesk Policy Invoker [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\policy.client.invoker.exe -> [2008/03/11 06:45:02 | 00,118,784 | ---- | M] (LANDesk Software, Ltd.) (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> [2006/08/25 13:00:38 | 02,528,960 | ---- | M] (Symantec Corporation) (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe -> [2005/04/29 17:44:06 | 00,069,632 | ---- | M] (HP) (RoxMediaDB) RoxMediaDB [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> [2006/08/09 20:47:09 | 00,856,064 | ---- | M] (Sonic Solutions) (RoxUPnPRenderer) RoxUPnPRenderer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -> [2006/08/09 20:46:57 | 00,045,056 | ---- | M] (Sonic Solutions) (RoxUpnpServer) RoxUpnpServer [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -> [2006/08/09 20:47:39 | 00,401,408 | ---- | M] (Sonic Solutions) (SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> [2007/10/07 21:48:36 | 00,116,664 | ---- | M] (symantec) (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> [2007/08/27 18:14:00 | 00,214,408 | ---- | M] (Symantec Corporation) (Softmon) LANDesk(R) Software Monitoring Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\softmon.exe -> [2008/05/30 09:17:10 | 00,331,776 | ---- | M] (LANDesk Software, Ltd.) (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2007/07/26 20:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> [2007/10/07 21:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) (WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\MsPMSPSv.exe -> [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ati2mtag.sys -> [2005/06/01 04:08:00 | 01,198,080 | ---- | M] (ATI Technologies Inc.) (b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\b57xp32.sys -> [2005/04/01 17:52:46 | 00,132,608 | ---- | M] (Broadcom Corporation) (cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\Cdudf_xp.sys -> [2005/09/19 11:05:00 | 00,309,632 | ---- | M] (Sonic Solutions) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2005/01/27 03:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) (dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\dvd_2k.sys -> [2005/09/19 11:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\e100b325.sys -> [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2009/02/06 16:26:05 | 00,371,248 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009/02/06 16:26:07 | 00,101,936 | ---- | M] (Symantec Corporation) (ldblank) Screen Blanking driver for Remote Control [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ldblank.sys -> [2005/08/01 15:43:04 | 00,011,904 | ---- | M] (LANDesk Software, Ltd.) (ldmirror) ldmirror [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ldmirror.sys -> [2005/08/03 08:21:02 | 00,003,328 | ---- | M] (LANDesk Software, Ltd.) (mirrorflt) Mirror Filter Driver for Uninstall [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\mirrorflt.sys -> [2005/08/03 08:21:02 | 00,003,712 | ---- | M] (LANDesk Software, Ltd.) (mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\mmc_2k.sys -> [2005/09/19 11:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090427.002\NAVENG.SYS -> [2009/02/12 19:04:35 | 00,089,104 | ---- | M] (Symantec Corporation) (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090427.002\NAVEX15.SYS -> [2009/02/12 19:04:42 | 00,876,144 | ---- | M] (Symantec Corporation) (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\omci.sys -> [2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Pwd_2k.sys -> [2005/09/19 11:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2005/08/19 06:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) (RxFilter) RxFilter [File_System | System | Running] -> %SystemRoot%\system32\DRIVERS\RxFilter.sys -> [2005/09/19 06:08:50 | 00,050,176 | ---- | M] (Sonic Solutions) (SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> [2006/09/06 15:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> [2006/09/06 15:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (senfilt) senfilt [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\senfilt.sys -> [2004/09/17 15:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> [2005/01/27 22:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2007/07/26 20:25:18 | 00,400,216 | ---- | M] (Symantec Corporation) (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\Drivers\SYMEVENT.SYS -> [2008/02/19 21:29:36 | 00,110,952 | ---- | M] (Symantec Corporation) (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\SYMREDRV.SYS -> [2007/08/27 18:13:32 | 00,023,944 | ---- | M] (Symantec Corporation) (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\SYMTDI.SYS -> [2007/08/27 18:13:36 | 00,189,320 | ---- | M] (Symantec Corporation) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) (usbser) Motorola USB Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\usbser.sys -> [2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) (usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\usb8023x.sys -> [2005/10/20 21:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) (wceusbsh) Windows CE USB Serial Host Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wceusbsh.sys -> [2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) (TPPWRIF) TPPWRIF [Kernel | On_Demand | Stopped] -> %AllUsersProfile%\Application Data\vulScan\TPPWRIF.sys -> [2006/09/21 17:53:16 | 00,004,442 | ---- | M] () [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.dell.com/ -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.dell.com/ -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 1 -> HKEY_LOCAL_MACHINE\: "ProxyOverride" -> *.local; -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell.com/ -> HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell.com/ -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.dell.com/ -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell.com/ -> HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell.com/ -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.dell.com/ -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\] > -> -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\: Main\\"Default_Page_URL" -> http://www.dell.com/ -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\: Main\\"Start Page" -> http://massnet/ -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\: SearchURL\\"provider" -> -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\: "ProxyEnable" -> 1 -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\: "ProxyOverride" -> *.local; -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla < FireFox Extensions [User Folders] > -> < HOSTS File > (305692 bytes and 10570 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> First 25 entries... Reset Hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2008/06/11 23:33:22 | 00,061,816 | ---- | M] (Adobe Systems Incorporated) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\] > -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [&Yahoo! Toolbar] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ccApp" -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2007/05/29 17:33:22 | 00,052,840 | ---- | M] (Symantec Corporation) "pp" -> %SystemRoot%\pp06.exe [C:\windows\pp06.exe] -> [2009/04/27 09:36:37 | 00,010,752 | -H-- | M] () "sysLDtray" -> %SystemRoot%\ld08.exe [C:\windows\ld08.exe] -> [2009/04/27 09:32:17 | 00,013,824 | -H-- | M] () "vptray" -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> [2007/10/07 21:48:40 | 00,125,368 | ---- | M] (Symantec Corporation) < Run [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\] > -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "dll32" -> %SystemRoot%\System32\dll32.exe [dll32] -> [2009/04/27 09:36:16 | 00,015,360 | ---- | M] () "H/PC Connection Agent" -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"] -> [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Printscreen 95 V7.0.lnk -> %SystemDrive%\prt9570\PRT9532.EXE -> [1998/11/25 18:10:58 | 00,242,688 | ---- | M] (Media Architects) < batist01 Startup Folder > -> C:\Documents and Settings\batist01\Start Menu\Programs\Startup -> < bostwi01 Startup Folder > -> C:\Documents and Settings\bostwi01\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < delgad00 Startup Folder > -> C:\Documents and Settings\delgad00\Start Menu\Programs\Startup -> < lahey Startup Folder > -> C:\Documents and Settings\lahey\Start Menu\Programs\Startup -> < modugn00 Startup Folder > -> C:\Documents and Settings\modugn00\Start Menu\Programs\Startup -> < ROMANO03 Startup Folder > -> C:\Documents and Settings\ROMANO03\Start Menu\Programs\Startup -> < weisse00 Startup Folder > -> C:\Documents and Settings\weisse00\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel \Control Panel\\"HomePage" -> [1] -> File not found < Software Policy Settings [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907] > -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\Software\Policies\Microsoft\Internet Explorer\Control Panel \Control Panel\\"Homepage" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"DisableTaskMgr" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"CDRAutoRun" -> [0] -> File not found \\"NoFolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"CDRAutoRun" -> [0] -> File not found \\"NoFolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoFolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoFolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907] > -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"ForceStartMenuLogOff" -> [1] -> File not found \\"NoFolderOptions" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\] > -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2006/02/06 13:39:50 | 09,358,016 | R--- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Button: Create Mobile Favorite] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation) {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Menu: Create Mobile Favorite...] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\] > -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5489 domain(s) found. -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5488 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5488 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\] > -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5488 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\] > -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2076855242-910781004-1225219381-25907\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> {31435657-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab [Reg Error: Key error.] -> {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126271612109 [WUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab [Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> Domain -> lahey.org -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1035378C-E814-4834-A8FE-0B53E2482372} -> (Broadcom NetXtreme 57xx Gigabit Controller) -> {83899907-F224-49E0-846B-C8F2451EEE3D} -> (Windows Mobile-based Device) -> {C7A3DE0B-0BC7-42A6-BD34-A96DA19330C4} -> (Windows Mobile-based Device) -> {D3DD1D89-D003-4009-AF54-24DD44ECF47D} -> (Windows Mobile-based Device) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\Explorer.exe -> [2004/08/04 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [2007/10/07 21:48:46 | 00,043,448 | ---- | M] (Symantec Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\LANDesk\LDClient\issuser.exe" -> C:\Program Files\LANDesk\LDClient\issuser.exe [C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent] -> [2008/03/24 07:05:28 | 00,406,528 | ---- | M] (LANDesk Software, Ltd.) "C:\Program Files\LANDesk\LDClient\tmcsvc.exe" -> C:\Program Files\LANDesk\LDClient\tmcsvc.exe [C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast] -> [2007/11/30 05:25:18 | 00,192,512 | ---- | M] (LANDesk Software, Ltd.) "C:\Program Files\LANDesk\Shared Files\residentagent.exe" -> C:\Program Files\LANDesk\Shared Files\residentagent.exe [C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent] -> [2008/06/02 10:42:32 | 00,155,648 | ---- | M] (LANDesk Software, Ltd.) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) "C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" -> C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service] -> [2006/08/09 20:47:39 | 00,401,408 | ---- | M] (Sonic Solutions) "C:\WINDOWS\system32\cba\pds.exe" -> C:\WINDOWS\system32\cba\pds.exe [C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service] -> [2007/08/31 07:13:00 | 00,032,819 | ---- | M] (LANDesk Software Ltd.) "C:\WINDOWS\system32\msgsys.exe" -> C:\WINDOWS\system32\msgsys.exe [C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service] -> [2007/08/31 07:12:56 | 00,028,729 | ---- | M] (LANDesk Software Ltd.) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\LANDesk\LDClient\issuser.exe" -> C:\Program Files\LANDesk\LDClient\issuser.exe [C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:REMOTE_CONTROL_DISPLAY_NAME] -> [2008/03/24 07:05:28 | 00,406,528 | ---- | M] (LANDesk Software, Ltd.) "C:\Program Files\LANDesk\LDClient\tmcsvc.exe" -> C:\Program Files\LANDesk\LDClient\tmcsvc.exe [C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:SOFTWARE_DIST_DISPLAY_NAME] -> [2007/11/30 05:25:18 | 00,192,512 | ---- | M] (LANDesk Software, Ltd.) "C:\Program Files\LANDesk\Shared Files\residentagent.exe" -> C:\Program Files\LANDesk\Shared Files\residentagent.exe [C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent] -> [2008/06/02 10:42:32 | 00,155,648 | ---- | M] (LANDesk Software, Ltd.) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) "C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" -> C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service] -> [2006/08/09 20:47:39 | 00,401,408 | ---- | M] (Sonic Solutions) "C:\WINDOWS\system32\cba\pds.exe" -> C:\WINDOWS\system32\cba\pds.exe [C:\WINDOWS\system32\cba\pds.exe:*:Enabled:COMMON_BASE_AGENT_NAME] -> [2007/08/31 07:13:00 | 00,032,819 | ---- | M] (LANDesk Software Ltd.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/04 06:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{0df5d86f-ce5b-11db-a488-001372a2c99e} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0df5d86f-ce5b-11db-a488-001372a2c99e}\Shell\AutoRun\command \{0df5d86f-ce5b-11db-a488-001372a2c99e}\Shell\AutoRun\command\\"" -> E:\Installer.exe [E:\Installer.exe] -> File not found \{0df5d875-ce5b-11db-a488-001372a2c99e} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0df5d875-ce5b-11db-a488-001372a2c99e}\Shell\AutoRun\command \{0df5d875-ce5b-11db-a488-001372a2c99e}\Shell\AutoRun\command\\"" -> E:\Installer.exe [E:\Installer.exe] -> File not found [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 4/27/2009 12:45:34 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Risk: Trojan.Fakeavalert in File: C:\Documents and Settings\ROMANO03\Local Settings\Temporary Internet Files\Content.IE5\2APATUQD\22[1].htm by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was partially removed. Application [ Error ] 4/27/2009 1:00:30 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711726 -> Description = Security Risk Found!Risk: Trojan.Fakeavalert in File: C:\Documents and Settings\ROMANO03\Local Settings\Temporary Internet Files\Content.IE5\2APATUQD\22[1].htm by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged. Application [ Error ] 4/27/2009 1:00:31 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711685 -> Description = Risk Found!Risk: Trojan.Fakeavalert in File: C:\Documents and Settings\ROMANO03\Local Settings\Temporary Internet Files\Content.IE5\2APATUQD\22[1].htm by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged. Application [ Error ] 4/27/2009 1:00:40 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Risk: Trojan.Fakeavalert in File: C:\Documents and Settings\ROMANO03\Local Settings\Temporary Internet Files\Content.IE5\2APATUQD\22[1].htm by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was partially removed. Application [ Error ] 4/27/2009 1:18:32 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711726 -> Description = Security Risk Found!Risk: Trojan.Fakeavalert in File: C:\Documents and Settings\ROMANO03\Local Settings\Temporary Internet Files\Content.IE5\2APATUQD\22[1].htm by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 4/27/2009 1:18:32 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711685 -> Description = Risk Found!Risk: Trojan.Fakeavalert in File: C:\Documents and Settings\ROMANO03\Local Settings\Temporary Internet Files\Content.IE5\2APATUQD\22[1].htm by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 4/27/2009 1:18:40 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Risk: Trojan.Fakeavalert in File: C:\Documents and Settings\ROMANO03\Local Settings\Temporary Internet Files\Content.IE5\2APATUQD\22[1].htm by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 4/27/2009 1:26:51 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711726 -> Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\ROMANO03\Local Settings\Temp\VBRDA02.exe by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged. Application [ Error ] 4/27/2009 1:26:55 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\ROMANO03\Local Settings\Temp\VBRDA02.exe by: Manual Quarantine Scan scan. Action: Clean was partially successful.. Action Description: Clean was partially successful. Application [ Error ] 4/27/2009 1:26:55 PM Computer Name = M51-203-A | Source = Symantec AntiVirus | ID = 16711685 -> Description = Risk Found!Risk: Trojan Horse in File: c:\documents and settings\ROMANO03\local settings\Temp\VBRDA02.exe by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged. Risk: in File: Internet browser temporary file cache by: Manual Quarantine Scan scan. Action: Clean failed : Leave Alone failed. Action Description: The file was deleted successfully. System [ Error ] 3/19/2009 2:01:52 PM Computer Name = M51-203-A | Source = SAVRT | ID = 458772 -> Description = Unable to initialize the virus scanning engine database files. System [ Error ] 3/31/2009 2:40:47 PM Computer Name = M51-203-A | Source = SAVRT | ID = 458772 -> Description = Unable to initialize the virus scanning engine database files. System [ Error ] 4/16/2009 7:57:00 PM Computer Name = M51-203-A | Source = SAVRT | ID = 458772 -> Description = Unable to initialize the virus scanning engine database files. System [ Error ] 4/27/2009 11:11:16 AM Computer Name = M51-203-A | Source = SAVRT | ID = 458772 -> Description = Unable to initialize the virus scanning engine database files. [Files/Folders - Created Within 30 Days] OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/04/27 15:31:05 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/27 15:30:57 | 00,665,196 | ---- | C] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/04/27 14:12:18 | 00,001,734 | ---- | C] () Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/04/27 14:12:18 | 00,000,000 | ---D | C] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2009/04/27 12:48:49 | 00,000,000 | ---D | C] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [2009/04/27 12:48:49 | 00,000,000 | ---D | C] pp06.exe -> %SystemRoot%\pp06.exe -> [2009/04/27 09:36:37 | 00,010,752 | -H-- | C] () 9g2234wesdf3dfgjf23 -> %SystemRoot%\9g2234wesdf3dfgjf23 -> [2009/04/27 09:36:36 | 00,000,001 | ---- | C] () dll32.exe -> %SystemRoot%\System32\dll32.exe -> [2009/04/27 09:36:20 | 00,015,360 | ---- | C] () msmark2.dat -> %SystemRoot%\msmark2.dat -> [2009/04/27 09:34:23 | 00,000,001 | -H-- | C] () t55ft2695f44.dat -> %SystemRoot%\t55ft2695f44.dat -> [2009/04/27 09:34:22 | 00,000,002 | -H-- | C] () t55ft2667f44.dat -> %SystemRoot%\t55ft2667f44.dat -> [2009/04/27 09:34:19 | 00,000,002 | -H-- | C] () ld08.exe -> %SystemRoot%\ld08.exe -> [2009/04/27 09:32:17 | 00,013,824 | -H-- | C] () vr6backupdata.pdf -> %UserProfile%\Desktop\vr6backupdata.pdf -> [2009/04/23 09:54:44 | 00,041,794 | ---- | C] () SURFACE MOUNT LIFT RING (354-2218301).url -> %UserProfile%\Desktop\SURFACE MOUNT LIFT RING (354-2218301).url -> [2009/04/23 09:20:33 | 00,000,120 | ---- | C] () Slightly Stoopid Choose Options.url -> %UserProfile%\Desktop\Slightly Stoopid Choose Options.url -> [2009/04/23 08:41:56 | 00,000,311 | ---- | C] () Clear memory.lnk -> %UserProfile%\Desktop\Clear memory.lnk -> [2009/04/16 15:47:23 | 00,001,464 | ---- | C] () P235-75R15 American Classic 1.6 Whitewall Tire - Coker Tire.url -> %UserProfile%\Desktop\P235-75R15 American Classic 1.6 Whitewall Tire - Coker Tire.url -> [2009/04/15 13:14:28 | 00,000,285 | ---- | C] () Car Parts Deal - Auto Parts and Accessories Catalog - 1993 Dodge W150 Bumper.url -> %UserProfile%\Desktop\Car Parts Deal - Auto Parts and Accessories Catalog - 1993 Dodge W150 Bumper.url -> [2009/04/13 15:46:16 | 00,000,224 | ---- | C] () 476564341_4398.pdf -> %UserProfile%\My Documents\476564341_4398.pdf -> [2009/04/09 14:59:31 | 00,743,696 | ---- | C] () MedAptus Enterprise Server Login Page (2).url -> %UserProfile%\Desktop\MedAptus Enterprise Server Login Page (2).url -> [2009/04/02 09:50:01 | 00,000,182 | ---- | C] () prt9532.ini -> %SystemRoot%\prt9532.ini -> [2007/04/13 10:56:11 | 00,000,106 | ---- | C] () WININIT.INI -> %SystemRoot%\WININIT.INI -> [2006/08/14 11:33:19 | 00,000,157 | ---- | C] () CddbFileTaggerRoxio.dll -> %SystemRoot%\System32\CddbFileTaggerRoxio.dll -> [2005/09/19 04:15:52 | 00,204,800 | ---- | C] () qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [2005/09/14 21:05:36 | 03,596,288 | R--- | C] () libeay32.dll -> %SystemRoot%\System32\libeay32.dll -> [2005/09/14 21:05:36 | 00,831,488 | R--- | C] () ssleay32.dll -> %SystemRoot%\System32\ssleay32.dll -> [2005/09/14 21:05:36 | 00,159,744 | R--- | C] () dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> [2005/09/14 21:05:36 | 00,110,592 | R--- | C] () ODBC.INI -> %SystemRoot%\ODBC.INI -> [2005/09/09 10:07:12 | 00,000,376 | ---- | C] () VPC32.INI -> %SystemRoot%\VPC32.INI -> [2005/09/09 09:55:08 | 00,000,000 | ---- | C] () px.ini -> %SystemRoot%\System32\px.ini -> [2005/08/29 18:29:04 | 00,000,000 | ---- | C] () smscfg.ini -> %SystemRoot%\smscfg.ini -> [2005/08/23 10:26:22 | 00,000,061 | ---- | C] () OEMINFO.INI -> %SystemRoot%\System32\OEMINFO.INI -> [2005/08/23 10:06:46 | 00,000,372 | ---- | C] () besched.dll -> %SystemRoot%\System32\besched.dll -> [2004/11/30 04:10:00 | 00,028,672 | ---- | C] () orun32.ini -> %SystemRoot%\orun32.ini -> [2004/08/11 18:24:19 | 00,000,791 | ---- | C] () fxsperf.ini -> %SystemRoot%\System32\fxsperf.ini -> [2004/08/11 18:11:31 | 00,001,793 | ---- | C] () win.ini -> %SystemRoot%\win.ini -> [2004/08/11 18:00:37 | 00,000,603 | ---- | C] () system.ini -> %SystemRoot%\system.ini -> [2004/08/11 18:00:35 | 00,000,231 | ---- | C] () ieencode.dll -> %SystemRoot%\System32\ieencode.dll -> [2004/08/11 18:00:16 | 00,081,920 | ---- | C] () lockout.dll -> %SystemRoot%\System32\lockout.dll -> [2003/10/02 01:00:00 | 00,208,896 | ---- | C] () lockres.dll -> %SystemRoot%\System32\lockres.dll -> [2003/10/02 01:00:00 | 00,045,056 | ---- | C] () [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/04/27 15:30:58 | 00,665,196 | ---- | M] () ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/04/27 15:27:05 | 05,505,024 | -H-- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/04/27 15:09:44 | 00,407,670 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/04/27 15:09:44 | 00,064,200 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/04/27 15:09:43 | 00,479,920 | ---- | M] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/04/27 14:12:18 | 00,001,734 | ---- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/04/27 13:20:34 | 00,305,692 | R--- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/04/27 12:20:00 | 00,001,158 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/04/27 12:17:32 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/04/27 12:17:20 | 00,002,048 | --S- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/04/27 12:16:08 | 00,000,278 | -HS- | M] () pp06.exe -> %SystemRoot%\pp06.exe -> [2009/04/27 09:36:37 | 00,010,752 | -H-- | M] () 9g2234wesdf3dfgjf23 -> %SystemRoot%\9g2234wesdf3dfgjf23 -> [2009/04/27 09:36:36 | 00,000,001 | ---- | M] () dll32.exe -> %SystemRoot%\System32\dll32.exe -> [2009/04/27 09:36:16 | 00,015,360 | ---- | M] () msmark2.dat -> %SystemRoot%\msmark2.dat -> [2009/04/27 09:34:23 | 00,000,001 | -H-- | M] () t55ft2695f44.dat -> %SystemRoot%\t55ft2695f44.dat -> [2009/04/27 09:34:22 | 00,000,002 | -H-- | M] () t55ft2667f44.dat -> %SystemRoot%\t55ft2667f44.dat -> [2009/04/27 09:34:19 | 00,000,002 | -H-- | M] () ld08.exe -> %SystemRoot%\ld08.exe -> [2009/04/27 09:32:17 | 00,013,824 | -H-- | M] () vr6backupdata.pdf -> %UserProfile%\Desktop\vr6backupdata.pdf -> [2009/04/23 09:54:44 | 00,041,794 | ---- | M] () SURFACE MOUNT LIFT RING (354-2218301).url -> %UserProfile%\Desktop\SURFACE MOUNT LIFT RING (354-2218301).url -> [2009/04/23 09:20:33 | 00,000,120 | ---- | M] () Slightly Stoopid Choose Options.url -> %UserProfile%\Desktop\Slightly Stoopid Choose Options.url -> [2009/04/23 08:41:57 | 00,000,311 | ---- | M] () Shortcut to Coding on Ntfs16.lnk -> %UserProfile%\Desktop\Shortcut to Coding on Ntfs16.lnk -> [2009/04/17 11:54:13 | 00,000,441 | ---- | M] () Clear memory.lnk -> %UserProfile%\Desktop\Clear memory.lnk -> [2009/04/16 15:47:38 | 00,001,464 | ---- | M] () P235-75R15 American Classic 1.6 Whitewall Tire - Coker Tire.url -> %UserProfile%\Desktop\P235-75R15 American Classic 1.6 Whitewall Tire - Coker Tire.url -> [2009/04/15 13:14:28 | 00,000,285 | ---- | M] () Car Parts Deal - Auto Parts and Accessories Catalog - 1993 Dodge W150 Bumper.url -> %UserProfile%\Desktop\Car Parts Deal - Auto Parts and Accessories Catalog - 1993 Dodge W150 Bumper.url -> [2009/04/13 15:46:27 | 00,000,224 | ---- | M] () Shortcut to IDX86_and_Meditech on Ntfs16.lnk -> %UserProfile%\Desktop\Shortcut to IDX86_and_Meditech on Ntfs16.lnk -> [2009/04/10 12:10:29 | 00,000,465 | ---- | M] () 476564341_4398.pdf -> %UserProfile%\My Documents\476564341_4398.pdf -> [2009/04/09 14:59:32 | 00,743,696 | ---- | M] () MedAptus Enterprise Server Login Page (2).url -> %UserProfile%\Desktop\MedAptus Enterprise Server Login Page (2).url -> [2009/04/02 09:50:01 | 00,000,182 | ---- | M] () index.dat -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/11/10 09:18:15 | 06,029,312 | ---- | M] () Init.exe -> %UserProfile%\Local Settings\Temp\_PegEx~1\Init.exe -> [2008/09/09 16:08:07 | 00,348,552 | ---- | M] (MedAptus Inc.) qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/07/25 09:20:04 | 00,005,360 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/07/25 09:20:04 | 00,004,232 | ---- | M] () index.dat -> %UserProfile%\Local Settings\Temp\History\History.IE5\index.dat -> [2008/02/07 18:08:01 | 00,294,912 | ---- | M] () index.dat -> %UserProfile%\Local Settings\Temp\Cookies\index.dat -> [2008/02/07 18:08:01 | 00,065,536 | ---- | M] () getseal[1].com&size=M&use_flash=YES&use_transparent=YES -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\O56Z8HIN\getseal[1].com&size=M&use_flash=YES&use_transparent=YES -> [2007/04/18 13:34:11 | 00,004,081 | ---- | M] () CAOMP390.com%2F&cc=99&u_h=864&u_w=1152&u_ah=864&u_aw=1152&u_cd=32&u_tz=-240&u_his=4&u_java=true -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\O56Z8HIN\CAOMP390.com%2F&cc=99&u_h=864&u_w=1152&u_ah=864&u_aw=1152&u_cd=32&u_tz=-240&u_his=4&u_java=true -> [2007/04/18 09:44:46 | 00,001,471 | ---- | M] () 0120577_0107_00_0690[1].dat -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\3OITZBHZ\0120577_0107_00_0690[1].dat -> [2007/04/17 11:32:15 | 00,085,167 | ---- | M] () 0120577_0106_00_0690[1].dat -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\4TABOT6B\0120577_0106_00_0690[1].dat -> [2007/04/17 11:31:44 | 00,084,252 | ---- | M] () 0120577_0101_00_0690[1].dat -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\S8VT4YCN\0120577_0101_00_0690[1].dat -> [2007/04/17 11:31:33 | 00,085,188 | ---- | M] () index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2007/04/17 09:11:31 | 00,032,768 | ---- | M] () index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2007/04/17 09:11:31 | 00,016,384 | ---- | M] () index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2007/04/17 09:11:31 | 00,016,384 | ---- | M] () CA8FJJI8.com&guid=27780425-206E-4103-82F2-49696DBF1C26 -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\3OITZBHZ\CA8FJJI8.com&guid=27780425-206E-4103-82F2-49696DBF1C26 -> [2007/04/16 15:31:14 | 00,000,001 | ---- | M] () CAP0JENT.com&guid=B214189E-9049-4C0E-9882-F4AAB9EB046B -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\S8VT4YCN\CAP0JENT.com&guid=B214189E-9049-4C0E-9882-F4AAB9EB046B -> [2007/04/16 15:30:53 | 00,000,001 | ---- | M] () log[1].com&guid=D6F88416-CCCD-4292-B874-1ECC60BB63D9 -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\3OITZBHZ\log[1].com&guid=D6F88416-CCCD-4292-B874-1ECC60BB63D9 -> [2007/04/16 15:30:51 | 00,000,001 | ---- | M] () PrintDeskTopSetup[1].exe -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\K476QPD9\PrintDeskTopSetup[1].exe -> [2007/04/13 10:44:41 | 00,789,814 | ---- | M] () data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2005/09/09 10:23:40 | 00,001,372 | ---- | M] () [File - Lop Check] Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2007/11/23 09:10:34 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\Administrator\Application Data\Roxio -> [2007/11/23 09:10:34 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/04/27 12:48:49 | 00,000,000 | RH-D | M] LANDesk -> C:\Documents and Settings\All Users\Application Data\LANDesk -> [2006/08/14 11:11:29 | 00,000,000 | ---D | M] Roxio -> C:\Documents and Settings\All Users\Application Data\Roxio -> [2006/08/14 11:56:43 | 00,000,000 | ---D | M] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2004/08/11 18:25:52 | 00,000,000 | ---D | M] vulScan -> C:\Documents and Settings\All Users\Application Data\vulScan -> [2009/04/27 13:35:08 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\batist01\Application Data -> [2005/09/09 10:37:29 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\batist01\Application Data\Roxio -> [2005/11/22 10:49:39 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\bostwi01\Application Data -> [2005/09/09 10:37:29 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\bostwi01\Application Data\Roxio -> [2005/11/22 10:49:39 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Default User\Application Data -> [2005/09/09 10:37:29 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\Default User\Application Data\Roxio -> [2005/11/22 10:49:39 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\delgad00\Application Data -> [2005/09/09 10:37:29 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\delgad00\Application Data\Roxio -> [2005/11/22 10:49:39 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\lahey\Application Data -> [2005/09/09 10:37:29 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\lahey\Application Data\Roxio -> [2005/11/22 10:49:39 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2009/04/27 09:59:39 | 00,000,000 | ---D | M] Roxio -> C:\Documents and Settings\LocalService\Application Data\Roxio -> [2006/08/14 12:15:59 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\modugn00\Application Data -> [2005/09/09 10:37:29 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\modugn00\Application Data\Roxio -> [2005/11/22 10:49:39 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2004/08/11 18:20:16 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\ROMANO03\Application Data -> [2007/03/13 08:48:50 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\ROMANO03\Application Data\Roxio -> [2008/02/22 14:11:20 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\weisse00\Application Data -> [2008/05/12 10:09:19 | 00,000,000 | RH-D | M] Roxio -> C:\Documents and Settings\weisse00\Application Data\Roxio -> [2005/11/22 10:49:39 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2004/08/11 18:12:58 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/04/27 12:17:32 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID] "\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"="" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\ROMANO03\Desktop\print screen\SP32-20070413-110859.gif:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\Martini[1].Friday.14.JPG:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\Martini[1].Friday.22.JPG:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\31964138-O[1].jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\36083822_img008.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\71371698_pr10351228071.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\charles.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\charles2.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\Darling tatto[2].jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\Darlings tatto.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\fishing.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\IMAGE_224.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\merc.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\mine.bmp:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\my new toy.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\Rocco.jpg:Roxio EMC Stream 76 bytes C:\Documents and Settings\ROMANO03\My Documents\My Pictures\untitled.bmp:Roxio EMC Stream 76 bytes scan completed successfully hidden files: 37 [Alternate Data Streams] @Alternate Data Stream - 76 bytes -> %UserProfile%\My Documents\Martini[1].Friday.14.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> %UserProfile%\My Documents\Martini[1].Friday.22.JPG:Roxio EMC Stream < End of report > [/code]