Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE Browser hijacked - www.magnit-info.ru [RESOLVED]

Started by eaglet , Aug 14 2008 09:23 AM

  • This topic is locked This topic is locked

#16
eaglet
Posted 22 August 2008 - 04:00 PM

eaglet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi emeraldnzl

Clearly this is a toughie!

Couldn't run the IEFix. Downloaded and tried to run it but got a message saying 'Internet Explorer 7 is currently not supported'.

Ran the OTViewit scan and here's the result:

OTViewIt logfile created on: 22/08/2008 22:55:20
OTViewIt by OldTimer - Version 1.0.0.5 Folder = C:\Documents and Settings\Daddy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.07 Mb Total Physical Memory | 58.95 Mb Available Physical Memory | 11.74% Memory free
1.44 Gb Paging File | 0.73 Gb Available in Paging File | 50.86% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 13.89 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive D: | 625.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Daddy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[08/03/2008 12:21 AM | 0,124,5064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[07/09/2008 04:27 PM | 0,061,1664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[09/14/2006 07:56 AM | 0,010,2400 | ---- | M] () - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
[09/11/2007 12:45 AM | 0,012,4832 | ---- | M] () - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
[02/21/2008 11:02 PM | 0,023,8968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[10/14/2005 08:50 PM | 0,011,4688 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe
[09/08/2005 05:20 AM | 0,012,2940 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[10/14/2005 08:46 PM | 0,007,7824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[09/03/2003 08:12 PM | 0,022,1184 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[09/08/2007 08:59 PM | 0,031,2880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[02/27/2008 05:56 PM | 0,307,2184 | ---- | M] (Kontiki Inc.) - C:\Program Files\Kontiki\KService.exe
[03/14/2007 07:05 PM | 0,025,7088 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[05/28/2008 02:56 PM | 0,018,1312 | ---- | M] () - C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
[02/23/2008 01:07 PM | 0,016,0592 | ---- | M] (Siber Systems) - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[09/30/2005 08:22 PM | 0,009,6341 | ---- | M] (Canon Inc.) - C:\Program Files\Canon\CAL\CALMAIN.exe
[03/14/2007 07:05 PM | 0,050,0800 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[03/26/2007 01:06 PM | 0,029,2864 | ---- | M] (Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[08/15/2008 10:35 AM | 0,030,7712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[09/11/2007 12:45 AM | 4,092,0992 | ---- | M] (Adobe Systems, Incorporated) - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsEditor.exe
[06/03/2008 05:31 PM | 0,065,4848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[06/26/2006 02:06 AM | 0,116,4288 | ---- | M] (e-merge GmbH) - C:\Program Files\WinAce\winace.exe
[08/22/2008 10:55 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Daddy\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[07/09/2008 04:27 PM | 0,061,1664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Auto | Running]
[09/14/2006 07:56 AM | 0,010,2400 | ---- | M] () - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Auto | Running]
[09/11/2007 12:45 AM | 0,012,4832 | ---- | M] () - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

(Autocomplete) AutoComplete Service [On_Demand | Stopped]
[10/28/2005 06:59 PM | 0,002,7648 | ---- | M] (Acesoft) - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running]
[02/21/2008 11:02 PM | 0,023,8968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Auto | Running]
[09/08/2007 08:59 PM | 0,031,2880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

(CCALib8) Canon Camera Access Library 8 [Auto | Running]
[09/30/2005 08:22 PM | 0,009,6341 | ---- | M] (Canon Inc.) - C:\Program Files\Canon\CAL\CALMAIN.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(comHost) COM Host [On_Demand | Stopped]
[08/22/2007 09:21 AM | 0,005,5640 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/10/2004 05:00 AM | 0,022,4768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Running]
[06/03/2008 05:31 PM | 0,065,4848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[11/14/2005 01:06 AM | 0,006,9632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/14/2007 07:05 PM | 0,050,0800 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(KService) KService [Auto | Running]
[02/27/2008 05:56 PM | 0,307,2184 | ---- | M] (Kontiki Inc.) - C:\Program Files\Kontiki\KService.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[02/21/2008 11:02 PM | 0,322,0856 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

(LiveUpdate Notice) LiveUpdate Notice [Auto | Running]
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(NetSvc) Intel NCS NetService [On_Demand | Stopped]
[11/19/2004 11:26 AM | 0,014,7456 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

(ScsiAccess) ScsiAccess [Auto | Running]
[05/28/2008 02:56 PM | 0,018,1312 | ---- | M] () - C:\Program Files\Photodex\ProShowGold\scsiaccess.exe

(ServiceLayer) ServiceLayer [On_Demand | Running]
[03/26/2007 01:06 PM | 0,029,2864 | ---- | M] (Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

(Symantec Core LC) Symantec Core LC [Auto | Running]
[08/03/2008 12:21 AM | 0,124,5064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(YPCService) YPCService [On_Demand | Stopped]
[05/19/2003 04:07 PM | 0,008,6016 | ---- | M] (Yahoo! Inc.) - C:\WINDOWS\system32\YPcservice.exe

===== Driver Services - Non-Microsoft Only =====

(alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [On_Demand | Stopped]
[06/06/2002 11:14 AM | 0,005,3168 | ---- | M] (THOMSON multimedia) - C:\WINDOWS\system32\drivers\alcan5wn.sys

(alcaudsl) Alcatel Speed Touch ADSL Modem ATM Transport [On_Demand | Stopped]
[06/06/2002 11:14 AM | 0,074,3136 | ---- | M] (THOMSON multimedia) - C:\WINDOWS\system32\drivers\alcaudsl.sys

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 01:51 PM | 0,000,5248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[08/03/2004 11:07 PM | 0,004,3008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\AMDAGP.SYS

(asc) asc [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,002,6496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 01:51 PM | 0,001,4848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [System | Running]
[09/08/2007 08:59 PM | 0,001,1000 | ---- | M] () - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

(AvgAsCln) AVG Anti-Spyware Clean Driver [System | Running]
[09/05/2006 05:03 PM | 0,000,3968 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\AvgAsCln.sys

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 01:51 PM | 0,000,6656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(COH_Mon) COH_Mon [On_Demand | Stopped]
[07/30/2008 05:42 PM | 0,002,3888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\COH_Mon.sys

(CO_Mon) CO_Mon [Auto | Running]
[08/09/2007 01:39 AM | 0,003,6056 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\CO_Mon.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,017,9584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(DLABOIOM) DLABOIOM [Auto | Running]
[09/08/2005 05:20 AM | 0,002,5628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS

(DLACDBHM) DLACDBHM [System | Running]
[08/25/2005 12:16 PM | 0,000,5628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS

(DLADResN) DLADResN [Auto | Running]
[09/08/2005 05:20 AM | 0,000,2496 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLADResN.SYS

(DLAIFS_M) DLAIFS_M [Auto | Running]
[09/08/2005 05:20 AM | 0,008,6524 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

(DLAOPIOM) DLAOPIOM [Auto | Running]
[09/08/2005 05:20 AM | 0,001,4684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

(DLAPoolM) DLAPoolM [Auto | Running]
[09/08/2005 05:20 AM | 0,000,6364 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS

(DLARTL_N) DLARTL_N [System | Running]
[08/25/2005 12:16 PM | 0,002,2684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLARTL_N.SYS

(DLAUDFAM) DLAUDFAM [Auto | Running]
[09/08/2005 05:20 AM | 0,009,4332 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

(DLAUDF_M) DLAUDF_M [Auto | Running]
[09/08/2005 05:20 AM | 0,008,7036 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

(dmboot) dmboot [Disabled | Stopped]
[08/10/2004 05:00 AM | 0,079,9744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/10/2004 05:00 AM | 0,015,3344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/10/2004 05:00 AM | 0,000,5888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DRVMCDB) DRVMCDB [Boot | Running]
[09/12/2005 03:30 AM | 0,008,9264 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS

(DRVNDDM) DRVNDDM [Auto | Running]
[08/12/2005 05:20 AM | 0,004,0544 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS

(E100B) Intel® PRO Network Connection Driver [On_Demand | Running]
[10/14/2004 08:30 AM | 0,015,5648 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/18/2008 09:00 AM | 0,037,1248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/18/2008 09:00 AM | 0,009,9376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[01/29/2008 12:01 PM | 0,001,6168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(hcwPP2) Hauppauge WinTV PVR PCI II ([23|25|26]xxx) [On_Demand | Running]
[09/22/2005 06:19 PM | 0,014,8608 | ---- | M] (Hauppauge Computer Works, Inc.) - C:\WINDOWS\system32\drivers\hcwPP2.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[08/12/2004 05:45 PM | 0,013,7728 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudbus.sys

(ialm) ialm [On_Demand | Running]
[10/14/2005 09:15 PM | 0,130,2812 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(IntelC51) IntelC51 [On_Demand | Running]
[03/06/2004 04:14 AM | 0,123,3525 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\IntelC51.sys

(IntelC52) IntelC52 [On_Demand | Running]
[03/06/2004 04:15 AM | 0,064,7929 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\IntelC52.sys

(IntelC53) IntelC53 [On_Demand | Running]
[06/16/2004 03:52 AM | 0,006,1157 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\IntelC53.sys

(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Auto | Running]
[10/14/2004 08:13 PM | 0,001,5781 | R--- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\drivers\mdc8021x.sys

(mohfilt) mohfilt [On_Demand | Running]
[03/06/2004 04:13 AM | 0,003,7048 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\mohfilt.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,001,7280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/20/2008 09:00 AM | 0,008,9104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.051\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/20/2008 09:00 AM | 0,087,3552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.051\NAVEX15.SYS

(nmwcd) Nokia USB Phone Parent [On_Demand | Stopped]
[02/22/2007 10:15 AM | 0,013,7216 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcd.sys

(nmwcdc) Nokia USB Generic [On_Demand | Stopped]
[02/22/2007 10:15 AM | 0,000,8320 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdc.sys

(nmwcdcj) Nokia USB Port [On_Demand | Stopped]
[02/22/2007 10:15 AM | 0,001,2288 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdcj.sys

(nmwcdcm) Nokia USB Modem [On_Demand | Stopped]
[02/22/2007 10:15 AM | 0,001,2288 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdcm.sys

(nv) nv [On_Demand | Stopped]
[08/03/2004 10:29 PM | 0,189,7408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 0,002,8544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/10/2004 05:00 AM | 0,001,7792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[06/03/2008 05:26 PM | 0,004,3528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,004,0320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,004,5312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,004,9024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(SCDEmu) SCDEmu [System | Running]
[04/09/2007 01:27 PM | 0,003,1548 | ---- | M] (PowerISO Computing, Inc.) - C:\WINDOWS\System32\drivers\scdemu.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 11:25 AM | 0,002,0480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[08/03/2004 11:07 PM | 0,004,1088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGP.SYS

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,001,9072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[01/17/2008 05:05 AM | 0,044,7024 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SRTSP) SRTSP [On_Demand | Running]
[02/01/2008 02:51 AM | 0,027,9088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[02/01/2008 02:51 AM | 0,031,7616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[02/01/2008 02:51 AM | 0,004,3696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspx.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[11/16/2005 09:36 PM | 0,104,7816 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\sthda.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,001,6256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,003,2640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(SYMDNS) SYMDNS [On_Demand | Running]
[06/13/2008 02:13 PM | 0,001,3616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/03/2008 03:27 PM | 0,012,3952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[06/13/2008 02:13 PM | 0,009,6432 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symfw.sys

(SYMIDS) SYMIDS [On_Demand | Running]
[06/13/2008 02:13 PM | 0,003,8576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symids.sys

(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[07/16/2008 07:50 PM | 0,024,0496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080813.001\SymIDSco.sys

(SymIM) Symantec Network Security Intermediate Filter Service [On_Demand | Stopped]
[06/13/2008 02:14 PM | 0,003,1280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys

(SymIMMP) SymIMMP [On_Demand | Running]
[06/13/2008 02:14 PM | 0,003,1280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys

(symlcbrd) symlcbrd [Auto | Running]
[08/31/2006 10:27 AM | 0,001,0344 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symlcbrd.sys

(SYMNDIS) SYMNDIS [On_Demand | Running]
[06/13/2008 02:13 PM | 0,003,7424 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symndis.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[06/13/2008 02:13 PM | 0,002,2320 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[06/13/2008 02:13 PM | 0,018,4240 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,002,8384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,003,0688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(truecrypt) truecrypt [System | Running]
[07/22/2008 09:45 AM | 0,023,5840 | ---- | M] (TrueCrypt Foundation) - C:\WINDOWS\system32\drivers\truecrypt.sys

(U81xbus) LGE U8110 driver (WDM) [On_Demand | Stopped]
[03/28/2004 07:50 PM | 0,005,2352 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xbus.sys

(U81xmdfl) LGE U8110 USB WMC Modem Filter [On_Demand | Stopped]
[03/28/2004 07:51 PM | 0,000,6064 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xmdfl.sys

(U81xmdm) LGE U8110 USB WMC Modem Driver [On_Demand | Stopped]
[03/28/2004 07:51 PM | 0,008,4480 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xmdm.sys

(U81xmgmt) LGE U8110 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[03/28/2004 07:52 PM | 0,007,7472 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xmgmt.sys

(U81xobex) LGE U8110 USB WMC OBEX Interface [On_Demand | Stopped]
[03/28/2004 07:53 PM | 0,007,5456 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xobex.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,003,6736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

(WlanUIG) 2Wire 802.11g USB Driver [On_Demand | Stopped]
[04/08/2004 09:43 AM | 0,034,7648 | R--- | M] ( ) - C:\WINDOWS\system32\drivers\WlanUIG.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware" = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [09/08/2007 08:59 PM | 0,673,1312 | ---- | M] (GRISOFT s.r.o.)
"Adobe Photo Downloader" = "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 07:55 AM | 0,006,1440 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 0,003,4672 | ---- | M] (Adobe Systems Incorporated)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 08:37 PM | 0,005,1048 | ---- | M] (Symantec Corporation)
"DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 05:20 AM | 0,012,2940 | ---- | M] (Sonic Solutions)
"igfxhkcmd" = C:\WINDOWS\system32\hkcmd.exe [10/14/2005 08:46 PM | 0,007,7824 | ---- | M] (Intel Corporation)
"igfxpers" = C:\WINDOWS\system32\igfxpers.exe [10/14/2005 08:50 PM | 0,011,4688 | ---- | M] (Intel Corporation)
"igfxtray" = C:\WINDOWS\system32\igfxtray.exe [10/14/2005 08:49 PM | 0,009,4208 | ---- | M] (Intel Corporation)
"IntelMeM" = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [09/03/2003 08:12 PM | 0,022,1184 | ---- | M] (Intel Corporation)
"ISUSPM Startup" = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [06/10/2005 10:44 AM | 0,024,9856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/10/2005 10:44 AM | 0,008,1920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM | 0,025,7088 | ---- | M] (Apple Inc.)
"KernelFaultCheck" = %systemroot%\system32\dumprep 0 -k File not found
"MSKDetectorExe" = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"osCheck" = "C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 03:50 PM | 0,098,8512 | ---- | M] (Symantec Corporation)
"PCSuiteTrayApplication" = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [03/23/2007 01:20 PM | 0,022,7328 | ---- | M] (Nokia)
"PWRISOVM.EXE" = C:\Program Files\PowerISO\PWRISOVM.EXE [04/09/2007 01:23 PM | 0,020,0704 | ---- | M] (PowerISO Computing, Inc.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [04/27/2007 09:41 AM | 0,028,2624 | ---- | M] (Apple Inc.)
"SpeedTouch USB Diagnostics" = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon [06/06/2002 11:15 AM | 0,086,1184 | ---- | M] (THOMSON multimedia)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm" = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [02/23/2008 01:07 PM | 0,016,0592 | ---- | M] (Siber Systems)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Daddy Startup Folder - C:\Documents and Settings\Daddy\Start Menu\Programs\Startup]
[04/19/2004 05:29 PM | 0,022,1184 | ---- | M] (Mach5 Software) - C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 0,007,5128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (UberButton Class) - [05/26/2005 11:39 AM | 0,018,1352 | ---- | M] (Yahoo!) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [09/08/2005 05:20 AM | 0,011,0652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [06/30/2008 01:44 PM | 0,034,9552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
HKLM CLSID: (YahooTaggedBM Class) - [01/24/2005 09:55 AM | 0,011,5832 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\YIeTagBm.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
HKLM CLSID: (Symantec Intrusion Prevention) - [08/03/2008 12:22 AM | 0,011,6088 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [02/23/2008 01:07 PM | 0,572,2952 | ---- | M] (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 0,050,9328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
HKLM CLSID: (SidebarAutoLaunch Class) - [02/03/2005 05:07 PM | 0,012,4032 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{724d43a0-0d85-11d4-9908-00400523e39a}"
HKLM CLSID: (&RoboForm) - [02/23/2008 01:07 PM | 0,572,2952 | ---- | M] (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 0,034,9552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{724D43A0-0D85-11D4-9908-00400523E39A}"
HKLM CLSID: (&RoboForm) - [02/23/2008 01:07 PM | 0,572,2952 | ---- | M] (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 0,034,9552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"ClearRecentDocsOnExit" = 1
"NoRecentDocsMenu" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/10/2004 05:00 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 01:44 PM | 0,055,7568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/10/2004 05:00 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 05:24 PM | 0,169,4208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [01/26/2007 04:46 AM | 0,027,8528 | ---- | M] (Eastman Kodak Company)
"C:\WINDOWS\kdx\KHost.exe" = C:\WINDOWS\kdx\KHost.exe [04/03/2006 01:49 PM | 0,223,6416 | ---- | M] (Kontiki Inc.)
"C:\Program Files\KService\KService.exe" = C:\Program Files\KService\KService.exe File not found
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe [08/31/2005 05:11 PM | 0,247,8080 | ---- | M] ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [08/31/2005 05:06 PM | 0,005,3248 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 10:20 AM | 0,062,5664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe [06/21/2006 03:58 PM | 0,015,9744 | ---- | M] ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 01:44 PM | 0,055,7568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/14/2007 07:05 PM | 1,467,2448 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe [02/03/2004 01:42 PM | 0,040,1491 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE [12/11/2002 02:03 AM | 0,012,2880 | ---- | M] (SEIKO EPSON CORPORATION)
"C:\StubInstaller.exe" = C:\StubInstaller.exe [10/31/2005 04:56 PM | 0,070,0416 | ---- | M] (LimeWire)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe [09/14/2006 07:55 AM | 0,437,4528 | ---- | M] ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [05/21/2008 04:37 AM | 1,284,4576 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [08/29/2007 12:23 AM | 0,034,0856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [08/28/2007 11:43 PM | 0,102,2840 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe [02/27/2008 05:56 PM | 0,307,2184 | ---- | M] (Kontiki Inc.)
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe [09/11/2007 12:43 AM | 0,293,4688 | ---- | M] ()
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe [04/01/2008 11:40 AM | 0,017,2280 | ---- | M] (ICQ, Inc.)
"C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe" = C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [02/11/2004 05:58 PM | 0,001,6423 | ---- | M] ()

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 11:23 AM | 0,103,3216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/10/2004 05:00 AM | 0,002,4576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/10/2004 05:00 AM | 0,051,4560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/26/2007 04:34 AM | 0,846,0288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/10/2004 05:00 AM | 0,029,8496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [10/14/2005 08:45 PM | 0,013,5168 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"SDhelper" = 2
"PREVXAgent" = 2
"LiveUpdate Notice Service" = 2
"AnonMgmtSvc" = 2
"AnonAswSvc" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk File not found
"backup" = C:\WINDOWS\pss\Kodak EasyShare software.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [01/26/2007 04:46 AM | 0,027,8528 | ---- | M] (Eastman Kodak Company)
"item" = Kodak EasyShare software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk File not found
"backup" = C:\WINDOWS\pss\Kodak software updater.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [02/11/2004 05:58 PM | 0,001,6423 | ---- | M] ()
"item" = Kodak software updater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{14867E7B-46C2-4AA5-BFEF-9D453B6DADD1}]
Servers: | Description: Intel® PRO/100 VE Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{599840EA-C176-47BD-A5C6-64868C4EBD38}]
Servers: | Description: 2Wire 802.11g USB Wireless LAN Card

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5A8F8F95-1883-4C8E-87A6-82DF8BEBBB0E}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F4F53426-6AF3-420C-B8FE-1998A26B5A0D}]
Servers: | Description: 2Wire 802.11g USB Wireless LAN Card



[Files/Folders - Created Within 30 days]
[08/21/2008 11:37 PM | 5,265,36704 | -HS- | M] () - C:\hiberfil.sys
[08/02/2008 07:41 PM | ---D | C] - C:\logs3
[07/30/2008 08:07 PM | 0,001,7144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 0,003,8472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[06/19/2008 05:24 PM | 0,002,8544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[08/03/2008 03:27 PM | 0,001,0671 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[08/03/2008 03:27 PM | 0,000,0805 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.INF
[08/03/2008 03:27 PM | 0,012,3952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 0,013,9264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/10/2008 06:32 AM | ---D | C] - C:\WINDOWS\System32\N360_BACKUP
[12 C:\WINDOWS\System32\*.tmp files]
[08/03/2008 03:27 PM | 0,006,0800 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\S32EVNT1.DLL
[08/01/2008 11:35 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Anonymizer
[08/14/2008 03:11 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/05/2008 01:04 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/01/2008 11:36 AM | ---D | C] - C:\Documents and Settings\Daddy\Application Data\Anonymizer
[08/14/2008 03:11 PM | ---D | C] - C:\Documents and Settings\Daddy\Application Data\Malwarebytes
[08/15/2008 10:38 AM | ---D | C] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Cooliris
[08/14/2008 02:47 PM | ---D | C] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Mozilla
[08/18/2008 10:23 AM | ---D | C] - C:\Documents and Settings\Daddy\Local Settings\Application Data\NOS
[08/21/2008 11:27 PM | ---D | C] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Runscanner.net
[08/20/2008 10:50 PM | ---D | C] - C:\Documents and Settings\Daddy\My Documents\Erunt backup
[08/17/2008 10:46 AM | ---D | C] - C:\Documents and Settings\Daddy\My Documents\iMacros
[08/12/2008 01:38 PM | 0,109,9264 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\PLA Education Managing Teachers draft report 6th August 2008 with RS comments.DOC
[08/22/2008 02:46 PM | 0,003,3280 | -HS- | M] () - C:\Documents and Settings\Daddy\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[08/16/2008 08:15 PM | 0,001,0747 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\Ticket Refund.docx
[08/05/2008 12:35 PM | 0,001,2157 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\Trees 5.docx
[08/10/2008 10:18 AM | 0,003,5363 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\windrvNT.sys
[08/18/2008 10:22 AM | 0,000,1729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/02/2008 07:45 PM | 0,000,1840 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\BBC iPlayer Download Manager.lnk
[08/13/2008 03:06 PM | ---D | C] - C:\Documents and Settings\All Users\Desktop\Digital Photo September 2008 CD
[08/19/2008 04:12 PM | 0,000,0685 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Dynamic-Photo HDR.lnk
[08/14/2008 03:11 PM | 0,000,0696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/14/2008 02:47 PM | 0,000,1602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/03/2008 12:24 AM | 0,000,1632 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[08/15/2008 09:56 AM | 0,017,5648 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\activescan2_en.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\activescan2_en.exe:Zone.Identifier
[08/14/2008 02:58 PM | 0,005,0688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Daddy\Desktop\ATF_Cleaner(2).exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner(2).exe:Zone.Identifier
[08/14/2008 02:56 PM | 0,005,0688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Daddy\Desktop\ATF_Cleaner.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier
[08/14/2008 03:04 PM | 0,012,8368 | ---- | M] (Digital River) - C:\Documents and Settings\Daddy\Desktop\Download_mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Download_mbam-setup.exe:Zone.Identifier
[08/19/2008 04:11 PM | 0,991,6472 | ---- | M] (Mediachance ) - C:\Documents and Settings\Daddy\Desktop\dphdrtrial.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dphdrtrial.exe:Zone.Identifier
[08/21/2008 11:50 PM | 1,114,6808 | ---- | M] (Doctor Web, Ltd.) - C:\Documents and Settings\Daddy\Desktop\drweb-cureit.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\drweb-cureit.exe:Zone.Identifier
[08/22/2008 09:31 AM | 0,000,2874 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\DrWeb.csv
[08/20/2008 10:44 PM | 0,023,8440 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\eaglet.run
[08/21/2008 11:24 PM | 0,024,0376 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\eaglet1.run
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\eaglet1.run:Zone.Identifier
[08/20/2008 10:46 PM | 0,079,1393 | ---- | M] (Lars Hederer ) - C:\Documents and Settings\Daddy\Desktop\erunt-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\erunt-setup.exe:Zone.Identifier
[08/20/2008 10:48 PM | 0,000,0592 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\ERUNT.lnk
[08/14/2008 03:51 PM | 0,040,1720 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Daddy\Desktop\HiJackThis.exe
[05/19/2006 12:58 PM | 0,001,5360 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\IEFix.exe
[08/22/2008 10:52 PM | 0,001,4012 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\IEFix.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\IEFix.zip:Zone.Identifier
[08/16/2008 03:05 PM | 0,149,5112 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\Daddy\Desktop\install_flash_player.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\install_flash_player.exe:Zone.Identifier
[08/01/2008 10:49 PM | 0,020,8384 | ---- | M] (Paul McLain and Fred de Vries) - C:\Documents and Settings\Daddy\Desktop\JavaRa.exe
[08/18/2008 09:31 AM | 0,005,9632 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\JavaRa.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\JavaRa.zip:Zone.Identifier
[08/06/2008 09:30 AM | 0,000,0779 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Kremlin Encrypt.lnk
[08/06/2008 09:30 AM | 0,000,0732 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Kremlin Secure Recycle Bin.lnk
[07/06/2006 12:33 AM | 0,001,1445 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\LSPFix-source.zip
[07/05/2006 04:12 PM | 0,018,6880 | ---- | M] (CEXX.ORG) - C:\Documents and Settings\Daddy\Desktop\LSPFix.exe
[08/21/2008 11:30 PM | 0,020,1030 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\lspfix.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\lspfix.zip:Zone.Identifier
[08/14/2008 03:09 PM | 0,188,5120 | ---- | M] (Malwarebytes Corporation ) - C:\Documents and Settings\Daddy\Desktop\mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
[08/20/2008 10:52 PM | ---D | C] - C:\Documents and Settings\Daddy\Desktop\OTScanIt
[08/19/2008 01:13 PM | 0,056,8477 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\OTScanIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
[08/22/2008 10:55 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Daddy\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/18/2008 06:20 PM | 0,190,0288 | ---- | M] (Runscanner.net) - C:\Documents and Settings\Daddy\Desktop\RunScanner.exe
[08/20/2008 10:38 PM | 0,179,1702 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\runscanner.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\runscanner.zip:Zone.Identifier
[08/14/2008 11:54 AM | 0,000,0841 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Shortcut to PhotoshopElementsEditor.exe.lnk
[08/20/2007 05:18 PM | 0,000,1787 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[08/06/2008 09:30 AM | 0,000,0786 | ---- | M] () - C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\Kremlin Sentry.lnk
[08/12/2008 05:53 PM | ---D | C] - C:\Program Files\7-Zip
[08/19/2008 05:06 PM | ---D | C] - C:\Program Files\DynamicPhotoHDR
[08/20/2008 10:48 PM | ---D | C] - C:\Program Files\ERUNT
[08/06/2008 09:30 AM | ---D | C] - C:\Program Files\Mach5 Software
[08/14/2008 03:11 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/22/2008 04:45 PM | ---D | C] - C:\Program Files\Mozilla Firefox
[08/04/2008 08:38 AM | ---D | C] - C:\Program Files\Norton 360
[08/15/2008 09:57 AM | ---D | C] - C:\Program Files\Panda Security
[08/03/2008 03:27 PM | ---D | C] - C:\Program Files\Symantec
[08/03/2008 12:22 AM | ---D | C] - C:\Program Files\Windows Sidebar

[Files/Folders - Modified Within 30 days]
[08/18/2008 10:31 AM | 0,000,0209 | RHS- | M] () - C:\boot.ini
[08/22/2008 03:10 PM | ---D | M] - C:\Config.Msi
[08/21/2008 11:37 PM | 5,265,36704 | -HS- | M] () - C:\hiberfil.sys
[08/18/2008 10:34 AM | 0,005,7168 | ---- | M] () - C:\logfile
[08/02/2008 07:41 PM | ---D | M] - C:\logs3
[08/20/2008 10:48 PM | R--D | M] - C:\Program Files
[08/18/2008 03:49 PM | 0,000,0350 | ---- | M] () - C:\sccfg.sys
[08/21/2008 11:39 PM | ---D | M] - C:\WINDOWS
[07/30/2008 05:28 PM | 0,001,0537 | ---- | M] () - C:\WINDOWS\System32\drivers\coh_mon.cat
[07/30/2008 05:28 PM | 0,000,0706 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.inf
[07/30/2008 05:42 PM | 0,002,3888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\COH_Mon.sys
[07/30/2008 08:07 PM | 0,001,7144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 0,003,8472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/03/2008 03:27 PM | 0,001,0671 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[08/03/2008 03:27 PM | 0,000,0805 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.INF
[08/03/2008 03:27 PM | 0,012,3952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[08/21/2008 11:38 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[12 C:\WINDOWS\System32\*.tmp files]
[08/19/2008 12:34 PM | 0,000,1324 | ---- | M] () - C:\WINDOWS\System32\d3d9caps.dat
[08/15/2008 06:28 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/15/2008 09:59 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/15/2008 08:58 AM | 0,029,4072 | ---- |
  • 0

Advertisements

#17
eaglet
Posted 22 August 2008 - 04:05 PM

eaglet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
That last reply didn't seem to get all of the log. Try again:

OTViewIt logfile created on: 22/08/2008 22:55:20
OTViewIt by OldTimer - Version 1.0.0.5 Folder = C:\Documents and Settings\Daddy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.07 Mb Total Physical Memory | 58.95 Mb Available Physical Memory | 11.74% Memory free
1.44 Gb Paging File | 0.73 Gb Available in Paging File | 50.86% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 13.89 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive D: | 625.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Daddy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[08/03/2008 12:21 AM | 0,124,5064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[07/09/2008 04:27 PM | 0,061,1664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[09/14/2006 07:56 AM | 0,010,2400 | ---- | M] () - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
[09/11/2007 12:45 AM | 0,012,4832 | ---- | M] () - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
[02/21/2008 11:02 PM | 0,023,8968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[10/14/2005 08:50 PM | 0,011,4688 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe
[09/08/2005 05:20 AM | 0,012,2940 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[10/14/2005 08:46 PM | 0,007,7824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[09/03/2003 08:12 PM | 0,022,1184 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[09/08/2007 08:59 PM | 0,031,2880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[02/27/2008 05:56 PM | 0,307,2184 | ---- | M] (Kontiki Inc.) - C:\Program Files\Kontiki\KService.exe
[03/14/2007 07:05 PM | 0,025,7088 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[05/28/2008 02:56 PM | 0,018,1312 | ---- | M] () - C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
[02/23/2008 01:07 PM | 0,016,0592 | ---- | M] (Siber Systems) - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[09/30/2005 08:22 PM | 0,009,6341 | ---- | M] (Canon Inc.) - C:\Program Files\Canon\CAL\CALMAIN.exe
[03/14/2007 07:05 PM | 0,050,0800 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[03/26/2007 01:06 PM | 0,029,2864 | ---- | M] (Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[08/15/2008 10:35 AM | 0,030,7712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[09/11/2007 12:45 AM | 4,092,0992 | ---- | M] (Adobe Systems, Incorporated) - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsEditor.exe
[06/03/2008 05:31 PM | 0,065,4848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[06/26/2006 02:06 AM | 0,116,4288 | ---- | M] (e-merge GmbH) - C:\Program Files\WinAce\winace.exe
[08/22/2008 10:55 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Daddy\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[07/09/2008 04:27 PM | 0,061,1664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Auto | Running]
[09/14/2006 07:56 AM | 0,010,2400 | ---- | M] () - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Auto | Running]
[09/11/2007 12:45 AM | 0,012,4832 | ---- | M] () - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

(Autocomplete) AutoComplete Service [On_Demand | Stopped]
[10/28/2005 06:59 PM | 0,002,7648 | ---- | M] (Acesoft) - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running]
[02/21/2008 11:02 PM | 0,023,8968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Auto | Running]
[09/08/2007 08:59 PM | 0,031,2880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

(CCALib8) Canon Camera Access Library 8 [Auto | Running]
[09/30/2005 08:22 PM | 0,009,6341 | ---- | M] (Canon Inc.) - C:\Program Files\Canon\CAL\CALMAIN.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(comHost) COM Host [On_Demand | Stopped]
[08/22/2007 09:21 AM | 0,005,5640 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/10/2004 05:00 AM | 0,022,4768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Running]
[06/03/2008 05:31 PM | 0,065,4848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[11/14/2005 01:06 AM | 0,006,9632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/14/2007 07:05 PM | 0,050,0800 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(KService) KService [Auto | Running]
[02/27/2008 05:56 PM | 0,307,2184 | ---- | M] (Kontiki Inc.) - C:\Program Files\Kontiki\KService.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[02/21/2008 11:02 PM | 0,322,0856 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

(LiveUpdate Notice) LiveUpdate Notice [Auto | Running]
[02/18/2008 08:37 PM | 0,014,9352 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(NetSvc) Intel NCS NetService [On_Demand | Stopped]
[11/19/2004 11:26 AM | 0,014,7456 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

(ScsiAccess) ScsiAccess [Auto | Running]
[05/28/2008 02:56 PM | 0,018,1312 | ---- | M] () - C:\Program Files\Photodex\ProShowGold\scsiaccess.exe

(ServiceLayer) ServiceLayer [On_Demand | Running]
[03/26/2007 01:06 PM | 0,029,2864 | ---- | M] (Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

(Symantec Core LC) Symantec Core LC [Auto | Running]
[08/03/2008 12:21 AM | 0,124,5064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(YPCService) YPCService [On_Demand | Stopped]
[05/19/2003 04:07 PM | 0,008,6016 | ---- | M] (Yahoo! Inc.) - C:\WINDOWS\system32\YPcservice.exe

===== Driver Services - Non-Microsoft Only =====

(alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [On_Demand | Stopped]
[06/06/2002 11:14 AM | 0,005,3168 | ---- | M] (THOMSON multimedia) - C:\WINDOWS\system32\drivers\alcan5wn.sys

(alcaudsl) Alcatel Speed Touch ADSL Modem ATM Transport [On_Demand | Stopped]
[06/06/2002 11:14 AM | 0,074,3136 | ---- | M] (THOMSON multimedia) - C:\WINDOWS\system32\drivers\alcaudsl.sys

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 01:51 PM | 0,000,5248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[08/03/2004 11:07 PM | 0,004,3008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\AMDAGP.SYS

(asc) asc [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,002,6496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 01:51 PM | 0,001,4848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [System | Running]
[09/08/2007 08:59 PM | 0,001,1000 | ---- | M] () - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

(AvgAsCln) AVG Anti-Spyware Clean Driver [System | Running]
[09/05/2006 05:03 PM | 0,000,3968 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\AvgAsCln.sys

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 01:51 PM | 0,000,6656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(COH_Mon) COH_Mon [On_Demand | Stopped]
[07/30/2008 05:42 PM | 0,002,3888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\COH_Mon.sys

(CO_Mon) CO_Mon [Auto | Running]
[08/09/2007 01:39 AM | 0,003,6056 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\CO_Mon.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,017,9584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(DLABOIOM) DLABOIOM [Auto | Running]
[09/08/2005 05:20 AM | 0,002,5628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS

(DLACDBHM) DLACDBHM [System | Running]
[08/25/2005 12:16 PM | 0,000,5628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS

(DLADResN) DLADResN [Auto | Running]
[09/08/2005 05:20 AM | 0,000,2496 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLADResN.SYS

(DLAIFS_M) DLAIFS_M [Auto | Running]
[09/08/2005 05:20 AM | 0,008,6524 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

(DLAOPIOM) DLAOPIOM [Auto | Running]
[09/08/2005 05:20 AM | 0,001,4684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

(DLAPoolM) DLAPoolM [Auto | Running]
[09/08/2005 05:20 AM | 0,000,6364 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS

(DLARTL_N) DLARTL_N [System | Running]
[08/25/2005 12:16 PM | 0,002,2684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLARTL_N.SYS

(DLAUDFAM) DLAUDFAM [Auto | Running]
[09/08/2005 05:20 AM | 0,009,4332 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

(DLAUDF_M) DLAUDF_M [Auto | Running]
[09/08/2005 05:20 AM | 0,008,7036 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

(dmboot) dmboot [Disabled | Stopped]
[08/10/2004 05:00 AM | 0,079,9744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/10/2004 05:00 AM | 0,015,3344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/10/2004 05:00 AM | 0,000,5888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DRVMCDB) DRVMCDB [Boot | Running]
[09/12/2005 03:30 AM | 0,008,9264 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS

(DRVNDDM) DRVNDDM [Auto | Running]
[08/12/2005 05:20 AM | 0,004,0544 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS

(E100B) Intel® PRO Network Connection Driver [On_Demand | Running]
[10/14/2004 08:30 AM | 0,015,5648 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/18/2008 09:00 AM | 0,037,1248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/18/2008 09:00 AM | 0,009,9376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[01/29/2008 12:01 PM | 0,001,6168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(hcwPP2) Hauppauge WinTV PVR PCI II ([23|25|26]xxx) [On_Demand | Running]
[09/22/2005 06:19 PM | 0,014,8608 | ---- | M] (Hauppauge Computer Works, Inc.) - C:\WINDOWS\system32\drivers\hcwPP2.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[08/12/2004 05:45 PM | 0,013,7728 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudbus.sys

(ialm) ialm [On_Demand | Running]
[10/14/2005 09:15 PM | 0,130,2812 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(IntelC51) IntelC51 [On_Demand | Running]
[03/06/2004 04:14 AM | 0,123,3525 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\IntelC51.sys

(IntelC52) IntelC52 [On_Demand | Running]
[03/06/2004 04:15 AM | 0,064,7929 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\IntelC52.sys

(IntelC53) IntelC53 [On_Demand | Running]
[06/16/2004 03:52 AM | 0,006,1157 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\IntelC53.sys

(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Auto | Running]
[10/14/2004 08:13 PM | 0,001,5781 | R--- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\drivers\mdc8021x.sys

(mohfilt) mohfilt [On_Demand | Running]
[03/06/2004 04:13 AM | 0,003,7048 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\mohfilt.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,001,7280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/20/2008 09:00 AM | 0,008,9104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.051\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/20/2008 09:00 AM | 0,087,3552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.051\NAVEX15.SYS

(nmwcd) Nokia USB Phone Parent [On_Demand | Stopped]
[02/22/2007 10:15 AM | 0,013,7216 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcd.sys

(nmwcdc) Nokia USB Generic [On_Demand | Stopped]
[02/22/2007 10:15 AM | 0,000,8320 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdc.sys

(nmwcdcj) Nokia USB Port [On_Demand | Stopped]
[02/22/2007 10:15 AM | 0,001,2288 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdcj.sys

(nmwcdcm) Nokia USB Modem [On_Demand | Stopped]
[02/22/2007 10:15 AM | 0,001,2288 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdcm.sys

(nv) nv [On_Demand | Stopped]
[08/03/2004 10:29 PM | 0,189,7408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 0,002,8544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/10/2004 05:00 AM | 0,001,7792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[06/03/2008 05:26 PM | 0,004,3528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,004,0320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,004,5312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,004,9024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(SCDEmu) SCDEmu [System | Running]
[04/09/2007 01:27 PM | 0,003,1548 | ---- | M] (PowerISO Computing, Inc.) - C:\WINDOWS\System32\drivers\scdemu.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 11:25 AM | 0,002,0480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[08/03/2004 11:07 PM | 0,004,1088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGP.SYS

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,001,9072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[01/17/2008 05:05 AM | 0,044,7024 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SRTSP) SRTSP [On_Demand | Running]
[02/01/2008 02:51 AM | 0,027,9088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[02/01/2008 02:51 AM | 0,031,7616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[02/01/2008 02:51 AM | 0,004,3696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspx.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[11/16/2005 09:36 PM | 0,104,7816 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\sthda.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,001,6256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,003,2640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(SYMDNS) SYMDNS [On_Demand | Running]
[06/13/2008 02:13 PM | 0,001,3616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/03/2008 03:27 PM | 0,012,3952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[06/13/2008 02:13 PM | 0,009,6432 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symfw.sys

(SYMIDS) SYMIDS [On_Demand | Running]
[06/13/2008 02:13 PM | 0,003,8576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symids.sys

(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[07/16/2008 07:50 PM | 0,024,0496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080813.001\SymIDSco.sys

(SymIM) Symantec Network Security Intermediate Filter Service [On_Demand | Stopped]
[06/13/2008 02:14 PM | 0,003,1280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys

(SymIMMP) SymIMMP [On_Demand | Running]
[06/13/2008 02:14 PM | 0,003,1280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys

(symlcbrd) symlcbrd [Auto | Running]
[08/31/2006 10:27 AM | 0,001,0344 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symlcbrd.sys

(SYMNDIS) SYMNDIS [On_Demand | Running]
[06/13/2008 02:13 PM | 0,003,7424 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symndis.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[06/13/2008 02:13 PM | 0,002,2320 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[06/13/2008 02:13 PM | 0,018,4240 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,002,8384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 02:07 PM | 0,003,0688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(truecrypt) truecrypt [System | Running]
[07/22/2008 09:45 AM | 0,023,5840 | ---- | M] (TrueCrypt Foundation) - C:\WINDOWS\system32\drivers\truecrypt.sys

(U81xbus) LGE U8110 driver (WDM) [On_Demand | Stopped]
[03/28/2004 07:50 PM | 0,005,2352 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xbus.sys

(U81xmdfl) LGE U8110 USB WMC Modem Filter [On_Demand | Stopped]
[03/28/2004 07:51 PM | 0,000,6064 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xmdfl.sys

(U81xmdm) LGE U8110 USB WMC Modem Driver [On_Demand | Stopped]
[03/28/2004 07:51 PM | 0,008,4480 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xmdm.sys

(U81xmgmt) LGE U8110 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[03/28/2004 07:52 PM | 0,007,7472 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xmgmt.sys

(U81xobex) LGE U8110 USB WMC OBEX Interface [On_Demand | Stopped]
[03/28/2004 07:53 PM | 0,007,5456 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\U81xobex.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 01:52 PM | 0,003,6736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

(WlanUIG) 2Wire 802.11g USB Driver [On_Demand | Stopped]
[04/08/2004 09:43 AM | 0,034,7648 | R--- | M] ( ) - C:\WINDOWS\system32\drivers\WlanUIG.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware" = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [09/08/2007 08:59 PM | 0,673,1312 | ---- | M] (GRISOFT s.r.o.)
"Adobe Photo Downloader" = "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 07:55 AM | 0,006,1440 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 0,003,4672 | ---- | M] (Adobe Systems Incorporated)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 08:37 PM | 0,005,1048 | ---- | M] (Symantec Corporation)
"DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 05:20 AM | 0,012,2940 | ---- | M] (Sonic Solutions)
"igfxhkcmd" = C:\WINDOWS\system32\hkcmd.exe [10/14/2005 08:46 PM | 0,007,7824 | ---- | M] (Intel Corporation)
"igfxpers" = C:\WINDOWS\system32\igfxpers.exe [10/14/2005 08:50 PM | 0,011,4688 | ---- | M] (Intel Corporation)
"igfxtray" = C:\WINDOWS\system32\igfxtray.exe [10/14/2005 08:49 PM | 0,009,4208 | ---- | M] (Intel Corporation)
"IntelMeM" = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [09/03/2003 08:12 PM | 0,022,1184 | ---- | M] (Intel Corporation)
"ISUSPM Startup" = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [06/10/2005 10:44 AM | 0,024,9856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/10/2005 10:44 AM | 0,008,1920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM | 0,025,7088 | ---- | M] (Apple Inc.)
"KernelFaultCheck" = %systemroot%\system32\dumprep 0 -k File not found
"MSKDetectorExe" = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"osCheck" = "C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 03:50 PM | 0,098,8512 | ---- | M] (Symantec Corporation)
"PCSuiteTrayApplication" = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [03/23/2007 01:20 PM | 0,022,7328 | ---- | M] (Nokia)
"PWRISOVM.EXE" = C:\Program Files\PowerISO\PWRISOVM.EXE [04/09/2007 01:23 PM | 0,020,0704 | ---- | M] (PowerISO Computing, Inc.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [04/27/2007 09:41 AM | 0,028,2624 | ---- | M] (Apple Inc.)
"SpeedTouch USB Diagnostics" = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon [06/06/2002 11:15 AM | 0,086,1184 | ---- | M] (THOMSON multimedia)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm" = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [02/23/2008 01:07 PM | 0,016,0592 | ---- | M] (Siber Systems)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Daddy Startup Folder - C:\Documents and Settings\Daddy\Start Menu\Programs\Startup]
[04/19/2004 05:29 PM | 0,022,1184 | ---- | M] (Mach5 Software) - C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 0,007,5128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (UberButton Class) - [05/26/2005 11:39 AM | 0,018,1352 | ---- | M] (Yahoo!) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [09/08/2005 05:20 AM | 0,011,0652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [06/30/2008 01:44 PM | 0,034,9552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
HKLM CLSID: (YahooTaggedBM Class) - [01/24/2005 09:55 AM | 0,011,5832 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\YIeTagBm.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
HKLM CLSID: (Symantec Intrusion Prevention) - [08/03/2008 12:22 AM | 0,011,6088 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [02/23/2008 01:07 PM | 0,572,2952 | ---- | M] (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 0,050,9328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
HKLM CLSID: (SidebarAutoLaunch Class) - [02/03/2005 05:07 PM | 0,012,4032 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{724d43a0-0d85-11d4-9908-00400523e39a}"
HKLM CLSID: (&RoboForm) - [02/23/2008 01:07 PM | 0,572,2952 | ---- | M] (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 0,034,9552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{724D43A0-0D85-11D4-9908-00400523E39A}"
HKLM CLSID: (&RoboForm) - [02/23/2008 01:07 PM | 0,572,2952 | ---- | M] (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 0,034,9552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"ClearRecentDocsOnExit" = 1
"NoRecentDocsMenu" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/10/2004 05:00 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 01:44 PM | 0,055,7568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/10/2004 05:00 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 05:24 PM | 0,169,4208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [01/26/2007 04:46 AM | 0,027,8528 | ---- | M] (Eastman Kodak Company)
"C:\WINDOWS\kdx\KHost.exe" = C:\WINDOWS\kdx\KHost.exe [04/03/2006 01:49 PM | 0,223,6416 | ---- | M] (Kontiki Inc.)
"C:\Program Files\KService\KService.exe" = C:\Program Files\KService\KService.exe File not found
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe [08/31/2005 05:11 PM | 0,247,8080 | ---- | M] ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [08/31/2005 05:06 PM | 0,005,3248 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 10:20 AM | 0,062,5664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe [06/21/2006 03:58 PM | 0,015,9744 | ---- | M] ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 01:44 PM | 0,055,7568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/14/2007 07:05 PM | 1,467,2448 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe [02/03/2004 01:42 PM | 0,040,1491 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE [12/11/2002 02:03 AM | 0,012,2880 | ---- | M] (SEIKO EPSON CORPORATION)
"C:\StubInstaller.exe" = C:\StubInstaller.exe [10/31/2005 04:56 PM | 0,070,0416 | ---- | M] (LimeWire)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe [09/14/2006 07:55 AM | 0,437,4528 | ---- | M] ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [05/21/2008 04:37 AM | 1,284,4576 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [08/29/2007 12:23 AM | 0,034,0856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [08/28/2007 11:43 PM | 0,102,2840 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe [02/27/2008 05:56 PM | 0,307,2184 | ---- | M] (Kontiki Inc.)
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe [09/11/2007 12:43 AM | 0,293,4688 | ---- | M] ()
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe [04/01/2008 11:40 AM | 0,017,2280 | ---- | M] (ICQ, Inc.)
"C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe" = C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [02/11/2004 05:58 PM | 0,001,6423 | ---- | M] ()

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 11:23 AM | 0,103,3216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/10/2004 05:00 AM | 0,002,4576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/10/2004 05:00 AM | 0,051,4560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/26/2007 04:34 AM | 0,846,0288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/10/2004 05:00 AM | 0,029,8496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [10/14/2005 08:45 PM | 0,013,5168 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"SDhelper" = 2
"PREVXAgent" = 2
"LiveUpdate Notice Service" = 2
"AnonMgmtSvc" = 2
"AnonAswSvc" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk File not found
"backup" = C:\WINDOWS\pss\Kodak EasyShare software.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [01/26/2007 04:46 AM | 0,027,8528 | ---- | M] (Eastman Kodak Company)
"item" = Kodak EasyShare software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk File not found
"backup" = C:\WINDOWS\pss\Kodak software updater.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [02/11/2004 05:58 PM | 0,001,6423 | ---- | M] ()
"item" = Kodak software updater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{14867E7B-46C2-4AA5-BFEF-9D453B6DADD1}]
Servers: | Description: Intel® PRO/100 VE Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{599840EA-C176-47BD-A5C6-64868C4EBD38}]
Servers: | Description: 2Wire 802.11g USB Wireless LAN Card

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5A8F8F95-1883-4C8E-87A6-82DF8BEBBB0E}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F4F53426-6AF3-420C-B8FE-1998A26B5A0D}]
Servers: | Description: 2Wire 802.11g USB Wireless LAN Card



[Files/Folders - Created Within 30 days]
[08/21/2008 11:37 PM | 5,265,36704 | -HS- | M] () - C:\hiberfil.sys
[08/02/2008 07:41 PM | ---D | C] - C:\logs3
[07/30/2008 08:07 PM | 0,001,7144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 0,003,8472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[06/19/2008 05:24 PM | 0,002,8544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[08/03/2008 03:27 PM | 0,001,0671 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[08/03/2008 03:27 PM | 0,000,0805 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.INF
[08/03/2008 03:27 PM | 0,012,3952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 0,013,9264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/10/2008 06:32 AM | ---D | C] - C:\WINDOWS\System32\N360_BACKUP
[12 C:\WINDOWS\System32\*.tmp files]
[08/03/2008 03:27 PM | 0,006,0800 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\S32EVNT1.DLL
[08/01/2008 11:35 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Anonymizer
[08/14/2008 03:11 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/05/2008 01:04 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/01/2008 11:36 AM | ---D | C] - C:\Documents and Settings\Daddy\Application Data\Anonymizer
[08/14/2008 03:11 PM | ---D | C] - C:\Documents and Settings\Daddy\Application Data\Malwarebytes
[08/15/2008 10:38 AM | ---D | C] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Cooliris
[08/14/2008 02:47 PM | ---D | C] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Mozilla
[08/18/2008 10:23 AM | ---D | C] - C:\Documents and Settings\Daddy\Local Settings\Application Data\NOS
[08/21/2008 11:27 PM | ---D | C] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Runscanner.net
[08/20/2008 10:50 PM | ---D | C] - C:\Documents and Settings\Daddy\My Documents\Erunt backup
[08/17/2008 10:46 AM | ---D | C] - C:\Documents and Settings\Daddy\My Documents\iMacros
[08/12/2008 01:38 PM | 0,109,9264 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\PLA Education Managing Teachers draft report 6th August 2008 with RS comments.DOC
[08/22/2008 02:46 PM | 0,003,3280 | -HS- | M] () - C:\Documents and Settings\Daddy\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[08/16/2008 08:15 PM | 0,001,0747 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\Ticket Refund.docx
[08/05/2008 12:35 PM | 0,001,2157 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\Trees 5.docx
[08/10/2008 10:18 AM | 0,003,5363 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\windrvNT.sys
[08/18/2008 10:22 AM | 0,000,1729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/02/2008 07:45 PM | 0,000,1840 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\BBC iPlayer Download Manager.lnk
[08/13/2008 03:06 PM | ---D | C] - C:\Documents and Settings\All Users\Desktop\Digital Photo September 2008 CD
[08/19/2008 04:12 PM | 0,000,0685 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Dynamic-Photo HDR.lnk
[08/14/2008 03:11 PM | 0,000,0696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/14/2008 02:47 PM | 0,000,1602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/03/2008 12:24 AM | 0,000,1632 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[08/15/2008 09:56 AM | 0,017,5648 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\activescan2_en.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\activescan2_en.exe:Zone.Identifier
[08/14/2008 02:58 PM | 0,005,0688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Daddy\Desktop\ATF_Cleaner(2).exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner(2).exe:Zone.Identifier
[08/14/2008 02:56 PM | 0,005,0688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Daddy\Desktop\ATF_Cleaner.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier
[08/14/2008 03:04 PM | 0,012,8368 | ---- | M] (Digital River) - C:\Documents and Settings\Daddy\Desktop\Download_mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Download_mbam-setup.exe:Zone.Identifier
[08/19/2008 04:11 PM | 0,991,6472 | ---- | M] (Mediachance ) - C:\Documents and Settings\Daddy\Desktop\dphdrtrial.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dphdrtrial.exe:Zone.Identifier
[08/21/2008 11:50 PM | 1,114,6808 | ---- | M] (Doctor Web, Ltd.) - C:\Documents and Settings\Daddy\Desktop\drweb-cureit.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\drweb-cureit.exe:Zone.Identifier
[08/22/2008 09:31 AM | 0,000,2874 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\DrWeb.csv
[08/20/2008 10:44 PM | 0,023,8440 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\eaglet.run
[08/21/2008 11:24 PM | 0,024,0376 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\eaglet1.run
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\eaglet1.run:Zone.Identifier
[08/20/2008 10:46 PM | 0,079,1393 | ---- | M] (Lars Hederer ) - C:\Documents and Settings\Daddy\Desktop\erunt-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\erunt-setup.exe:Zone.Identifier
[08/20/2008 10:48 PM | 0,000,0592 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\ERUNT.lnk
[08/14/2008 03:51 PM | 0,040,1720 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Daddy\Desktop\HiJackThis.exe
[05/19/2006 12:58 PM | 0,001,5360 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\IEFix.exe
[08/22/2008 10:52 PM | 0,001,4012 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\IEFix.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\IEFix.zip:Zone.Identifier
[08/16/2008 03:05 PM | 0,149,5112 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\Daddy\Desktop\install_flash_player.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\install_flash_player.exe:Zone.Identifier
[08/01/2008 10:49 PM | 0,020,8384 | ---- | M] (Paul McLain and Fred de Vries) - C:\Documents and Settings\Daddy\Desktop\JavaRa.exe
[08/18/2008 09:31 AM | 0,005,9632 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\JavaRa.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\JavaRa.zip:Zone.Identifier
[08/06/2008 09:30 AM | 0,000,0779 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Kremlin Encrypt.lnk
[08/06/2008 09:30 AM | 0,000,0732 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Kremlin Secure Recycle Bin.lnk
[07/06/2006 12:33 AM | 0,001,1445 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\LSPFix-source.zip
[07/05/2006 04:12 PM | 0,018,6880 | ---- | M] (CEXX.ORG) - C:\Documents and Settings\Daddy\Desktop\LSPFix.exe
[08/21/2008 11:30 PM | 0,020,1030 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\lspfix.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\lspfix.zip:Zone.Identifier
[08/14/2008 03:09 PM | 0,188,5120 | ---- | M] (Malwarebytes Corporation ) - C:\Documents and Settings\Daddy\Desktop\mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
[08/20/2008 10:52 PM | ---D | C] - C:\Documents and Settings\Daddy\Desktop\OTScanIt
[08/19/2008 01:13 PM | 0,056,8477 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\OTScanIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
[08/22/2008 10:55 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Daddy\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/18/2008 06:20 PM | 0,190,0288 | ---- | M] (Runscanner.net) - C:\Documents and Settings\Daddy\Desktop\RunScanner.exe
[08/20/2008 10:38 PM | 0,179,1702 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\runscanner.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\runscanner.zip:Zone.Identifier
[08/14/2008 11:54 AM | 0,000,0841 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Shortcut to PhotoshopElementsEditor.exe.lnk
[08/20/2007 05:18 PM | 0,000,1787 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[08/06/2008 09:30 AM | 0,000,0786 | ---- | M] () - C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\Kremlin Sentry.lnk
[08/12/2008 05:53 PM | ---D | C] - C:\Program Files\7-Zip
[08/19/2008 05:06 PM | ---D | C] - C:\Program Files\DynamicPhotoHDR
[08/20/2008 10:48 PM | ---D | C] - C:\Program Files\ERUNT
[08/06/2008 09:30 AM | ---D | C] - C:\Program Files\Mach5 Software
[08/14/2008 03:11 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/22/2008 04:45 PM | ---D | C] - C:\Program Files\Mozilla Firefox
[08/04/2008 08:38 AM | ---D | C] - C:\Program Files\Norton 360
[08/15/2008 09:57 AM | ---D | C] - C:\Program Files\Panda Security
[08/03/2008 03:27 PM | ---D | C] - C:\Program Files\Symantec
[08/03/2008 12:22 AM | ---D | C] - C:\Program Files\Windows Sidebar

[Files/Folders - Modified Within 30 days]
[08/18/2008 10:31 AM | 0,000,0209 | RHS- | M] () - C:\boot.ini
[08/22/2008 03:10 PM | ---D | M] - C:\Config.Msi
[08/21/2008 11:37 PM | 5,265,36704 | -HS- | M] () - C:\hiberfil.sys
[08/18/2008 10:34 AM | 0,005,7168 | ---- | M] () - C:\logfile
[08/02/2008 07:41 PM | ---D | M] - C:\logs3
[08/20/2008 10:48 PM | R--D | M] - C:\Program Files
[08/18/2008 03:49 PM | 0,000,0350 | ---- | M] () - C:\sccfg.sys
[08/21/2008 11:39 PM | ---D | M] - C:\WINDOWS
[07/30/2008 05:28 PM | 0,001,0537 | ---- | M] () - C:\WINDOWS\System32\drivers\coh_mon.cat
[07/30/2008 05:28 PM | 0,000,0706 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.inf
[07/30/2008 05:42 PM | 0,002,3888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\COH_Mon.sys
[07/30/2008 08:07 PM | 0,001,7144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[07/30/2008 08:07 PM | 0,003,8472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/03/2008 03:27 PM | 0,001,0671 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[08/03/2008 03:27 PM | 0,000,0805 | ---- | M] () - C:\WINDOWS\System32\drivers\SYMEVENT.INF
[08/03/2008 03:27 PM | 0,012,3952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[08/21/2008 11:38 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[12 C:\WINDOWS\System32\*.tmp files]
[08/19/2008 12:34 PM | 0,000,1324 | ---- | M] () - C:\WINDOWS\System32\d3d9caps.dat
[08/15/2008 06:28 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/15/2008 09:59 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/15/2008 08:58 AM | 0,029,4072 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/10/2008 06:32 AM | ---D | M] - C:\WINDOWS\System32\N360_BACKUP
[08/03/2008 03:27 PM | 0,006,0800 | ---- | M] (Symantec Corpo
  • 0

#18
eaglet
Posted 22 August 2008 - 04:09 PM

eaglet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OK. Still didn't work -here's the rest of it:

[08/21/2008 11:38 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[12 C:\WINDOWS\System32\*.tmp files]
[08/19/2008 12:34 PM | 0,000,1324 | ---- | M] () - C:\WINDOWS\System32\d3d9caps.dat
[08/15/2008 06:28 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/15/2008 09:59 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/15/2008 08:58 AM | 0,029,4072 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/10/2008 06:32 AM | ---D | M] - C:\WINDOWS\System32\N360_BACKUP
[08/03/2008 03:27 PM | 0,006,0800 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\S32EVNT1.DLL
[08/21/2008 11:40 PM | 0,000,2206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/14/2008 09:55 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/07/2008 05:14 AM | 0,000,4096 | ---- | M] () - C:\WINDOWS\$_hpcst$.hpc
[08/14/2008 09:42 AM | R-SD | M] - C:\WINDOWS\assembly
[08/21/2008 11:37 PM | 0,000,2048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/14/2008 09:46 AM | ---D | M] - C:\WINDOWS\Debug
[08/02/2008 11:48 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/15/2008 05:52 AM | R-SD | M] - C:\WINDOWS\Fonts
[08/14/2008 09:40 AM | ---D | M] - C:\WINDOWS\ie7updates
[07/25/2008 03:27 PM | 0,000,0428 | ---- | M] () - C:\WINDOWS\ImageCrypt.ini
[08/14/2008 09:55 AM | 0,000,1374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/15/2008 09:58 AM | -H-D | M] - C:\WINDOWS\inf
[08/22/2008 03:10 PM | -HSD | M] - C:\WINDOWS\Installer
[08/19/2008 12:48 PM | ---D | M] - C:\WINDOWS\Minidump
[08/22/2008 10:55 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/18/2008 10:31 AM | ---D | M] - C:\WINDOWS\pss
[08/21/2008 11:41 PM | ---D | M] - C:\WINDOWS\Registration
[08/18/2008 10:31 AM | 0,000,0284 | ---- | M] () - C:\WINDOWS\system.ini
[08/19/2008 12:59 PM | ---D | M] - C:\WINDOWS\system32
[08/03/2008 12:01 AM | --SD | M] - C:\WINDOWS\Tasks
[08/22/2008 10:01 PM | ---D | M] - C:\WINDOWS\Temp
[08/18/2008 10:31 AM | 0,000,1056 | ---- | M] () - C:\WINDOWS\win.ini
[08/18/2008 10:19 AM | ---D | M] - C:\WINDOWS\WinSxS
[08/21/2008 11:38 PM | 0,000,0006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/18/2008 10:23 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/01/2008 11:35 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Anonymizer
[08/14/2008 11:42 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\FLEXnet
[08/22/2008 10:55 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kontiki
[08/14/2008 03:11 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/14/2008 09:54 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Microsoft Help
[08/05/2008 01:04 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/22/2008 02:44 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[08/01/2008 11:36 AM | ---D | M] - C:\Documents and Settings\Daddy\Application Data\Anonymizer
[08/14/2008 03:11 PM | ---D | M] - C:\Documents and Settings\Daddy\Application Data\Malwarebytes
[08/14/2008 02:47 PM | ---D | M] - C:\Documents and Settings\Daddy\Application Data\Mozilla
[08/03/2008 05:37 PM | ---D | M] - C:\Documents and Settings\Daddy\Application Data\Symantec
[08/22/2008 02:43 PM | ---D | M] - C:\Documents and Settings\Daddy\Application Data\ZoomBrowser EX
[08/18/2008 10:23 AM | ---D | M] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Adobe
[08/03/2008 12:21 AM | ---D | M] - C:\Documents and Settings\Daddy\Local Settings\Application Data\ApplicationHistory
[08/15/2008 10:38 AM | ---D | M] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Cooliris
[08/22/2008 03:14 PM | 0,004,8640 | ---- | M] () - C:\Documents and Settings\Daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/19/2008 12:35 PM | 0,156,8656 | -H-- | M] () - C:\Documents and Settings\Daddy\Local Settings\Application Data\IconCache.db
[08/14/2008 02:47 PM | ---D | M] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Mozilla
[08/18/2008 10:23 AM | ---D | M] - C:\Documents and Settings\Daddy\Local Settings\Application Data\NOS
[08/21/2008 11:27 PM | ---D | M] - C:\Documents and Settings\Daddy\Local Settings\Application Data\Runscanner.net
[08/18/2008 10:13 AM | 0,709,2224 | R--- | M] () - C:\Documents and Settings\All Users\Documents\ESBK.mb
[08/18/2008 10:13 AM | 1,325,9776 | R--- | M] () - C:\Documents and Settings\All Users\Documents\ESBK.mbb
[08/22/2008 01:19 AM | ---D | M] - C:\Documents and Settings\Daddy\My Documents\Downloads
[08/22/2008 02:45 PM | ---D | M] - C:\Documents and Settings\Daddy\My Documents\Epsom Golf Club
[08/20/2008 10:50 PM | ---D | M] - C:\Documents and Settings\Daddy\My Documents\Erunt backup
[08/17/2008 10:46 AM | ---D | M] - C:\Documents and Settings\Daddy\My Documents\iMacros
[08/14/2008 04:51 PM | 0,002,9184 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\Le Mans Packing List.doc
[08/22/2008 02:42 PM | R--D | M] - C:\Documents and Settings\Daddy\My Documents\My Pictures
[08/12/2008 01:38 PM | 0,109,9264 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\PLA Education Managing Teachers draft report 6th August 2008 with RS comments.DOC
[08/22/2008 02:46 PM | 0,003,3280 | -HS- | M] () - C:\Documents and Settings\Daddy\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[08/16/2008 08:15 PM | 0,001,0747 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\Ticket Refund.docx
[08/05/2008 12:35 PM | 0,001,2157 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\Trees 5.docx
[08/10/2008 10:18 AM | 0,003,5363 | ---- | M] () - C:\Documents and Settings\Daddy\My Documents\windrvNT.sys
[08/22/2008 02:44 PM | 0,000,2300 | -H-- | M] () - C:\Documents and Settings\Daddy\My Documents\ZbThumbnail.info
[08/18/2008 10:22 AM | 0,000,1729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/02/2008 07:45 PM | 0,000,1840 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\BBC iPlayer Download Manager.lnk
[08/13/2008 03:06 PM | ---D | M] - C:\Documents and Settings\All Users\Desktop\Digital Photo September 2008 CD
[08/19/2008 04:12 PM | 0,000,0685 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Dynamic-Photo HDR.lnk
[08/14/2008 03:11 PM | 0,000,0696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/14/2008 02:47 PM | 0,000,1602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/03/2008 12:24 AM | 0,000,1632 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[08/15/2008 09:56 AM | 0,017,5648 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\activescan2_en.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\activescan2_en.exe:Zone.Identifier
[08/14/2008 02:58 PM | 0,005,0688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Daddy\Desktop\ATF_Cleaner(2).exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner(2).exe:Zone.Identifier
[08/14/2008 02:56 PM | 0,005,0688 | ---- | M] (Atribune.org) - C:\Documents and Settings\Daddy\Desktop\ATF_Cleaner.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier
[08/14/2008 03:04 PM | 0,012,8368 | ---- | M] (Digital River) - C:\Documents and Settings\Daddy\Desktop\Download_mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Download_mbam-setup.exe:Zone.Identifier
[08/19/2008 04:11 PM | 0,991,6472 | ---- | M] (Mediachance ) - C:\Documents and Settings\Daddy\Desktop\dphdrtrial.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dphdrtrial.exe:Zone.Identifier
[08/21/2008 11:50 PM | 1,114,6808 | ---- | M] (Doctor Web, Ltd.) - C:\Documents and Settings\Daddy\Desktop\drweb-cureit.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\drweb-cureit.exe:Zone.Identifier
[08/22/2008 09:31 AM | 0,000,2874 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\DrWeb.csv
[08/20/2008 10:44 PM | 0,023,8440 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\eaglet.run
[08/21/2008 11:24 PM | 0,024,0376 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\eaglet1.run
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\eaglet1.run:Zone.Identifier
[08/20/2008 10:46 PM | 0,079,1393 | ---- | M] (Lars Hederer ) - C:\Documents and Settings\Daddy\Desktop\erunt-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\erunt-setup.exe:Zone.Identifier
[08/20/2008 10:48 PM | 0,000,0592 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\ERUNT.lnk
[08/14/2008 03:51 PM | 0,040,1720 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Daddy\Desktop\HiJackThis.exe
[08/22/2008 10:52 PM | 0,001,4012 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\IEFix.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\IEFix.zip:Zone.Identifier
[08/16/2008 03:05 PM | 0,149,5112 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\Daddy\Desktop\install_flash_player.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\install_flash_player.exe:Zone.Identifier
[08/01/2008 10:49 PM | 0,020,8384 | ---- | M] (Paul McLain and Fred de Vries) - C:\Documents and Settings\Daddy\Desktop\JavaRa.exe
[08/18/2008 09:31 AM | 0,005,9632 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\JavaRa.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\JavaRa.zip:Zone.Identifier
[08/06/2008 09:30 AM | 0,000,0779 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Kremlin Encrypt.lnk
[08/06/2008 09:30 AM | 0,000,0732 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Kremlin Secure Recycle Bin.lnk
[08/21/2008 11:30 PM | 0,020,1030 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\lspfix.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\lspfix.zip:Zone.Identifier
[08/14/2008 03:09 PM | 0,188,5120 | ---- | M] (Malwarebytes Corporation ) - C:\Documents and Settings\Daddy\Desktop\mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
[08/12/2008 04:04 PM | 0,000,2483 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Microsoft PowerPoint 2007.lnk
[08/06/2008 10:07 AM | 0,000,2515 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Microsoft Word 2007.lnk
[08/20/2008 10:52 PM | ---D | M] - C:\Documents and Settings\Daddy\Desktop\OTScanIt
[08/19/2008 01:13 PM | 0,056,8477 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\OTScanIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
[08/22/2008 10:55 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Daddy\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/18/2008 06:20 PM | 0,190,0288 | ---- | M] (Runscanner.net) - C:\Documents and Settings\Daddy\Desktop\RunScanner.exe
[08/20/2008 10:38 PM | 0,179,1702 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\runscanner.zip
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\runscanner.zip:Zone.Identifier
[08/14/2008 11:54 AM | 0,000,0841 | ---- | M] () - C:\Documents and Settings\Daddy\Desktop\Shortcut to PhotoshopElementsEditor.exe.lnk
[08/22/2008 01:04 AM | ---D | M] - C:\Documents and Settings\Daddy\Desktop\Unused Desktop Shortcuts
[08/06/2008 09:30 AM | 0,000,0786 | ---- | M] () - C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\Kremlin Sentry.lnk
[08/18/2008 10:22 AM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/10/2008 03:06 AM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared
[08/21/2008 11:47 PM | ---D | M] - C:\Program Files\Common Files\Symantec Shared

< End of report >

That seems to be it.

Regards

eaglet
  • 0

#19
emeraldnzl
Posted 23 August 2008 - 01:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again eaglet,

Your machine is a bit of a conundrum.

We have cleaned some things up but your problem with Internet Explorer remains.

I have consulted with my moderator on this and we are of the opinion that the IE difficulties are not malware related.

Best shot now is to try the Tech people.

Visit them after you have followed our clean up instructions below. Tell them that you have been here and have a clean bill of health on the malware front.

We have a couple of last steps to perform and then you're all set. :)

Please go here to download OTCleanIt.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program which works well with XP:--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • SUPERAntiSpyware Free for Home Users to detect and remove spyware.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
  • Microsoft Windows Update
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#20
eaglet
Posted 23 August 2008 - 05:25 PM

eaglet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi emeraldnzl

Thanks for trying. I'll go to the Tech forum and see if they can resolve the problem. It's not just Internet Explorer though, it's affecting other programs.

Thanks also for the other info. The MVPS Hosts file and Secunia look particularly interesting.

Regards

eaglet
  • 0

#21
emeraldnzl
Posted 23 August 2008 - 06:03 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Your welcome.

Best of luck.

Cheers
emeraldnzl
  • 0

#22
Rorschach112
Posted 23 August 2008 - 06:07 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP