I don't know what happens between yesterday and now but the Downloads was not on my desktop anymore so I download and ran again here are both files:
OTViewIt logfile created on: 8/26/2008 3:48:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Sailing\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
222.48 Mb Total Physical Memory | 27.20 Mb Available Physical Memory | 12.23% Memory free
543.54 Mb Paging File | 128.98 Mb Available in Paging File | 23.73% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.00 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OCT2005
Current User Name: Sailing
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
===== Processes - Non-Microsoft Only =====
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[07/09/2008 07:27 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[02/09/2008 08:06 PM | 00,238,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[07/06/2008 05:31 PM | 01,245,064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[08/25/2008 10:51 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/26/2008 03:43 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Sailing\Desktop\Downloads\OTViewIt.exe
===== Win32 Services - Non-Microsoft Only =====
(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[07/09/2008 07:27 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(Apple Mobile Device) Apple Mobile Device [Disabled | Stopped]
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Ati HotKey Poller) Ati HotKey Poller [Disabled | Stopped]
[04/11/2005 09:31 AM | 00,360,448 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running]
[02/09/2008 08:06 PM | 00,238,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(ccEvtMgr) Symantec Event Manager [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(ccSetMgr) Symantec Settings Manager [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(comHost) COM Host [On_Demand | Stopped]
[08/22/2007 04:21 AM | 00,055,640 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 08:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe
(hpqwmi) HP WMI Interface [Disabled | Stopped]
[03/04/2005 03:16 PM | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\HPQ\Shared\hpqwmi.exe
(iPod Service) iPod Service [Disabled | Stopped]
[01/15/2008 04:22 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
(LightScribeService) LightScribeService Direct Disc Labeling Service [Disabled | Stopped]
[02/22/2005 07:32 PM | 00,038,912 | ---- | M] () - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[08/04/2008 11:20 AM | 03,220,856 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
(LiveUpdate Notice) LiveUpdate Notice [Auto | Running]
[01/25/2008 09:47 PM | 00,149,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Core LC) Symantec Core LC [On_Demand | Running]
[07/06/2008 05:31 PM | 01,245,064 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped]
[01/29/2008 04:09 PM | 00,394,704 | ---- | M] (Symantec, Inc.) - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
===== Driver Services - Non-Microsoft Only =====
(AliIde) AliIde [Boot | Running]
[08/17/2001 11:51 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys
(AmdK8) AMD Processor Driver [System | Running]
[08/11/2004 07:30 PM | 00,039,424 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys
(ati2mtag) ati2mtag [On_Demand | Running]
[04/11/2005 09:33 AM | 01,035,264 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys
(BCM43XX) Broadcom 802.11 Network Adapter Driver [On_Demand | Running]
[03/10/2005 05:41 AM | 00,371,712 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\BCMWL5.SYS
(BTWUSB) WIDCOMM USB Bluetooth Driver [On_Demand | Stopped]
[01/18/2005 12:52 PM | 00,055,320 | ---- | M] (Broadcom Corporation.) - C:\WINDOWS\system32\drivers\btwusb.sys
(CAMCAUD) Conexant AMC Audio [On_Demand | Running]
[02/18/2005 11:41 AM | 00,038,016 | ---- | M] (Conexant Systems Inc.) - C:\WINDOWS\system32\drivers\camc6aud.sys
(CAMCHALA) CAMCHALA [On_Demand | Running]
[02/18/2005 11:42 AM | 00,349,696 | ---- | M] (Conexant Systems Inc.) - C:\WINDOWS\system32\drivers\camc6hal.sys
(COH_Mon) COH_Mon [On_Demand | Stopped]
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\COH_Mon.sys
(CO_Mon) CO_Mon [Auto | Running]
[08/08/2007 08:39 PM | 00,036,056 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\CO_Mon.sys
(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 02:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys
(dmio) dmio [Disabled | Stopped]
[04/13/2008 02:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys
(dmload) dmload [Disabled | Stopped]
[08/04/2004 04:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys
(eabfiltr) eabfiltr [System | Running]
[04/14/2004 10:36 AM | 00,007,432 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\eabfiltr.sys
(eabusb) eabusb [On_Demand | Stopped]
[06/06/2003 02:46 PM | 00,005,220 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\EabUsb.sys
(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/20/2008 04:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/20/2008 04:00 AM | 00,099,376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[09/19/2006 02:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
(HSFHWATI) HSFHWATI [On_Demand | Running]
[12/15/2004 11:18 AM | 00,200,192 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWATI.sys
(HSF_DP) HSF_DP [On_Demand | Running]
[12/15/2004 11:18 AM | 01,038,208 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys
(MCSTRM) MCSTRM [Auto | Running]
[06/15/2007 02:59 PM | 00,008,413 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\drivers\mcstrm.sys
(mdmxsdk) mdmxsdk [Auto | Running]
[03/17/2004 07:04 AM | 00,013,059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys
(NAVENG) NAVENG [On_Demand | Running]
[08/23/2008 04:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080824.021\NAVENG.SYS
(NAVEX15) NAVEX15 [On_Demand | Running]
[08/23/2008 04:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080824.021\NAVEX15.SYS
(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 04:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys
(PxHelp20) PxHelp20 [Boot | Running]
[01/26/2005 05:03 AM | 00,020,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Running]
[03/03/2005 03:10 PM | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys
(Secdrv) Secdrv [Auto | Running]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys
(SMCIRDA) SMC IrCC Miniport Device Driver [On_Demand | Stopped]
[08/17/2001 03:10 PM | 00,035,913 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys
(SPBBCDrv) SPBBCDrv [System | Running]
[01/17/2008 12:05 AM | 00,447,024 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
(SRTSP) SRTSP [On_Demand | Running]
[01/31/2008 09:51 PM | 00,279,088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtsp.sys
(SRTSPL) SRTSPL [On_Demand | Stopped]
[01/31/2008 09:51 PM | 00,317,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspl.sys
(SRTSPX) SRTSPX [System | Running]
[01/31/2008 09:51 PM | 00,043,696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspx.sys
(SYMDNS) SYMDNS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,013,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symdns.sys
(SymEvent) SymEvent [On_Demand | Running]
[07/06/2008 06:22 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
(SYMFW) SYMFW [On_Demand | Running]
[06/13/2008 02:13 PM | 00,096,432 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symfw.sys
(SYMIDS) SYMIDS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,038,576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symids.sys
(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[03/20/2008 04:37 PM | 00,240,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080818.001\SymIDSCo.sys
(SymIM) Symantec Network Security Intermediate Filter Service [On_Demand | Stopped]
[06/13/2008 02:14 PM | 00,031,280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys
(SymIMMP) SymIMMP [On_Demand | Running]
[06/13/2008 02:14 PM | 00,031,280 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SymIM.sys
(SYMNDIS) SYMNDIS [On_Demand | Running]
[06/13/2008 02:13 PM | 00,037,424 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symndis.sys
(SYMREDRV) SYMREDRV [On_Demand | Running]
[06/13/2008 02:13 PM | 00,022,320 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys
(SYMTDI) SYMTDI [System | Running]
[06/13/2008 02:13 PM | 00,184,240 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys
(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[02/02/2005 07:58 AM | 00,191,456 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys
(tifm21) tifm21 [On_Demand | Stopped]
[03/16/2005 08:43 AM | 00,159,488 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys
(winachsf) winachsf [On_Demand | Running]
[12/15/2004 11:18 AM | 00,703,232 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
===== Run Keys =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 09:47 PM | 00,051,048 | ---- | M] (Symantec Corporation)
"osCheck" = "C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 02:49 AM | 00,718,704 | ---- | M] (Symantec Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.
===== Startup Folders =====
[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[Sailing Startup Folder - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup]
[10/20/2005 12:04 PM | 00,038,912 | ---- | M] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
===== BHO's =====
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 05:17 PM | 00,054,248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [08/14/2008 01:39 PM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
HKLM CLSID: (Symantec Intrusion Prevention) - [07/06/2008 05:34 PM | 00,116,088 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
===== Toolbars =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Show Norton Toolbar) - [06/30/2008 01:44 PM | 00,349,552 | ---- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
===== Policies =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!
===== Desktop Components =====
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
===== Shared Task Scheduler =====
===== AppInit_Dlls =====
===== Lsa Authentication Packages =====
===== Lsa Security Packages =====
===== Authorized Applications List =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe File not found
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [01/15/2008 04:22 AM | 19,926,824 | ---- | M] (Apple Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe File not found
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
===== HKLM Winlogon Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
===== User's Winlogon Settings =====
===== Winlogon Notify Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [04/11/2005 09:31 AM | 00,046,080 | ---- | M] (ATI Technologies Inc.)
===== Safeboot Options =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
===== Disabled MsConfig Items =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"WMPNetworkSvc" = 3
"LightScribeService" = 2
"iPod Service" = 3
"hpqwmi" = 3
"gusvc" = 3
"Ati HotKey Poller" = 2
"Apple Mobile Device" = 2
"aawservice" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk File not found
"backup" = C:\WINDOWS\pss\Microsoft Office.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Microsoft Office\Office\OSA9.EXE [02/17/1999 04:05 PM | 00,065,588 | ---- | M] (Microsoft Corporation)
"item" = Microsoft Office
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" =
"hkey" = HKCU
"command" =
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = atiptaxx
"hkey" = HKLM
"command" = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [04/11/2005 01:00 PM | 00,339,968 | ---- | M] (ATI Technologies, Inc.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cpqset]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = cpqset
"hkey" = HKLM
"command" = C:\Program Files\HPQ\Default Settings\Cpqset.exe [02/17/2005 05:01 PM | 00,233,534 | ---- | M] ()
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\ctfmon.exe [04/13/2008 08:12 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKCU
"command" = C:\WINDOWS\system32\ctfmon.exe [04/13/2008 08:12 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eabconfg.cpl]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = EabServr
"hkey" = HKLM
"command" = C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe [12/03/2004 04:24 PM | 00,290,816 | ---- | M] (Hewlett-Packard )
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HPWuSchd2
"hkey" = HKLM
"command" = C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe [02/16/2005 11:11 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpWirelessAssistant]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HP Wireless Assistant
"hkey" = HKLM
"command" = C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [04/01/2005 06:11 PM | 00,794,624 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = ISUSPM
"hkey" = HKLM
"command" = C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [07/27/2004 07:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = issch
"hkey" = HKLM
"command" = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [07/27/2004 07:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [01/15/2008 04:22 AM | 00,267,048 | ---- | M] (Apple Inc.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LSBWatcher]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = lsburnwatcher
"hkey" = HKLM
"command" = c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [10/14/2004 04:54 PM | 00,253,952 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [04/13/2008 08:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = QTTask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [01/10/2008 04:27 PM | 00,385,024 | ---- | M] (Apple Inc.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = TeaTimer
"hkey" = HKCU
"command" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = jusched
"hkey" = HKLM
"command" = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [03/04/2005 06:36 AM | 00,036,975 | ---- | M] (Sun Microsystems, Inc.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPEnh
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [02/02/2005 08:11 AM | 00,692,316 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPLpr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPLpr
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [02/02/2005 08:12 AM | 00,102,492 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [06/15/2007 01:56 PM | 00,185,784 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = dumprep 0 -u
"hkey" = HKLM
"command" = %systemroot%\system32\dumprep 0 -u
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 1
===== DNS Name Servers =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C70CEC3D-FEE7-4640-B4E9-FDB4A18D353B}]
Servers: | Description: Broadcom 802.11b/g WLAN
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FC0011C8-2F6F-4CDD-B1EE-1DAD02C7174B}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC
===== CDRom AutoRun Settings =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
===== MountPoints2 =====
===== Hosts File =====
HOSTS File = (261973 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 www.miosearch.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com
[Files/Folders - Created Within 30 days]
[08/19/2008 12:31 PM | 00,000,164 | ---- | C] () - C:\install.dat
[04/13/2008 02:36 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[04/13/2008 02:36 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[04/13/2008 08:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 08:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 08:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 08:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 08:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 08:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 08:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 08:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 08:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 08:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 08:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 08:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 08:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 08:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 08:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[04/13/2008 12:36 PM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2004 11:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 11:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 11:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 11:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 11:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 11:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 11:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 11:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 11:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 11:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 11:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 11:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 11:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 11:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 11:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 11:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 11:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 11:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 11:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 11:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 11:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 11:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 11:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 11:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 11:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 11:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 11:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 11:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 11:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 11:29 PM | 01,897,408 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\drivers\nv4_mini.sys
[08/03/2004 11:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 11:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 11:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 11:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 11:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 11:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 11:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 11:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 11:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2004 11:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 11:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[3 C:\WINDOWS\System32\*.tmp files]
[04/13/2008 08:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/13/2008 08:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[04/13/2008 08:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/13/2008 08:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/13/2008 08:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/13/2008 08:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[04/13/2008 08:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/13/2008 08:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/13/2008 08:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/13/2008 08:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/13/2008 08:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/13/2008 08:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/13/2008 08:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[04/13/2008 08:12 PM | 04,274,816 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\nv4_disp.dll
[08/20/2008 09:28 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/20/2008 09:28 PM | ---D | C] - C:\WINDOWS\System32\en
[08/20/2008 09:29 PM | ---D | C] - C:\WINDOWS\System32\scripting
[09/17/2007 04:48 AM | 00,001,261 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[2 C:\WINDOWS\*.tmp files]
[04/13/2008 08:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[08/20/2008 06:18 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/20/2008 09:00 PM | ---D | C] - C:\WINDOWS\EHome
[08/20/2008 09:07 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 09:29 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/20/2008 09:30 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/25/2008 11:48 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/20/2008 05:29 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/14/2008 09:27 PM | 00,000,182 | ---- | C] () - C:\Documents and Settings\Sailing\Application Data\wklnhst.dat
[08/14/2008 09:27 PM | ---D | C] - C:\Documents and Settings\Sailing\Application Data\Template
[08/20/2008 05:30 PM | ---D | C] - C:\Documents and Settings\Sailing\Application Data\Malwarebytes
[08/17/2008 04:54 PM | 00,000,313 | ---- | C] () - C:\Documents and Settings\Sailing\My Documents\My Documents.lnk
[08/20/2008 05:29 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/20/2008 05:23 PM | 00,000,592 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\ERUNT.lnk
[08/20/2008 10:33 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\HijackThis.lnk
[08/25/2008 11:50 PM | 00,000,933 | ---- | C] () - C:\Documents and Settings\Sailing\Desktop\Spybot - Search & Destroy.lnk
[08/26/2008 03:43 PM | ---D | C] - C:\Documents and Settings\Sailing\Desktop\Downloads
[08/20/2008 05:23 PM | 00,000,767 | ---- | C] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/20/2008 05:28 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/17/2008 03:44 PM | ---D | C] - C:\Program Files\Alwil Software
[08/19/2008 12:34 PM | ---D | C] - C:\Program Files\AskSBar
[08/20/2008 05:23 PM | ---D | C] - C:\Program Files\ERUNT
[08/20/2008 05:29 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/20/2008 10:33 PM | ---D | C] - C:\Program Files\Trend Micro
[Files/Folders - Modified Within 30 days]
[08/19/2008 03:31 PM | ---D | M] - C:\Documents and Settings
[08/19/2008 12:31 PM | 00,000,164 | ---- | M] () - C:\install.dat
[08/20/2008 05:11 PM | -HSD | M] - C:\System Volume Information
[08/20/2008 09:11 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/20/2008 10:33 PM | R--D | M] - C:\Program Files
[08/25/2008 11:41 PM | 23,336,1408 | -HS- | M] () - C:\hiberfil.sys
[08/25/2008 11:44 PM | ---D | M] - C:\WINDOWS
[07/28/2008 03:33 PM | 00,257,052 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080815-163150.backup
[08/19/2008 01:08 PM | 00,260,525 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080823-143411.backup
[08/23/2008 02:34 PM | 00,261,973 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080826-000148.backup
[08/26/2008 12:01 AM | 00,261,973 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[07/30/2008 05:28 PM | 00,000,706 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.inf
[07/30/2008 05:28 PM | 00,010,537 | ---- | M] () - C:\WINDOWS\System32\drivers\coh_mon.cat
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\COH_Mon.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/26/2008 12:01 AM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[3 C:\WINDOWS\System32\*.tmp files]
[08/17/2008 03:46 PM | ---D | M] - C:\WINDOWS\System32\config
[08/17/2008 11:34 PM | 00,002,577 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/20/2008 09:08 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[08/20/2008 09:20 PM | ---D | M] - C:\WINDOWS\System32\oobe
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\Com
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\npp
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\System32\bits
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\System32\en
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\en-US
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\System32\usmt
[08/20/2008 10:04 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\Setup
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/20/2008 10:10 PM | 00,252,680 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/20/2008 10:21 PM | 00,053,166 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/20/2008 10:21 PM | 00,380,918 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/20/2008 10:21 PM | 00,439,376 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/21/2008 07:30 PM | 00,000,004 | ---- | M] () - C:\WINDOWS\System32\9E3A79
[08/21/2008 07:30 PM | 00,870,128 | ---- | M] () - C:\WINDOWS\System32\mcs.rma
[08/22/2008 06:38 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 11:17 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/25/2008 11:45 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[2 C:\WINDOWS\*.tmp files]
[08/13/2008 09:14 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/19/2008 03:31 PM | --SD | M] - C:\WINDOWS\Tasks
[08/19/2008 12:39 PM | 00,000,715 | ---- | M] () - C:\WINDOWS\win.ini
[08/20/2008 06:18 PM | ---D | M] - C:\WINDOWS\ERDNT
[08/20/2008 07:34 PM | ---D | M] - C:\WINDOWS\SoftwareDistribution
[08/20/2008 07:43 PM | ---D | M] - C:\WINDOWS\Debug
[08/20/2008 09:00 PM | ---D | M] - C:\WINDOWS\EHome
[08/20/2008 09:07 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/20/2008 09:19 PM | ---D | M] - C:\WINDOWS\system
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\msagent
[08/20/2008 09:21 PM | ---D | M] - C:\WINDOWS\srchasst
[08/20/2008 09:28 PM | ---D | M] - C:\WINDOWS\PeerNet
[08/20/2008 09:28 PM | -HSD | M] - C:\WINDOWS\Installer
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\Help
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\ime
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/20/2008 09:29 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/20/2008 09:30 PM | ---D | M] - C:\WINDOWS\ServicePackFiles
[08/20/2008 09:30 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/20/2008 10:05 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/20/2008 10:09 PM | ---D | M] - C:\WINDOWS\security
[08/20/2008 10:09 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/21/2008 11:18 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/22/2008 06:38 AM | ---D | M] - C:\WINDOWS\system32
[08/22/2008 06:39 AM | -H-D | M] - C:\WINDOWS\inf
[08/25/2008 11:42 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/25/2008 11:48 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 03:40 PM | ---D | M] - C:\WINDOWS\Temp
[08/25/2008 11:43 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/04/2008 06:13 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/20/2008 05:29 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 01:40 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google
[08/26/2008 12:02 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/14/2008 09:27 PM | 00,000,182 | ---- | M] () - C:\Documents and Settings\Sailing\Application Data\wklnhst.dat
[08/14/2008 09:27 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Template
[08/20/2008 05:30 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Malwarebytes
[08/25/2008 10:52 PM | ---D | M] - C:\Documents and Settings\Sailing\Application Data\Mozilla
[08/17/2008 04:54 PM | 00,000,313 | ---- | M] () - C:\Documents and Settings\Sailing\My Documents\My Documents.lnk
[08/23/2008 01:09 PM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\Finance
[08/26/2008 09:18 AM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My Downloads
[08/26/2008 09:18 AM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My Library
[08/26/2008 09:57 AM | ---D | M] - C:\Documents and Settings\Sailing\My Documents\My eBooks
[08/20/2008 05:29 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/09/2008 11:34 AM | 00,002,485 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\eReader.lnk
[08/20/2008 05:23 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\ERUNT.lnk
[08/20/2008 10:33 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\HijackThis.lnk
[08/25/2008 11:50 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\Spybot - Search & Destroy.lnk
[08/26/2008 03:43 PM | ---D | M] - C:\Documents and Settings\Sailing\Desktop\Downloads
[08/26/2008 09:20 AM | 00,002,523 | ---- | M] () - C:\Documents and Settings\Sailing\Desktop\Mobipocket Reader.lnk
[08/20/2008 05:23 PM | 00,000,767 | ---- | M] () - C:\Documents and Settings\Sailing\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/20/2008 05:28 PM | ---D | M] - C:\Program Files\Common Files\Download Manager
[08/20/2008 09:20 PM | ---D | M] - C:\Program Files\Common Files\System
[08/26/2008 01:23 AM | ---D | M] - C:\Program Files\Common Files\Symantec Shared
< End of report >
OTViewIt Extras logfile created on: 8/26/2008 3:48:55 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Sailing\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
222.48 Mb Total Physical Memory | 27.20 Mb Available Physical Memory | 12.23% Memory free
543.54 Mb Paging File | 128.98 Mb Available in Paging File | 23.73% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.00 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
===== File Associations =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [08/25/2008 10:51 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -
===== Uninstall List =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{1BC21146-767D-427D-BC91-2AB88B5ECE73}" = eReader
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D0C9C350-C5C7-443A-BAE1-EF1ED58C9EFC}" = SymNet
"{D6E6FA4A-5445-4850-
This topic is locked
Sign In
Create Account
