Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

adware or something [RESOLVED]


  • This topic is locked This topic is locked

#1
lourider

lourider

    Member

  • Member
  • PipPip
  • 23 posts
Hello, I have a little problem. I cant seem to get rid of this adware, I think that is what it is. I keep getting pop ups saying there is a windows security alert and it when ever I click enable protection it takes me to a web site so i can download "pc antispy" and other programs. When ever I run the malwarebytes program it never comes up with anything and I'm running my virus scan now. When that gets done I will run and post a hijack this. I'm attaching a pic I took of the pop up. And the name that shows up changes everytime.

Attached Files


Edited by lourider, 21 August 2008 - 03:01 PM.

  • 0

Advertisements


#2
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is my hijack this log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:29 PM, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\UGS\UGSLicensing\ugslmd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wrqvwzcl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070627
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070627
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070627
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ComSmartUtil] C:\WINDOWS\system32\wrqvwzcl.exe
O4 - HKCU\..\Policies\Explorer\Run: [NUAlHgD0xj] C:\Documents and Settings\Chris H\Desktop\AdobeFlashPlayerHD.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/im...r/SysProExe.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O21 - SSODL: ComSysApi - {75A9F748-CB85-2AE9-3C90-07D1BCB56D0F} - C:\Program Files\lrfhikg\ComSysApi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11336 bytes
  • 0

#3
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
bump
  • 0

#4
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Posting more than once in a thread can cause your topic to be overlooked as Helpers usually look for threads without any replies first.

Please read this thread which will give instructions for help when your topic is at least three days old and you haven't received help.
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello and welcome to GTG..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#6
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I already ran the mbam program and it came up with a bunch of stuff but now it comes up with nothing. Here is the log of the scan i just did.


Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 3

8:49:38 PM 8/25/2008
mbam-log-08-25-2008 (20-49-38).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 143387
Time elapsed: 1 hour(s), 44 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 60 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

  • 0

#8
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the OTViewIT.txt

OTViewIt logfile created on: 8/25/2008 9:44:44 PM - Run 4
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Chris H\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.97% Memory free
3.35 Gb Paging File | 2.82 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 77.89 Gb Free Space | 69.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 177.28 Gb Free Space | 38.06% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris H
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[11/22/2006 05:35 PM | 00,020,480 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE
[11/22/2006 05:32 PM | 01,253,376 | ---- | M] (Dell Inc.) - C:\WINDOWS\system32\BCMWLTRY.EXE
[08/19/2008 03:25 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[09/05/2006 10:09 AM | 00,315,392 | ---- | M] (Wave Systems Corp.) - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
[11/17/2006 01:37 PM | 00,104,000 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[11/30/2006 08:50 AM | 00,054,872 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
[11/17/2006 01:40 PM | 00,136,768 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[02/20/2007 12:24 PM | 00,475,136 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[01/19/2006 08:14 AM | 00,143,428 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[05/11/2007 02:09 AM | 01,050,120 | ---- | M] (O&O Software GmbH) - C:\WINDOWS\system32\oodag.exe
[08/06/2007 12:12 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
[06/12/2006 10:01 AM | 00,180,224 | ---- | M] () - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
[02/02/2007 11:02 AM | 01,327,104 | R--- | M] (Macrovision Corporation) - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
[02/02/2007 11:02 AM | 01,327,104 | R--- | M] (Macrovision Corporation) - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
[02/02/2007 11:02 AM | 01,396,736 | R--- | M] () - C:\Program Files\UGS\UGSLicensing\ugslmd.exe
[10/07/2005 12:13 PM | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\Apoint.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[11/22/2006 05:35 PM | 01,392,640 | ---- | M] (Dell Inc.) - C:\WINDOWS\system32\WLTRAY.EXE
[06/28/2004 09:56 PM | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\hidfind.exe
[07/27/2005 02:41 PM | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\ApntEx.exe
[03/24/2006 04:30 PM | 00,282,624 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\stsystra.exe
[09/08/2006 08:32 AM | 00,102,400 | ---- | M] (Wave Systems Corp.) - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
[12/09/2005 08:29 PM | 00,049,152 | ---- | M] (CyberLink Corp.) - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[09/08/2005 05:20 AM | 00,122,940 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[07/27/2004 04:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[11/30/2006 08:50 AM | 00,112,216 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[11/17/2006 01:39 PM | 00,136,768 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[11/17/2006 03:06 AM | 00,086,016 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\Mctray.exe
[10/29/2003 02:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Program Files\Digital Line Detect\DLG.exe
[11/18/2005 05:46 PM | 01,724,416 | ---- | M] (TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[08/25/2006 09:45 AM | 00,192,512 | ---- | M] (Wave Systems Corp.) - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
[05/02/2008 02:44 AM | 00,805,392 | ---- | M] (Logitech, Inc.) - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[08/17/2005 09:59 AM | 00,290,816 | ---- | M] (TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
[08/16/2005 10:11 PM | 00,065,536 | ---- | M] (TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
[12/03/2005 02:23 AM | 00,217,088 | ---- | M] (TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
[05/02/2008 02:40 AM | 00,076,304 | ---- | M] (Logitech, Inc.) - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
[02/06/2006 11:00 PM | 00,311,296 | ---- | M] (TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
[12/04/2005 11:50 PM | 02,134,016 | ---- | M] (TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
[12/11/2007 01:00 AM | 01,873,280 | ---- | M] (Cerulean Studios) - C:\Program Files\Trillian\trillian.exe
[11/30/2006 08:50 AM | 00,144,960 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
[08/25/2008 09:43 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Chris H\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Lavasoft Ad-Aware Service [Auto | Running]
[08/19/2008 03:25 PM | 00,611,664 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

(Autodesk Licensing Service) Autodesk Licensing Service [On_Demand | Stopped]
[10/12/2007 10:12 PM | 00,077,944 | ---- | M] (Autodesk) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

(Bluetooth Hid Switch Service) Bluetooth Hid Switch Service [Disabled | Stopped]
[08/30/2005 05:36 PM | 00,188,416 | ---- | M] (Cambridge Silicon Radio) - C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(DataSvr2) DataSvr2 [Auto | Running]
[09/05/2006 10:09 AM | 00,315,392 | ---- | M] (Wave Systems Corp.) - C:\Program Files\Wave Systems Corp\Common\DataServer.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 07:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[05/10/2008 03:07 PM | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(LBTServ) Logitech Bluetooth Service [On_Demand | Stopped]
[05/02/2008 02:42 AM | 00,121,360 | ---- | M] (Logitech, Inc.) - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

(McAfeeFramework) McAfee Framework Service [Unknown | Running]
[11/17/2006 01:37 PM | 00,104,000 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

(McShield) McAfee McShield [Unknown | Running]
[11/30/2006 08:50 AM | 00,144,960 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

(McTaskManager) McAfee Task Manager [Unknown | Running]
[11/30/2006 08:50 AM | 00,054,872 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

(NICCONFIGSVC) NICCONFIGSVC [Auto | Running]
[02/20/2007 12:24 PM | 00,475,136 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[01/19/2006 08:14 AM | 00,143,428 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(O&O Defrag) O&O Defrag [Auto | Running]
[05/11/2007 02:09 AM | 01,050,120 | ---- | M] (O&O Software GmbH) - C:\WINDOWS\system32\oodag.exe

(Pml Driver HPZ12) Pml Driver HPZ12 [On_Demand | Stopped]
[08/11/2003 03:07 AM | 00,065,795 | ---- | M] (HP) - C:\WINDOWS\system32\hpzipm12.exe

(PnkBstrA) PnkBstrA [Auto | Running]
[08/06/2007 12:12 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe

(tcsd_win32.exe) NTRU Hybrid TSS v2.0.25 TCS [Auto | Running]
[06/12/2006 10:01 AM | 00,180,224 | ---- | M] () - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

(UGS License Server (ugslmd)) UGS License Server (ugslmd) [Auto | Running]
[02/02/2007 11:02 AM | 01,327,104 | R--- | M] (Macrovision Corporation) - C:\Program Files\UGS\UGSLicensing\lmgrd.exe

(wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running]
[11/22/2006 05:35 PM | 00,020,480 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE

===== Driver Services - Non-Microsoft Only =====

(AFS2K) AFS2K [System | Running]
[10/07/2004 08:16 PM | 00,035,840 | ---- | M] (Oak Technology Inc.) - C:\WINDOWS\System32\drivers\AFS2K.SYS

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 01:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[04/13/2008 01:36 PM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\amdagp.sys

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [On_Demand | Running]
[09/28/2005 06:57 PM | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) - C:\WINDOWS\system32\drivers\Apfiltr.sys

(APPDRV) APPDRV [System | Running]
[08/12/2005 04:50 PM | 00,016,128 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\APPDRV.SYS

(asc) asc [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 01:51 PM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(Aspi32) Aspi32 [Auto | Running]
[07/16/2004 03:24 AM | 00,016,512 | ---- | M] (Adaptec) - C:\WINDOWS\system32\drivers\ASPI32.SYS

(atksgt) atksgt [Auto | Running]
[12/19/2007 06:33 PM | 00,278,984 | ---- | M] () - C:\WINDOWS\system32\drivers\atksgt.sys

(b57w2k) Broadcom NetXtreme Gigabit Ethernet [On_Demand | Running]
[11/10/2005 09:25 AM | 00,142,720 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\b57xp32.sys

(BCM43XX) Dell Wireless WLAN Card Driver [On_Demand | Running]
[11/22/2006 05:34 PM | 00,604,928 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\BCMWL5.SYS

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 01:51 PM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(DLABOIOM) DLABOIOM [Auto | Running]
[09/08/2005 05:20 AM | 00,025,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS

(DLACDBHM) DLACDBHM [System | Running]
[08/25/2005 12:16 PM | 00,005,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS

(DLADResN) DLADResN [Auto | Running]
[09/08/2005 05:20 AM | 00,002,496 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLADResN.SYS

(DLAIFS_M) DLAIFS_M [Auto | Running]
[09/08/2005 05:20 AM | 00,086,524 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

(DLAOPIOM) DLAOPIOM [Auto | Running]
[09/08/2005 05:20 AM | 00,014,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

(DLAPoolM) DLAPoolM [Auto | Running]
[09/08/2005 05:20 AM | 00,006,364 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS

(DLARTL_N) DLARTL_N [System | Running]
[08/25/2005 12:16 PM | 00,022,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLARTL_N.SYS

(DLAUDFAM) DLAUDFAM [Auto | Running]
[09/08/2005 05:20 AM | 00,094,332 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

(DLAUDF_M) DLAUDF_M [Auto | Running]
[09/08/2005 05:20 AM | 00,087,036 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 01:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 01:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/04/2004 05:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DRVMCDB) DRVMCDB [Boot | Running]
[09/12/2005 03:30 AM | 00,089,264 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS

(DRVNDDM) DRVNDDM [Auto | Running]
[08/12/2005 05:20 AM | 00,040,544 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS

(DSproct) DSproct [On_Demand | Stopped]
[01/10/2006 11:07 AM | 00,004,864 | ---- | M] (GTek Technologies Ltd.) - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 12:12 PM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(ElbyCDIO) ElbyCDIO Driver [System | Running]
[08/07/2007 02:48 PM | 00,025,160 | ---- | M] (Elaborate Bytes AG) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys

(ElbyDelay) ElbyDelay [On_Demand | Running]
[02/15/2007 07:56 PM | 00,011,984 | ---- | M] (Elaborate Bytes AG) - C:\WINDOWS\system32\drivers\ElbyDelay.sys

(GTKCMOS) GTKCMOS [On_Demand | Stopped]
[06/15/2004 02:55 PM | 00,007,882 | ---- | M] (Gteko Ltd.) - C:\WINDOWS\system32\GTKCMOS.sys

(guardian2) guardian2 [On_Demand | Running]
[01/28/2007 02:23 PM | 00,061,312 | ---- | M] (O2Micro) - C:\WINDOWS\system32\drivers\oz776.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[04/13/2008 11:36 AM | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\hdaudbus.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running]
[06/22/2004 08:05 AM | 00,051,088 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\hpzid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running]
[06/22/2004 08:05 AM | 00,016,496 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running]
[06/22/2004 08:05 AM | 00,021,744 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(HSF_DPV) HSF_DPV [On_Demand | Running]
[12/01/2005 12:40 AM | 00,936,960 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSX_DPV.sys

(HSXHWAZL) HSXHWAZL [On_Demand | Running]
[12/01/2005 12:40 AM | 00,192,512 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSXHWAZL.sys

(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [On_Demand | Running]
[02/29/2008 03:13 AM | 00,035,344 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidFilt.Sys

(lirsgt) lirsgt [Auto | Running]
[12/19/2007 06:33 PM | 00,025,416 | ---- | M] () - C:\WINDOWS\system32\drivers\lirsgt.sys

(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [On_Demand | Running]
[02/29/2008 03:13 AM | 00,036,880 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouFilt.Sys

(mdmxsdk) mdmxsdk [Auto | Running]
[10/04/2005 09:57 PM | 00,012,544 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(mfeapfk) McAfee Inc. [On_Demand | Running]
[11/30/2006 08:50 AM | 00,064,360 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfeapfk.sys

(mfeavfk) McAfee Inc. [On_Demand | Running]
[11/30/2006 08:50 AM | 00,072,264 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfeavfk.sys

(mfebopk) McAfee Inc. [On_Demand | Running]
[11/30/2006 08:50 AM | 00,034,152 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfebopk.sys

(mfehidk) McAfee Inc. [On_Demand | Running]
[11/30/2006 08:50 AM | 00,168,776 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfehidk.sys

(mferkdk) VSCore mferkdk [System | Running]
[11/30/2006 08:50 AM | 00,031,944 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys

(mfetdik) McAfee Inc. [System | Running]
[11/30/2006 08:50 AM | 00,052,136 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfetdik.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(nv) nv [On_Demand | Running]
[01/19/2006 08:14 AM | 03,595,296 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(PBADRV) PBADRV [Boot | Running]
[12/09/2005 03:35 PM | 00,018,816 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\PBADRV.sys

(pcouffin) VSO Software pcouffin [On_Demand | Running]
[11/06/2007 03:56 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 05:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[05/22/2008 05:22 PM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(SDDMI2) SDDMI2 [On_Demand | Stopped]
[06/09/2004 08:29 AM | 00,006,977 | ---- | M] (Gteko Ltd.) - C:\WINDOWS\system32\DDMI2.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(Sentinel) Sentinel [Auto | Running]
[06/22/2001 06:39 AM | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) - C:\WINDOWS\system32\drivers\sentinel.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[04/13/2008 01:36 PM | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\sisagp.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(sptd) sptd [Boot | Running]
[12/26/2007 07:15 PM | 00,715,248 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[03/24/2006 04:34 PM | 01,156,648 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\sthda.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(TIEHDUSB) TIEHDUSB [On_Demand | Stopped]
[02/04/2004 10:27 AM | 00,049,536 | ---- | M] (Texas Instruments Incorporated) - C:\WINDOWS\system32\drivers\tiehdusb.sys

(toshidpt) TOSHIBA Bluetooth HID port driver [On_Demand | Stopped]
[07/11/2005 06:58 PM | 00,003,712 | ---- | M] (TOSHIBA Corporation.) - C:\WINDOWS\system32\drivers\Toshidpt.sys

(tosporte) Bluetooth Port Driver from Toshiba [On_Demand | Running]
[06/13/2006 12:29 PM | 00,047,488 | ---- | M] (TOSHIBA Corporation) - C:\WINDOWS\system32\drivers\tosporte.sys

(Tosrfbd) Bluetooth RFBUS from TOSHIBA [On_Demand | Running]
[06/13/2006 11:22 AM | 00,111,232 | ---- | M] (TOSHIBA CORPORATION) - C:\WINDOWS\system32\drivers\TosRfbd.sys

(Tosrfbnp) Bluetooth RFBNEP from TOSHIBA [On_Demand | Running]
[03/16/2006 10:45 AM | 00,037,632 | ---- | M] (TOSHIBA Corporation) - C:\WINDOWS\system32\drivers\tosrfbnp.sys

(Tosrfcom) Bluetooth RFCOMM from TOSHIBA [System | Running]
[08/01/2005 04:45 PM | 00,064,896 | ---- | M] (TOSHIBA Corporation) - C:\WINDOWS\system32\drivers\tosrfcom.sys

(Tosrfhid) Bluetooth RFHID from TOSHIBA [On_Demand | Running]
[05/29/2006 01:11 PM | 00,060,672 | ---- | M] (TOSHIBA Corporation.) - C:\WINDOWS\system32\drivers\TosRfhid.sys

(tosrfnds) Bluetooth Personal Area Network from TOSHIBA [On_Demand | Stopped]
[01/06/2005 01:42 PM | 00,018,612 | ---- | M] (TOSHIBA Corporation.) - C:\WINDOWS\system32\drivers\tosrfnds.sys

(TosRfSnd) Bluetooth Audio Device (WDM) from TOSHIBA [On_Demand | Stopped]
[03/15/2006 10:52 AM | 00,052,864 | ---- | M] (TOSHIBA Corporation) - C:\WINDOWS\system32\drivers\TosRfSnd.sys

(Tosrfusb) Bluetooth USB Controller [On_Demand | Running]
[06/09/2006 09:40 PM | 00,040,192 | ---- | M] (TOSHIBA CORPORATION) - C:\WINDOWS\system32\drivers\tosrfusb.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

(winachsf) winachsf [On_Demand | Running]
[12/01/2005 12:40 AM | 00,669,696 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSX_CNXT.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Apoint" = C:\Program Files\Apoint\Apoint.exe [10/07/2005 12:13 PM | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI" = C:\WINDOWS\system32\WLTRAY.exe [11/22/2006 05:35 PM | 01,392,640 | ---- | M] (Dell Inc.)
"DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 05:20 AM | 00,122,940 | ---- | M] (Sonic Solutions)
"Document Manager" = C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [09/08/2006 08:32 AM | 00,102,400 | ---- | M] (Wave Systems Corp.)
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM | 00,049,152 | ---- | M] (CyberLink Corp.)
"DXDllRegExe" = dxdllreg.exe File not found
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 04:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 04:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"Kernel and Hardware Abstraction Layer" = KHALMNPR.EXE [02/29/2008 03:12 AM | 00,076,304 | ---- | M] (Logitech, Inc.)
"McAfeeUpdaterUI" = "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey [11/17/2006 01:39 PM | 00,136,768 | ---- | M] (McAfee, Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [01/19/2006 08:14 AM | 07,401,472 | ---- | M] (NVIDIA Corporation)
"NVHotkey" = rundll32.exe nvHotkey.dll,Start [01/19/2006 08:14 AM | 00,073,728 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /installquiet [01/19/2006 08:14 AM | 01,519,616 | ---- | M] ()
"OODefragTray" = C:\WINDOWS\system32\oodtray.exe [05/11/2007 02:08 AM | 02,512,392 | ---- | M] (O&O Software GmbH)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [08/03/2007 04:53 PM | 00,286,720 | ---- | M] (Apple Inc.)
"ShStatEXE" = "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [11/30/2006 08:50 AM | 00,112,216 | ---- | M] (McAfee, Inc.)
"SigmatelSysTrayApp" = stsystra.exe [03/24/2006 04:30 PM | 00,282,624 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComSmartUtil" = C:\WINDOWS\system32\wrqvwzcl.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComSmartUtil" = C:\WINDOWS\system32\wrqvwzcl.exe File not found

[HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[06/16/2005 11:11 AM | 00,049,152 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
[10/29/2003 02:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[08/25/2006 09:45 AM | 00,192,512 | ---- | M] (Wave Systems Corp.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
[05/02/2008 02:44 AM | 00,805,392 | ---- | M] (Logitech, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

[Chris H Startup Folder - C:\Documents and Settings\Chris H\Start Menu\Programs\Startup]
[10/20/2005 12:04 PM | 00,038,912 | ---- | M] () - C:\Documents and Settings\Chris H\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/23/2006 12:08 AM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [09/08/2005 05:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
HKLM CLSID: (scriptproxy) - [11/30/2006 08:50 AM | 00,067,136 | ---- | M] (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
HKLM CLSID: (CBrowserHelperObject Object) - [01/26/2007 09:07 AM | 00,098,304 | ---- | M] (Dell Inc.) C:\Program Files\BAE\BAE.dll

===== Toolbars =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"NUAlHgD0xj" = C:\Documents and Settings\Chris H\Desktop\AdobeFlashPlayerHD.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0
"DisableTaskMgr" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"NUAlHgD0xj" = C:\Documents and Settings\Chris H\Desktop\AdobeFlashPlayerHD.exe File not found

[HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0
"DisableTaskMgr" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"wxvault.dll" - [09/08/2006 08:32 AM | 00,286,720 | ---- | M] () C:\WINDOWS\system32\wxvault.dll

===== Lsa Authentication Packages =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages]
"wvauth" - [09/12/2006 12:07 PM | 00,385,024 | ---- | M] (Wave Systems Corp.) C:\WINDOWS\system32\wvauth.dll

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America's Army\System\ArmyOps.exe" = C:\Program Files\America's Army\System\ArmyOps.exe [03/20/2008 10:30 AM | 00,131,072 | ---- | M] ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe [08/16/2008 05:28 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe [12/11/2007 01:00 AM | 01,873,280 | ---- | M] (Cerulean Studios)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe [04/17/2008 09:57 AM | 07,660,656 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 04:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Ruckus Player\Ruckus.exe" = C:\Program Files\Ruckus Player\Ruckus.exe [04/01/2008 05:24 PM | 02,134,016 | ---- | M] ( )
"C:\Program Files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe" = C:\Program Files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe [09/11/2006 02:49 PM | 00,454,656 | ---- | M] (Wave Systems Corp)
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe [11/19/2007 03:13 PM | 00,274,432 | ---- | M] ()
"C:\Program Files\UGS\NX 5.0\UGII\ugraf.exe" = C:\Program Files\UGS\NX 5.0\UGII\ugraf.exe [03/07/2007 05:48 PM | 00,352,256 | ---- | M] (UGS Corp.)
"C:\Program Files\Joost\xulrunner\tvprunner.exe" = C:\Program Files\Joost\xulrunner\tvprunner.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 07:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 07:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 07:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 07:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
"DllName" = c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [05/02/2008 02:42 AM | 00,072,208 | ---- | M] (Logitech, Inc.)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{237B4D05-E2C6-4954-AC2E-2DED8991A8DF}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{82F62867-1FEB-444A-946C-F05CD30E48FC}]
Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A792CE96-86D4-478A-A9D2-A935ECC91A7A}]
Servers: | Description: Dell Wireless 1490 Dual Band WLAN Mini-Card

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{BD9FF154-588C-4080-AD12-9C339A87811D}]
Servers: | Description: Broadcom NetXtreme Gigabit Ethernet

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F7CF2D3E-6B9D-47BE-BA90-90A4480EA1E6}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[08/11/2004 05:15 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12465246-0af7-11dd-a861-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12465246-0af7-11dd-a861-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12465246-0af7-11dd-a861-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34236c0c-5a31-11dc-a7e8-00197e937a37}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34236c0c-5a31-11dc-a7e8-00197e937a37}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34236c0c-5a31-11dc-a7e8-00197e937a37}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5edee327-c3b3-11dc-a835-00197e937a37}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5edee327-c3b3-11dc-a835-00197e937a37}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5edee327-c3b3-11dc-a835-00197e937a37}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{893322fe-cac6-11dc-a83b-001a6b777f54}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{893322fe-cac6-11dc-a83b-001a6b777f54}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{893322fe-cac6-11dc-a83b-001a6b777f54}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90a6b08e-ddb3-11dc-a84d-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90a6b08e-ddb3-11dc-a84d-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90a6b08e-ddb3-11dc-a84d-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90a6b096-ddb3-11dc-a84d-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90a6b096-ddb3-11dc-a84d-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90a6b096-ddb3-11dc-a84d-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{988c797a-50bd-11dc-a7de-00197e937a37}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{988c797a-50bd-11dc-a7de-00197e937a37}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{988c797a-50bd-11dc-a7de-00197e937a37}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{989b1abe-688e-11dc-a7f8-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{989b1abe-688e-11dc-a7f8-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{989b1abe-688e-11dc-a7f8-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{989b1abf-688e-11dc-a7f8-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{989b1abf-688e-11dc-a7f8-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{989b1abf-688e-11dc-a7f8-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6518ce1-7aaf-11dc-a80a-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6518ce1-7aaf-11dc-a80a-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6518ce1-7aaf-11dc-a80a-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bef90949-1d7c-11dd-a86c-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bef90949-1d7c-11dd-a86c-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bef90949-1d7c-11dd-a86c-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd78d46b-72e2-11dd-a8a5-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd78d46b-72e2-11dd-a8a5-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd78d46b-72e2-11dd-a8a5-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd78d46c-72e2-11dd-a8a5-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd78d46c-72e2-11dd-a8a5-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd78d46c-72e2-11dd-a8a5-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d99038dc-0319-11dd-a85e-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d99038dc-0319-11dd-a85e-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d99038dc-0319-11dd-a85e-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e097ba4d-71fd-11dd-a8a4-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e097ba4d-71fd-11dd-a8a4-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e097ba4d-71fd-11dd-a8a4-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3943602-fe92-11dc-a85d-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3943602-fe92-11dc-a85d-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3943602-fe92-11dc-a85d-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edf950ad-05da-11dd-a860-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edf950ad-05da-11dd-a860-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edf950ad-05da-11dd-a860-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f49191a9-a809-11dc-a823-0019b97a877f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f49191a9-a809-11dc-a823-0019b97a877f}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f49191a9-a809-11dc-a823-0019b97a877f}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

Edited by lourider, 25 August 2008 - 08:54 PM.

  • 0

#9
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Couldnt get all of the log in one post. So here is the rest of it.

[Files/Folders - Created Within 60 days]
[04/13/2008 07:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 07:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 07:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 07:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 07:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 07:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 07:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 07:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 07:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 07:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 07:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 07:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 07:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 07:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 07:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 10:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 10:29 PM | 00,701,440 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtag.sys
[08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 10:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 10:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 10:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 10:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 10:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 10:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2004 10:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 10:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/25/2008 03:20 PM | 00,000,000 | -H-- | C] () - C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[1 C:\WINDOWS\System32\*.tmp files]
[04/13/2008 07:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/13/2008 07:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[04/13/2008 07:11 PM | 00,201,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvag.dll
[04/13/2008 07:11 PM | 00,229,376 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2cqag.dll
[04/13/2008 07:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/13/2008 07:11 PM | 00,516,768 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ativvaxx.dll
[04/13/2008 07:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/13/2008 07:11 PM | 01,888,992 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3duag.dll
[04/13/2008 07:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/13/2008 07:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[04/13/2008 07:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/13/2008 07:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/13/2008 07:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/13/2008 07:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/13/2008 07:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/13/2008 07:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/13/2008 07:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[06/21/2007 12:52 AM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[07/23/2008 11:46 AM | 00,012,288 | ---- | C] () - C:\WINDOWS\System32\DivXWMPExtType.dll
[07/23/2008 11:47 AM | 00,000,416 | ---- | C] () - C:\WINDOWS\System32\dpl100.dll.manifest
[07/23/2008 11:47 AM | 00,000,416 | ---- | C] () - C:\WINDOWS\System32\dtu100.dll.manifest
[07/23/2008 11:48 AM | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) - C:\WINDOWS\System32\ssldivx.dll
[07/23/2008 11:48 AM | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) - C:\WINDOWS\System32\libdivx.dll
[07/23/2008 11:50 AM | 03,596,288 | ---- | C] () - C:\WINDOWS\System32\qt-dx331.dll
[07/25/2008 03:34 AM | 00,053,248 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpuGUI10.dll
[07/25/2008 03:34 AM | 00,057,344 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpv11.dll
[07/25/2008 03:34 AM | 00,081,920 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\dpl100.dll
[07/25/2008 03:34 AM | 00,161,096 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[07/25/2008 03:34 AM | 00,196,608 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\dtu100.dll
[07/25/2008 03:34 AM | 00,294,912 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpu10.dll
[07/25/2008 03:34 AM | 00,294,912 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpu11.dll
[07/25/2008 03:34 AM | 00,344,064 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpus11.dll
[07/25/2008 03:34 AM | 00,593,920 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpuGUI11.dll
[07/25/2008 03:34 AM | 00,683,520 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\DivX.dll
[07/25/2008 03:34 AM | 00,802,816 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx11.dll
[07/25/2008 03:34 AM | 00,815,104 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx0a.dll
[07/25/2008 03:34 AM | 00,823,296 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx07.dll
[07/25/2008 03:34 AM | 00,823,296 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx0c.dll
[07/25/2008 03:36 AM | 00,004,816 | ---- | C] () - C:\WINDOWS\System32\divxsm.tlb
[07/25/2008 03:36 AM | 00,524,288 | ---- | C] (DivX Inc.) - C:\WINDOWS\System32\DivXsm.exe
[08/17/2008 01:43 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/17/2008 01:43 PM | ---D | C] - C:\WINDOWS\System32\en
[08/17/2008 01:43 PM | ---D | C] - C:\WINDOWS\System32\scripting
[2 C:\WINDOWS\*.tmp files]
[04/13/2008 07:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[06/22/2004 08:04 AM | 00,017,176 | ---- | C] () - C:\WINDOWS\hpomdl04.dat
[06/22/2004 08:04 AM | 00,017,176 | ---- | C] () - C:\WINDOWS\hpomdl04.dat.temp
[08/17/2008 01:20 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/17/2008 01:43 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/17/2008 01:45 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/21/2008 05:56 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/25/2008 02:02 PM | 00,103,517 | ---- | C] () - C:\WINDOWS\hpoins04.dat.temp
[08/25/2008 06:01 PM | 00,103,535 | ---- | C] () - C:\WINDOWS\hpoins04.dat
[08/25/2008 08:45 PM | ---D | C] - C:\WINDOWS\LastGood
[08/25/2008 09:44 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/18/2008 01:50 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\kjqjivgv
[08/18/2008 01:50 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\ylorqned
[08/18/2008 02:13 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/19/2008 03:28 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Lavasoft
[08/18/2008 02:14 AM | ---D | C] - C:\Documents and Settings\Chris H\Application Data\Malwarebytes
[08/08/2008 01:10 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\microsoft
[08/19/2008 09:59 PM | 00,786,956 | ---- | C] () - C:\Documents and Settings\Chris H\My Documents\cc_20080819_2158.reg
[08/18/2008 02:04 PM | 00,000,806 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[08/18/2008 02:05 PM | 00,000,795 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[08/18/2008 02:13 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/19/2008 03:24 PM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[07/14/2008 03:53 AM | 00,001,548 | ---- | C] () - C:\Documents and Settings\Chris H\Desktop\CCleaner.lnk
[08/16/2008 02:25 AM | ---D | C] - C:\Documents and Settings\Chris H\Desktop\music
[08/21/2008 02:33 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Chris H\Desktop\HijackThis.lnk
[08/21/2008 02:33 PM | 00,812,344 | ---- | C] (Trend Micro Inc.) - C:\Documents and Settings\Chris H\Desktop\HJTInstall.exe
[08/21/2008 02:44 PM | 00,791,393 | ---- | C] (Lars Hederer ) - C:\Documents and Settings\Chris H\Desktop\erunt_setup.exe
[08/21/2008 02:45 PM | 00,000,592 | ---- | C] () - C:\Documents and Settings\Chris H\Desktop\ERUNT.lnk
[08/21/2008 02:45 PM | 00,000,611 | ---- | C] () - C:\Documents and Settings\Chris H\Desktop\NTREGOPT.lnk
[08/25/2008 09:43 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Chris H\Desktop\OTViewIt.exe
[08/21/2008 02:46 PM | 00,000,767 | ---- | C] () - C:\Documents and Settings\Chris H\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/18/2008 02:13 AM | ---D | C] - C:\Program Files\Common Files\Download Manager
[07/14/2008 03:49 AM | ---D | C] - C:\Program Files\CCleaner
[08/18/2008 01:51 AM | ---D | C] - C:\Program Files\lrfhikg
[08/18/2008 02:13 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/19/2008 03:24 PM | ---D | C] - C:\Program Files\Lavasoft
[08/19/2008 10:35 PM | ---D | C] - C:\Program Files\Microsoft Silverlight
[08/21/2008 02:33 PM | ---D | C] - C:\Program Files\Trend Micro
[08/21/2008 02:46 PM | ---D | C] - C:\Program Files\ERUNT
[08/25/2008 06:06 PM | ---D | C] - C:\Program Files\HP PSC 1350

[Files/Folders - Modified Within 60 days]
[08/17/2008 01:23 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/18/2008 02:47 AM | -HSD | M] - C:\System Volume Information
[08/25/2008 01:55 PM | ---D | M] - C:\Temp
[08/25/2008 03:15 PM | 21,455,09376 | -HS- | M] () - C:\hiberfil.sys
[08/25/2008 05:55 PM | ---D | M] - C:\WINDOWS
[08/25/2008 06:07 PM | R--D | M] - C:\Program Files
[07/25/2008 12:49 AM | 00,022,328 | ---- | M] () - C:\WINDOWS\System32\drivers\PnkBstrK.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/25/2008 03:20 PM | 00,000,000 | -H-- | M] () - C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[1 C:\WINDOWS\System32\*.tmp files]
[07/23/2008 11:46 AM | 00,012,288 | ---- | M] () - C:\WINDOWS\System32\DivXWMPExtType.dll
[07/23/2008 11:47 AM | 00,000,416 | ---- | M] () - C:\WINDOWS\System32\dpl100.dll.manifest
[07/23/2008 11:47 AM | 00,000,416 | ---- | M] () - C:\WINDOWS\System32\dtu100.dll.manifest
[07/23/2008 11:47 AM | 00,634,880 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divxdec.ax
[07/23/2008 11:48 AM | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) - C:\WINDOWS\System32\ssldivx.dll
[07/23/2008 11:48 AM | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) - C:\WINDOWS\System32\libdivx.dll
[07/23/2008 11:50 AM | 03,596,288 | ---- | M] () - C:\WINDOWS\System32\qt-dx331.dll
[07/25/2008 03:34 AM | 00,053,248 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpuGUI10.dll
[07/25/2008 03:34 AM | 00,057,344 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpv11.dll
[07/25/2008 03:34 AM | 00,081,920 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\dpl100.dll
[07/25/2008 03:34 AM | 00,161,096 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[07/25/2008 03:34 AM | 00,196,608 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\dtu100.dll
[07/25/2008 03:34 AM | 00,294,912 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpu10.dll
[07/25/2008 03:34 AM | 00,294,912 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpu11.dll
[07/25/2008 03:34 AM | 00,344,064 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpus11.dll
[07/25/2008 03:34 AM | 00,593,920 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpuGUI11.dll
[07/25/2008 03:34 AM | 00,683,520 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\DivX.dll
[07/25/2008 03:34 AM | 00,802,816 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx11.dll
[07/25/2008 03:34 AM | 00,815,104 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx0a.dll
[07/25/2008 03:34 AM | 00,823,296 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx07.dll
[07/25/2008 03:34 AM | 00,823,296 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx0c.dll
[07/25/2008 03:36 AM | 00,004,816 | ---- | M] () - C:\WINDOWS\System32\divxsm.tlb
[07/25/2008 03:36 AM | 00,524,288 | ---- | M] (DivX Inc.) - C:\WINDOWS\System32\DivXsm.exe
[07/25/2008 12:49 AM | 00,107,832 | ---- | M] () - C:\WINDOWS\System32\PnkBstrB.exe
[08/17/2008 01:32 PM | ---D | M] - C:\WINDOWS\System32\oobe
[08/17/2008 01:33 PM | ---D | M] - C:\WINDOWS\System32\Com
[08/17/2008 01:33 PM | ---D | M] - C:\WINDOWS\System32\npp
[08/17/2008 01:43 PM | ---D | M] - C:\WINDOWS\System32\bits
[08/17/2008 01:43 PM | ---D | M] - C:\WINDOWS\System32\en
[08/17/2008 01:43 PM | ---D | M] - C:\WINDOWS\System32\en-US
[08/17/2008 01:43 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/17/2008 01:43 PM | ---D | M] - C:\WINDOWS\System32\usmt
[08/17/2008 01:44 PM | ---D | M] - C:\WINDOWS\System32\inetsrv
[08/17/2008 02:21 PM | 00,217,656 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/17/2008 02:21 PM | ---D | M] - C:\WINDOWS\System32\Setup
[08/17/2008 02:21 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/18/2008 01:34 AM | 00,065,446 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/18/2008 01:34 AM | 00,411,142 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/18/2008 01:34 AM | 00,483,924 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/18/2008 02:47 AM | ---D | M] - C:\WINDOWS\System32\Restore
[08/18/2008 04:30 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/22/2008 01:32 PM | ---D | M] - C:\WINDOWS\System32\oodag
[08/24/2008 12:39 PM | 00,119,635 | ---- | M] () - C:\WINDOWS\System32\nvModes.dat
[08/25/2008 01:38 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[08/25/2008 03:15 PM | 00,226,029 | ---- | M] () - C:\WINDOWS\System32\oodbs.lor
[08/25/2008 03:17 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/25/2008 03:22 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\NvwsApps.xml
[08/25/2008 03:22 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/25/2008 05:59 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/25/2008 06:04 PM | 00,119,635 | ---- | M] () - C:\WINDOWS\System32\nvModes.001
[08/25/2008 08:45 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[2 C:\WINDOWS\*.tmp files]
[07/14/2008 03:55 AM | ---D | M] - C:\WINDOWS\Minidump
[08/17/2008 01:09 PM | ---D | M] - C:\WINDOWS\ehome
[08/17/2008 01:20 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/17/2008 01:32 PM | ---D | M] - C:\WINDOWS\system
[08/17/2008 01:33 PM | ---D | M] - C:\WINDOWS\msagent
[08/17/2008 01:33 PM | ---D | M] - C:\WINDOWS\mui
[08/17/2008 01:33 PM | ---D | M] - C:\WINDOWS\srchasst
[08/17/2008 01:43 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/17/2008 01:43 PM | ---D | M] - C:\WINDOWS\PeerNet
[08/17/2008 01:44 PM | ---D | M] - C:\WINDOWS\ime
[08/17/2008 01:44 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/17/2008 01:45 PM | ---D | M] - C:\WINDOWS\ServicePackFiles
[08/17/2008 01:45 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/17/2008 02:18 PM | ---D | M] - C:\WINDOWS\security
[08/17/2008 02:21 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/17/2008 02:21 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/17/2008 09:02 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/18/2008 01:53 AM | ---D | M] - C:\WINDOWS\Debug
[08/18/2008 12:52 AM | 00,000,097 | ---- | M] () - C:\WINDOWS\WirelessFTP.INI
[08/21/2008 05:56 PM | ---D | M] - C:\WINDOWS\ERDNT
[08/24/2008 11:35 AM | --SD | M] - C:\WINDOWS\Tasks
[08/25/2008 01:51 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/25/2008 02:02 PM | 00,103,517 | ---- | M] () - C:\WINDOWS\hpoins04.dat.temp
[08/25/2008 03:16 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/25/2008 05:56 PM | ---D | M] - C:\WINDOWS\twain_32
[08/25/2008 06:01 PM | 00,103,535 | ---- | M] () - C:\WINDOWS\hpoins04.dat
[08/25/2008 06:01 PM | -HSD | M] - C:\WINDOWS\Installer
[08/25/2008 08:45 PM | ---D | M] - C:\WINDOWS\Help
[08/25/2008 08:45 PM | ---D | M] - C:\WINDOWS\LastGood
[08/25/2008 08:45 PM | ---D | M] - C:\WINDOWS\system32
[08/25/2008 08:45 PM | ---D | M] - C:\WINDOWS\Temp
[08/25/2008 08:45 PM | -H-D | M] - C:\WINDOWS\inf
[08/25/2008 08:51 AM | R-SD | M] - C:\WINDOWS\assembly
[08/25/2008 08:55 AM | 00,000,659 | ---- | M] () - C:\WINDOWS\win.ini
[08/25/2008 09:44 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/18/2008 03:54 PM | 00,000,274 | ---- | M] () - C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[08/25/2008 03:16 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[07/12/2008 01:45 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[08/18/2008 01:50 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\kjqjivgv
[08/18/2008 01:50 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\ylorqned
[08/18/2008 02:13 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/19/2008 03:28 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Lavasoft
[08/19/2008 10:09 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\SecTaskMan
[07/28/2008 04:22 AM | ---D | M] - C:\Documents and Settings\Chris H\Application Data\goombah
[08/18/2008 02:14 AM | ---D | M] - C:\Documents and Settings\Chris H\Application Data\Malwarebytes
[08/19/2008 10:08 PM | ---D | M] - C:\Documents and Settings\Chris H\Application Data\SUPERAntiSpyware.com
[08/20/2008 02:08 AM | ---D | M] - C:\Documents and Settings\Chris H\Application Data\uTorrent
[08/25/2008 03:22 PM | ---D | M] - C:\Documents and Settings\Chris H\Application Data\Wave Systems Corp
[08/25/2008 09:15 PM | ---D | M] - C:\Documents and Settings\Chris H\Application Data\Ruckus Network
[08/18/2008 02:02 PM | 00,188,416 | ---- | M] () - C:\Documents and Settings\Chris H\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/18/2008 02:36 AM | 01,581,414 | -H-- | M] () - C:\Documents and Settings\Chris H\Local Settings\Application Data\IconCache.db
[08/19/2008 10:35 PM | ---D | M] - C:\Documents and Settings\Chris H\Local Settings\Application Data\Microsoft
[08/24/2008 09:47 PM | ---D | M] - C:\Documents and Settings\Chris H\Local Settings\Application Data\ApplicationHistory
[08/08/2008 01:10 PM | ---D | M] - C:\Documents and Settings\All Users\Documents\microsoft
[08/05/2008 09:36 PM | ---D | M] - C:\Documents and Settings\Chris H\My Documents\My Albums
[08/05/2008 09:52 PM | R--D | M] - C:\Documents and Settings\Chris H\My Documents\My Videos
[08/18/2008 03:46 PM | ---D | M] - C:\Documents and Settings\Chris H\My Documents\Downloads
[08/19/2008 09:59 PM | 00,786,956 | ---- | M] () - C:\Documents and Settings\Chris H\My Documents\cc_20080819_2158.reg
[08/19/2008 11:32 PM | R--D | M] - C:\Documents and Settings\Chris H\My Documents\My Pictures
[08/25/2008 09:15 PM | R--D | M] - C:\Documents and Settings\Chris H\My Documents\My Music
[08/18/2008 02:04 PM | 00,000,806 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[08/18/2008 02:05 PM | 00,000,795 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[08/18/2008 02:13 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/19/2008 03:24 PM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/25/2008 01:35 PM | 00,001,681 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[06/28/2008 03:55 PM | ---D | M] - C:\Documents and Settings\Chris H\Desktop\Icons
[07/14/2008 03:53 AM | 00,001,548 | ---- | M] () - C:\Documents and Settings\Chris H\Desktop\CCleaner.lnk
[08/16/2008 02:25 AM | ---D | M] - C:\Documents and Settings\Chris H\Desktop\music
[08/16/2008 05:29 PM | 00,000,630 | ---- | M] () - C:\Documents and Settings\Chris H\Desktop\µTorrent.lnk
[08/21/2008 02:33 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Chris H\Desktop\HijackThis.lnk
[08/21/2008 02:33 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Chris H\Desktop\HJTInstall.exe
[08/21/2008 02:44 PM | 00,791,393 | ---- | M] (Lars Hederer ) - C:\Documents and Settings\Chris H\Desktop\erunt_setup.exe
[08/21/2008 02:45 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\Chris H\Desktop\ERUNT.lnk
[08/21/2008 02:45 PM | 00,000,611 | ---- | M] () - C:\Documents and Settings\Chris H\Desktop\NTREGOPT.lnk
[08/24/2008 12:28 PM | ---D | M] - C:\Documents and Settings\Chris H\Desktop\docs
[08/25/2008 05:38 PM | 00,001,622 | ---- | M] () - C:\Documents and Settings\Chris H\Desktop\Trillian.lnk
[08/25/2008 06:07 PM | 00,002,497 | ---- | M] () - C:\Documents and Settings\Chris H\Desktop\Microsoft Office Word 2003 (2).lnk
[08/25/2008 09:43 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Chris H\Desktop\OTViewIt.exe
[08/25/2008 01:35 PM | 00,001,687 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[08/21/2008 02:46 PM | 00,000,767 | ---- | M] () - C:\Documents and Settings\Chris H\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[08/17/2008 01:33 PM | ---D | M] - C:\Program Files\Common Files\System
[08/18/2008 02:13 AM | ---D | M] - C:\Program Files\Common Files\Download Manager
[08/19/2008 10:04 PM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard
[08/25/2008 01:35 PM | ---D | M] - C:\Program Files\Common Files\Logishrd

< End of report >
  • 0

#10
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And here is the Extras.txt log

OTViewIt Extras logfile created on: 8/25/2008 9:44:44 PM - Run 4
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Chris H\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.97% Memory free
3.35 Gb Paging File | 2.82 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 77.89 Gb Free Space | 69.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 177.28 Gb Free Space | 38.06% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/11/2008 03:11 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}" = MSXML 6.0 Parser (KB933579)
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4E765B16-84C0-40FD-A33D-D58CC7C75603}" = UGS NX 5.0
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{5ACD451F-AE53-4375-9AF5-3CF0801362DA}" = UGSLicensing
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6846389C-BAC0-4374-808E-B120F86AF5D7}" = Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = sentinelsystemdriver
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AB7E8EC4-D04C-4A2B-A33B-4A3725C72285}" = Sony ACID Pro 6.0
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2" = Adobe Reader 8.1.2 Security Update 1 (KB403742)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE40EC9E-9466-4288-916D-C1D6C13F4A40}" = upekmsi
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDD4761A-3D3F-4487-9AAF-7855A36E0D31}" = Wave Infrastructure Installer
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE2EE62C-E27D-486A-AF6D-FA4A06E67476}" = Preboot Manager
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF434C52-D882-43DB-8777-EC7B10D8943C}" = America's Army
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Collab" = Collab
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVDFab Platinum_is1" = DVDFab Platinum 3.1.1.2 Ghosthunter release
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImTOO DVD to Zune Converter" = ImTOO DVD to Zune Converter
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"KB835221WXP" = High Definition Audio Driver Package - KB835221
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB917734_WMP9" = Security Update for Windows Media Player 9 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB923789" = Security Update for Windows XP (KB923789)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB936782_WMP9" = Security Update for Windows Media Player 9 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.14)" = Mozilla Firefox (2.0.0.14)
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Ruckus Player" = Ruckus Player
"SearchAssist" = SearchAssist
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Trillian" = Trillian
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zune" = Zune

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"uTorrent" = µTorrent

===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====

[HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"uTorrent" = µTorrent

===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >
  • 0

Advertisements


#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Chris H\Desktop\AdobeFlashPlayerHD.exe
    C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    C:\Documents and Settings\All Users\Application Data\kjqjivgv
    C:\Documents and Settings\All Users\Application Data\ylorqned
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\NUAlHgD0xj
    HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\NUAlHgD0xj
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If above OTMoveIt2 link above is broken, please use this link instead..




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic



Post me these logs in your next reply..

1. OTMoveIt2
2. NOD32 Online scanner
3. A fresh HijackThis log (after NOD32 step)
4. How is your computer now?
  • 0

#12
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the OTMoveIt2 log

Explorer killed successfully
File/Folder C:\Documents and Settings\Chris H\Desktop\AdobeFlashPlayerHD.exe not found.
C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf moved successfully.
C:\Documents and Settings\All Users\Application Data\kjqjivgv moved successfully.
C:\Documents and Settings\All Users\Application Data\ylorqned moved successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\NUAlHgD0xj >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\NUAlHgD0xj deleted successfully.
< HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\NUAlHgD0xj >
Registry value HKEY_USERS\S-1-5-21-3293468234-368457283-3789937228-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\NUAlHgD0xj not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\CHRISH~1\LOCALS~1\Temp\NAILogs\UpdaterUI_CHRIS.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_090957

Files moved on Reboot...
C:\DOCUME~1\CHRISH~1\LOCALS~1\Temp\NAILogs\UpdaterUI_CHRIS.log moved successfully.
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
waiting for the other logs requested :)
  • 0

#14
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is my Eset scan

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3389 (20080826)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9767d2371597e94eb325dd65ac084e30
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-26 09:30:58
# local_time=2008-08-26 04:30:58 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=790284
# found=0
# scan_time=18627


And my hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:20 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\Program Files\UGS\UGSLicensing\ugslmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC10.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070627
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070627
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070627
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ComSmartUtil] C:\WINDOWS\system32\wrqvwzcl.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/im...r/SysProExe.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O21 - SSODL: ComSysApi - {75A9F748-CB85-2AE9-3C90-07D1BCB56D0F} - C:\Program Files\lrfhikg\ComSysApi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11042 bytes
  • 0

#15
lourider

lourider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It seems to be working right. I havent seen that pop up yet.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP