I've tried the various steps in the malware removal guide but that has not worked for me. I need someone to walk me through this. Help please?
Edited by Kaos3476, 16 May 2009 - 02:40 AM.
Google Redirect Problem (SOLVED)
Started by
Kaos3476
, May 13 2009 05:36 PM
#1
Posted 13 May 2009 - 05:36 PM
Kaos3476
-
- Member
-
- 3 posts
New Member
I've tried the various steps in the malware removal guide but that has not worked for me. I need someone to walk me through this. Help please?
#2
Posted 13 May 2009 - 05:40 PM
Kaos3476
- Topic Starter
-
- Member
-
- 3 posts
New Member
To speed things up, here is my Rootkit log:
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
C:\ [Fixed] - NTFS - (Total:39589 Mo/Free:2047 Mo)
D:\ [Fixed] - NTFS - (Total:9311 Mo/Free:1716 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:31659 Mo/Free:3572 Mo)
G:\ [Fixed] - NTFS - (Total:72067 Mo/Free:3611 Mo)
Thu 14/05/2009| 9:37
----------------------\\ Processes..
--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\WLANExt.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\CTsvcCDA.exe
---------- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
---------- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\SMINST\BLService.exe
---------- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Windows\System32\igfxtray.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Program Files\HP\QuickPlay\QPService.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
---------- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
---------- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
---------- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
---------- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
---------- C:\Program Files\uTorrent\uTorrent.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Program Files\McAfee\Common Framework\McTray.exe
---------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
---------- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
---------- C:\Program Files\Common Files\Teleca Shared\Generic.exe
---------- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
---------- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
---------- C:\Users\Diana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
---------- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\Users\Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5Z9WGMI\cracked[1].gif
1 - "C:\Rooter$\Rooter_1.txt" - Wed 13/05/2009|23:39
2 - "C:\Rooter$\Rooter_2.txt" - Thu 14/05/2009| 9:38
----------------------\\ Scan completed at 9:38
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
C:\ [Fixed] - NTFS - (Total:39589 Mo/Free:2047 Mo)
D:\ [Fixed] - NTFS - (Total:9311 Mo/Free:1716 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:31659 Mo/Free:3572 Mo)
G:\ [Fixed] - NTFS - (Total:72067 Mo/Free:3611 Mo)
Thu 14/05/2009| 9:37
----------------------\\ Processes..
--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\WLANExt.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\CTsvcCDA.exe
---------- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
---------- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\SMINST\BLService.exe
---------- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Windows\System32\igfxtray.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Program Files\HP\QuickPlay\QPService.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
---------- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
---------- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
---------- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
---------- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
---------- C:\Program Files\uTorrent\uTorrent.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Program Files\McAfee\Common Framework\McTray.exe
---------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
---------- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
---------- C:\Program Files\Common Files\Teleca Shared\Generic.exe
---------- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
---------- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
---------- C:\Users\Diana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
---------- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\Users\Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5Z9WGMI\cracked[1].gif
1 - "C:\Rooter$\Rooter_1.txt" - Wed 13/05/2009|23:39
2 - "C:\Rooter$\Rooter_2.txt" - Thu 14/05/2009| 9:38
----------------------\\ Scan completed at 9:38
#3
Posted 13 May 2009 - 05:41 PM
Kaos3476
- Topic Starter
-
- Member
-
- 3 posts
New Member
OTListIT Log:
OTListIt logfile created on: 14/05/2009 9:39:08 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = G:\Firefox
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1.93 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.69% Memory free
4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38.66 Gb Total Space | 14.00 Gb Free Space | 36.21% Space Free | Partition Type: NTFS
Drive D: | 9.09 Gb Total Space | 1.68 Gb Free Space | 18.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 30.92 Gb Total Space | 27.49 Gb Free Space | 88.91% Space Free | Partition Type: NTFS
Drive G: | 70.38 Gb Total Space | 47.53 Gb Free Space | 67.53% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANA-PC
Current User Name: Diana
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [1999/12/13 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\system32\CTsvcCDA.exe
PRC - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/29 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/29 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/04/26 18:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/01/09 19:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/01/21 12:34:05 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/10/18 09:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe
PRC - [2008/04/18 04:05:10 | 01,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/06/17 23:39:48 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/06/17 23:39:24 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/06/17 23:39:36 | 00,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/06/12 15:17:52 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008/01/21 12:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/05/13 08:10:40 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/09 09:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/16 07:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/05/28 09:14:42 | 00,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2006/11/29 08:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/04 10:30:17 | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2008/01/21 12:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/06/17 23:39:42 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxsrvc.exe
PRC - [2006/11/17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/05/02 09:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/01/21 12:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 12:34:15 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/04/04 04:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2007/09/27 00:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2007/03/16 02:23:20 | 00,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2007/04/19 10:33:54 | 00,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2008/04/12 02:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/01/13 07:30:06 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/18 04:05:20 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/03/24 17:55:30 | 00,083,440 | ---- | M] (Google) -- C:\Users\Diana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2008/04/16 06:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2008/01/21 12:33:22 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2008/01/21 12:34:15 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2009/05/14 09:37:25 | 00,501,248 | ---- | M] (OldTimer Tools) -- G:\Firefox\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/01/21 12:34:44 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/04 04:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [1999/12/13 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\system32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/01/21 12:35:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/24 09:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/04/16 06:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/05/02 09:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2004/10/22 20:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/21 12:35:12 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2006/11/29 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Paused])
SRV - [2006/11/29 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2008/01/21 12:35:13 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/27 07:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/26 18:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2007/01/09 19:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2006/04/15 03:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2008/01/21 12:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 12:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/10/18 09:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2008/01/21 12:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Boot | Running])
DRV - [2008/01/21 12:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Boot | Running])
DRV - [2008/01/21 12:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Running])
DRV - [2008/01/21 12:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Boot | Running])
DRV - [2006/11/02 19:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Boot | Running])
DRV - [2008/01/21 12:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Boot | Running])
DRV - [2008/01/21 12:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Boot | Running])
DRV - [2008/01/21 12:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Boot | Running])
DRV - [2008/04/28 04:07:44 | 00,909,824 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\system32\DRIVERS\athr.sys -- (athr [On_Demand | Running])
DRV - [2006/11/02 17:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Stopped])
DRV - [2006/11/02 18:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 18:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 18:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [On_Demand | Stopped])
DRV - [2006/11/02 18:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [On_Demand | Stopped])
DRV - [2006/11/02 18:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2006/11/02 18:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 12:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Boot | Running])
DRV - [2008/06/06 02:58:42 | 00,222,208 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\system32\drivers\CHDRT32.sys -- (CnxtHdAudService [On_Demand | Running])
DRV - [2008/01/21 12:32:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 12:32:48 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Boot | Running])
DRV - [2008/02/14 03:57:38 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3 [Boot | Running])
DRV - [2008/01/21 12:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Boot | Running])
DRV - [2007/06/19 10:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2008/01/21 12:32:48 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2007/11/01 11:51:26 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/11/01 11:47:54 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2008/01/21 12:32:49 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2008/06/13 04:43:16 | 02,381,312 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 19:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Boot | Running])
DRV - [2008/06/05 03:54:22 | 00,113,664 | ---- | M] (Intel® Corporation) -- C:\Windows\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2006/11/02 19:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Boot | Running])
DRV - [2006/11/02 19:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2008/01/21 12:32:49 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Boot | Running])
DRV - [2008/01/21 12:32:51 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Boot | Running])
DRV - [2008/01/21 12:32:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
DRV - [2006/06/19 08:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/01/21 12:32:53 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Boot | Running])
DRV - [2008/01/21 12:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Boot | Running])
DRV - [2006/11/29 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2006/11/29 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2006/11/29 08:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2006/11/29 08:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2006/11/29 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik [Boot | Stopped])
DRV - [2006/11/02 19:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Boot | Running])
DRV - [2006/11/02 19:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Boot | Running])
DRV - [2006/11/02 17:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [On_Demand | Stopped])
DRV - [2006/11/02 17:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvm60x32.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2008/01/21 12:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/01/21 12:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/21 12:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Boot | Running])
DRV - [2006/11/02 19:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Boot | Running])
DRV - [2008/06/11 04:54:36 | 00,123,904 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/06/06 12:01:50 | 00,062,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2007/04/04 11:43:20 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716bus.sys -- (s716bus [On_Demand | Stopped])
DRV - [2007/04/04 11:43:32 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716mdfl.sys -- (s716mdfl [On_Demand | Stopped])
DRV - [2007/04/04 11:43:34 | 00,108,552 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716mdm.sys -- (s716mdm [On_Demand | Stopped])
DRV - [2007/04/04 11:43:34 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716mgmt.sys -- (s716mgmt [On_Demand | Stopped])
DRV - [2007/04/04 11:43:36 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716nd5.sys -- (s716nd5 [On_Demand | Stopped])
DRV - [2007/04/04 11:43:36 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716obex.sys -- (s716obex [On_Demand | Stopped])
DRV - [2007/04/04 11:43:38 | 00,098,952 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716unic.sys -- (s716unic [On_Demand | Stopped])
DRV - [2006/11/02 16:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 12:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Boot | Running])
DRV - [2006/11/02 19:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Boot | Running])
DRV - [2006/11/02 19:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Boot | Running])
DRV - [2006/11/02 19:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Boot | Running])
DRV - [2008/04/18 04:05:16 | 00,199,344 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/02/14 03:57:38 | 00,032,080 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\system32\DRIVERS\UimBus.sys -- (UimBus [System | Running])
DRV - [2008/02/14 03:57:38 | 00,131,672 | ---- | M] (Paragon) -- C:\Windows\System32\Drivers\Uim_IM.sys -- (Uim_IM [System | Running])
DRV - [2008/01/21 12:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Boot | Running])
DRV - [2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Boot | Running])
DRV - [2008/01/21 12:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Boot | Running])
DRV - [2008/01/21 12:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Boot | Running])
DRV - [2008/01/21 12:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
DRV - [2007/11/01 11:47:08 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/10/18 09:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://by135w.bay135...mp;n=1295567335
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\S-1-5-21-1754315568-3250660482-3661476359-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.neopets.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/01/13 07:30:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/01 15:20:30 | 00,000,000 | ---D | M]
[2009/01/12 08:21:37 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions
[2009/01/12 08:21:37 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/13 19:01:05 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\k7xswlrd.default\extensions
[2009/01/12 09:08:59 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\k7xswlrd.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/01/12 12:33:47 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\k7xswlrd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/13 19:01:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/13 07:30:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/14 17:07:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/01/13 07:30:02 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/01/13 07:30:02 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/01/13 07:30:02 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/01/13 07:30:03 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/01/13 07:30:03 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/01/13 07:30:11 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/13 07:30:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/13 07:30:11 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/13 07:30:11 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/13 07:30:11 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/13 07:30:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WinInet Class) - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\Windows\ieocx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003..\Run: [Google Update] "C:\Users\Diana\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" ()
O4 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20" -"http://www.neopets.c...0&quality=high" (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/02 10:22:25 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{068fb512-e368-11dd-a73d-001f16435cb1}\Shell - "" = AutoRun
O33 - MountPoints2\{068fb512-e368-11dd-a73d-001f16435cb1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4f07b3b2-f30d-11dd-8ab1-001f16435cb1}\Shell - "" = AutoRun
O33 - MountPoints2\{4f07b3b2-f30d-11dd-8ab1-001f16435cb1}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/05/13 23:38:57 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/13 23:15:30 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/13 20:06:46 | 00,000,000 | ---D | C] -- C:\QUARANTINE
[2009/05/13 19:50:03 | 01,495,552 | ---- | C] (PGP Corporation) -- C:\Windows\System32\epoPGPsdk.dll
[2009/05/13 19:50:03 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/05/13 19:50:03 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/05/13 19:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2009/05/13 19:49:47 | 00,064,360 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2009/05/13 19:49:46 | 00,072,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/05/13 19:49:45 | 00,168,776 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2009/05/13 19:49:45 | 00,052,136 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2009/05/13 19:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/05/13 19:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/05/13 18:45:29 | 00,000,166 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\asd.bat
[2009/05/13 18:44:40 | 00,028,672 | ---- | C] () -- C:\Windows\ieocx.dll
[2009/03/14 23:28:55 | 00,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/14 23:28:55 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/04 08:58:52 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/01/04 07:40:05 | 00,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
[2009/01/04 07:40:03 | 04,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2009/01/04 07:40:03 | 00,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2009/01/04 07:40:03 | 00,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008/06/13 04:59:22 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/05 03:54:12 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
========== Files - Modified Within 30 Days ==========
[2009/05/14 09:07:29 | 00,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/14 09:07:28 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/14 09:07:28 | 00,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/14 09:03:26 | 00,000,286 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/05/14 09:03:13 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/14 09:03:13 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/14 09:03:11 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/14 09:03:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/14 09:03:03 | 20,753,36704 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/13 18:45:29 | 00,000,166 | ---- | M] () -- C:\Users\Diana\AppData\Roaming\asd.bat
[2009/05/13 18:44:40 | 00,028,672 | ---- | M] () -- C:\Windows\ieocx.dll
[2009/05/13 18:11:23 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1754315568-3250660482-3661476359-1003.job
< End of report >
OTListIt logfile created on: 14/05/2009 9:39:08 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = G:\Firefox
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1.93 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.69% Memory free
4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38.66 Gb Total Space | 14.00 Gb Free Space | 36.21% Space Free | Partition Type: NTFS
Drive D: | 9.09 Gb Total Space | 1.68 Gb Free Space | 18.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 30.92 Gb Total Space | 27.49 Gb Free Space | 88.91% Space Free | Partition Type: NTFS
Drive G: | 70.38 Gb Total Space | 47.53 Gb Free Space | 67.53% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DIANA-PC
Current User Name: Diana
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [1999/12/13 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\system32\CTsvcCDA.exe
PRC - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/29 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/29 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/04/26 18:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/01/09 19:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/01/21 12:34:05 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/10/18 09:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe
PRC - [2008/04/18 04:05:10 | 01,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/06/17 23:39:48 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/06/17 23:39:24 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/06/17 23:39:36 | 00,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/06/12 15:17:52 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008/01/21 12:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/05/13 08:10:40 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/09 09:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/16 07:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/05/28 09:14:42 | 00,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2006/11/29 08:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/04 10:30:17 | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2008/01/21 12:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/06/17 23:39:42 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxsrvc.exe
PRC - [2006/11/17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/05/02 09:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/01/21 12:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 12:34:15 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/04/04 04:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2007/09/27 00:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2007/03/16 02:23:20 | 00,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2007/04/19 10:33:54 | 00,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2008/04/12 02:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/01/13 07:30:06 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/18 04:05:20 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/03/24 17:55:30 | 00,083,440 | ---- | M] (Google) -- C:\Users\Diana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2008/04/16 06:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2008/01/21 12:33:22 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2008/01/21 12:34:15 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2009/05/14 09:37:25 | 00,501,248 | ---- | M] (OldTimer Tools) -- G:\Firefox\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/01/21 12:34:44 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/04 04:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [1999/12/13 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\system32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/01/21 12:35:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/24 09:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/04/16 06:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/05/02 09:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2004/10/22 20:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/21 12:35:12 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2006/11/29 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Paused])
SRV - [2006/11/29 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2008/01/21 12:35:13 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/27 07:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/26 18:15:26 | 00,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2007/01/09 19:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2006/04/15 03:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2008/01/21 12:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 12:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/10/18 09:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2008/01/21 12:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Boot | Running])
DRV - [2008/01/21 12:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Boot | Running])
DRV - [2008/01/21 12:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Running])
DRV - [2008/01/21 12:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Boot | Running])
DRV - [2006/11/02 19:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Boot | Running])
DRV - [2008/01/21 12:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Boot | Running])
DRV - [2008/01/21 12:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Boot | Running])
DRV - [2008/01/21 12:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Boot | Running])
DRV - [2008/04/28 04:07:44 | 00,909,824 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\system32\DRIVERS\athr.sys -- (athr [On_Demand | Running])
DRV - [2006/11/02 17:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Stopped])
DRV - [2006/11/02 18:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 18:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 18:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [On_Demand | Stopped])
DRV - [2006/11/02 18:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [On_Demand | Stopped])
DRV - [2006/11/02 18:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2006/11/02 18:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 12:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Boot | Running])
DRV - [2008/06/06 02:58:42 | 00,222,208 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\system32\drivers\CHDRT32.sys -- (CnxtHdAudService [On_Demand | Running])
DRV - [2008/01/21 12:32:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 12:32:48 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Boot | Running])
DRV - [2008/02/14 03:57:38 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3 [Boot | Running])
DRV - [2008/01/21 12:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Boot | Running])
DRV - [2007/06/19 10:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2008/01/21 12:32:48 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2007/11/01 11:51:26 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/11/01 11:47:54 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2008/01/21 12:32:49 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2008/06/13 04:43:16 | 02,381,312 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 19:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Boot | Running])
DRV - [2008/06/05 03:54:22 | 00,113,664 | ---- | M] (Intel® Corporation) -- C:\Windows\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2006/11/02 19:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Boot | Running])
DRV - [2006/11/02 19:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2008/01/21 12:32:49 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Boot | Running])
DRV - [2008/01/21 12:32:51 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Boot | Running])
DRV - [2008/01/21 12:32:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
DRV - [2006/06/19 08:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/01/21 12:32:53 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Boot | Running])
DRV - [2008/01/21 12:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Boot | Running])
DRV - [2006/11/29 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2006/11/29 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2006/11/29 08:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2006/11/29 08:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2006/11/29 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik [Boot | Stopped])
DRV - [2006/11/02 19:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Boot | Running])
DRV - [2006/11/02 19:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Boot | Running])
DRV - [2006/11/02 17:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [On_Demand | Stopped])
DRV - [2006/11/02 17:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvm60x32.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2008/01/21 12:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/01/21 12:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/21 12:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Boot | Running])
DRV - [2006/11/02 19:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Boot | Running])
DRV - [2008/06/11 04:54:36 | 00,123,904 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/06/06 12:01:50 | 00,062,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2007/04/04 11:43:20 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716bus.sys -- (s716bus [On_Demand | Stopped])
DRV - [2007/04/04 11:43:32 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716mdfl.sys -- (s716mdfl [On_Demand | Stopped])
DRV - [2007/04/04 11:43:34 | 00,108,552 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716mdm.sys -- (s716mdm [On_Demand | Stopped])
DRV - [2007/04/04 11:43:34 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716mgmt.sys -- (s716mgmt [On_Demand | Stopped])
DRV - [2007/04/04 11:43:36 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716nd5.sys -- (s716nd5 [On_Demand | Stopped])
DRV - [2007/04/04 11:43:36 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716obex.sys -- (s716obex [On_Demand | Stopped])
DRV - [2007/04/04 11:43:38 | 00,098,952 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s716unic.sys -- (s716unic [On_Demand | Stopped])
DRV - [2006/11/02 16:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 12:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Boot | Running])
DRV - [2006/11/02 19:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Boot | Running])
DRV - [2006/11/02 19:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Boot | Running])
DRV - [2006/11/02 19:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Boot | Running])
DRV - [2008/04/18 04:05:16 | 00,199,344 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/02/14 03:57:38 | 00,032,080 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\system32\DRIVERS\UimBus.sys -- (UimBus [System | Running])
DRV - [2008/02/14 03:57:38 | 00,131,672 | ---- | M] (Paragon) -- C:\Windows\System32\Drivers\Uim_IM.sys -- (Uim_IM [System | Running])
DRV - [2008/01/21 12:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Boot | Running])
DRV - [2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Boot | Running])
DRV - [2008/01/21 12:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Boot | Running])
DRV - [2008/01/21 12:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Boot | Running])
DRV - [2008/01/21 12:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
DRV - [2007/11/01 11:47:08 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/10/18 09:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://by135w.bay135...mp;n=1295567335
IE - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\S-1-5-21-1754315568-3250660482-3661476359-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.neopets.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/01/13 07:30:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/01 15:20:30 | 00,000,000 | ---D | M]
[2009/01/12 08:21:37 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions
[2009/01/12 08:21:37 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/13 19:01:05 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\k7xswlrd.default\extensions
[2009/01/12 09:08:59 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\k7xswlrd.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/01/12 12:33:47 | 00,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\k7xswlrd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/13 19:01:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/13 07:30:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/14 17:07:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/01/13 07:30:02 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/01/13 07:30:02 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/01/13 07:30:02 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/01/13 07:30:03 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/01/13 07:30:03 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/01/13 07:30:11 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/13 07:30:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/13 07:30:11 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/13 07:30:11 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/13 07:30:11 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/13 07:30:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WinInet Class) - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\Windows\ieocx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003..\Run: [Google Update] "C:\Users\Diana\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" ()
O4 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20" -"http://www.neopets.c...0&quality=high" (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1754315568-3250660482-3661476359-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/02 10:22:25 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{068fb512-e368-11dd-a73d-001f16435cb1}\Shell - "" = AutoRun
O33 - MountPoints2\{068fb512-e368-11dd-a73d-001f16435cb1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4f07b3b2-f30d-11dd-8ab1-001f16435cb1}\Shell - "" = AutoRun
O33 - MountPoints2\{4f07b3b2-f30d-11dd-8ab1-001f16435cb1}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/05/13 23:38:57 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/13 23:15:30 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/13 20:06:46 | 00,000,000 | ---D | C] -- C:\QUARANTINE
[2009/05/13 19:50:03 | 01,495,552 | ---- | C] (PGP Corporation) -- C:\Windows\System32\epoPGPsdk.dll
[2009/05/13 19:50:03 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/05/13 19:50:03 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/05/13 19:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2009/05/13 19:49:47 | 00,064,360 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2009/05/13 19:49:46 | 00,072,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/05/13 19:49:45 | 00,168,776 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2009/05/13 19:49:45 | 00,052,136 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2009/05/13 19:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/05/13 19:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/05/13 18:45:29 | 00,000,166 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\asd.bat
[2009/05/13 18:44:40 | 00,028,672 | ---- | C] () -- C:\Windows\ieocx.dll
[2009/03/14 23:28:55 | 00,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/14 23:28:55 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/04 08:58:52 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/01/04 07:40:05 | 00,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
[2009/01/04 07:40:03 | 04,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2009/01/04 07:40:03 | 00,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2009/01/04 07:40:03 | 00,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008/06/13 04:59:22 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/05 03:54:12 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
========== Files - Modified Within 30 Days ==========
[2009/05/14 09:07:29 | 00,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/14 09:07:28 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/14 09:07:28 | 00,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/14 09:03:26 | 00,000,286 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/05/14 09:03:13 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/14 09:03:13 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/14 09:03:11 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/14 09:03:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/14 09:03:03 | 20,753,36704 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/13 18:45:29 | 00,000,166 | ---- | M] () -- C:\Users\Diana\AppData\Roaming\asd.bat
[2009/05/13 18:44:40 | 00,028,672 | ---- | M] () -- C:\Windows\ieocx.dll
[2009/05/13 18:11:23 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1754315568-3250660482-3661476359-1003.job
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
