Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Picked up a trojan today

Started by richclan , Oct 03 2009 01:35 PM

  • Please log in to reply

#1
richclan
Posted 03 October 2009 - 01:35 PM

richclan

    Member

  • Member
  • PipPipPip
  • 187 posts
here you go, see if i got it all out. thanks in advance

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/03 15:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB761F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79D3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6B90000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF741E000 Size: 81920 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb78408d0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb783d6e0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784a490

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb7840e90

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb7847c80

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb7847e90

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784bd50

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb7840f80

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb783dc70

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784ad10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784aac0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb7847600

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784b230

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784b2b0

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb783dad0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb78494f0

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb78492b0

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784b970

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784b3d0

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb78404f0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784b7c0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb7840aa0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb783dea0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb784a800

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb7848580

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb7848400

==EOF==


OTL logfile created on: 10/3/2009 3:18:22 PM - Run 1
OTL by OldTimer - Version 3.0.18.1 Folder = C:\Documents and Settings\Charles Carey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.92% Memory free
2.60 Gb Paging File | 2.19 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 87.38 Gb Free Space | 58.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 39.10 Mb Total Space | 32.45 Mb Free Space | 83.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Charles Carey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/12/11 20:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2005/06/08 17:32:44 | 00,958,545 | ---- | M] (Belkin Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2002/04/11 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe
PRC - [2001/12/12 20:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/05/27 21:05:42 | 00,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/03/26 18:19:10 | 00,045,056 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
PRC - [2003/01/13 11:19:26 | 00,757,760 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
PRC - [2003/08/29 04:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2008/07/19 10:58:07 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2004/04/14 14:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/03/18 09:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- C:\Logitech\Keyboard\iTouch\iTouch.exe
PRC - [2006/12/14 17:18:34 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 17:13:15 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/29 17:13:05 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
PRC - [1999/12/12 21:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2008/05/16 15:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/11/18 14:36:06 | 00,278,528 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE
PRC - [2009/03/21 14:52:15 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2003/02/27 07:04:04 | 00,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/06/08 17:32:42 | 00,778,318 | ---- | M] (Belkin Corporation) -- C:\WINDOWS\System32\wltray.exe
PRC - [2008/11/13 16:18:56 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/03/25 12:31:34 | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2009/06/03 08:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/11/13 16:18:56 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2003/02/26 08:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/07/19 16:26:28 | 00,466,944 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
PRC - [2006/01/22 18:30:16 | 00,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2002/08/29 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2009/10/03 15:10:16 | 00,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Carey\Desktop\OTL.exe
PRC - [2009/09/10 17:09:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/29 17:13:15 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/29 17:13:05 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2002/04/11 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 21:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - File not found -- -- (LBTServ [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/05/16 15:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/03/21 14:52:15 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - File not found -- -- (SNMPTRAP [On_Demand | Stopped])
SRV - [2009/06/03 08:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running])
SRV - [2008/11/13 16:18:56 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2004/12/11 20:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - File not found -- -- (x10nets [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2003/02/27 18:36:04 | 00,090,852 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/05/29 10:11:55 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2009/05/29 10:12:02 | 00,052,056 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2004/12/11 16:28:20 | 00,371,584 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Stopped])
DRV - [2009/05/01 17:03:38 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2009/05/01 17:03:38 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2003/10/28 16:17:52 | 00,005,273 | ---- | M] (Arrowkey) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC [Auto | Running])
DRV - [2003/01/13 11:19:26 | 00,249,344 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/03/18 15:55:04 | 00,046,248 | ---- | M] (Crescentec Corporation) -- C:\WINDOWS\System32\Drivers\CsMini20.sys -- (DCamUSB20 [On_Demand | Stopped])
DRV - [2003/01/17 21:36:02 | 00,424,127 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\snyucam4.sys -- (DCamUSBSony4 [On_Demand | Stopped])
DRV - [2003/01/13 11:19:26 | 00,021,654 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2006/06/16 10:38:54 | 00,003,968 | ---- | M] () -- C:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver [System | Running])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2004/03/10 13:42:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Stopped])
DRV - [2007/01/23 16:44:00 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2007/01/23 16:45:00 | 00,034,576 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Stopped])
DRV - [2006/05/10 09:56:26 | 00,036,736 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])
DRV - [2007/01/23 16:45:00 | 00,033,296 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Stopped])
DRV - [2007/01/23 16:45:00 | 00,028,176 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Stopped])
DRV - [2003/01/13 11:19:26 | 00,022,758 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009/08/11 14:43:50 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
DRV - [2008/05/16 15:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2004/02/22 07:34:48 | 00,034,528 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2002/11/11 17:52:58 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2003/05/15 19:41:16 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Stopped])
DRV - [2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/01/13 11:19:26 | 00,118,422 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2009/05/01 17:03:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008/04/21 08:19:58 | 00,051,648 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/11/27 15:10:34 | 00,013,312 | ---- | M] (TunePat.com) -- C:\WINDOWS\system32\DRIVERS\tpcdrdrv.sys -- (tpcdrdrv [Boot | Running])
DRV - [2009/03/20 12:51:31 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2003/01/13 11:19:26 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2002/11/05 16:56:48 | 00,012,692 | ---- | M] () -- C:\WINDOWS\System32\Drivers\cresscan.sys -- (Usb20Scan [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 14:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/11/13 16:19:00 | 00,353,680 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2005/03/02 15:26:02 | 00,018,560 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys -- (XUIF [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.c...wMessage?msg=51
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.affordablevacuum.com/"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.2.48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/24 11:06:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 17:10:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 17:10:01 | 00,000,000 | ---D | M]

[2009/08/04 13:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Extensions
[2008/08/27 10:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/04 13:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Extensions\[email protected]
[2009/10/03 14:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Firefox\Profiles\4kv8080x.default\extensions
[2009/04/29 16:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Firefox\Profiles\4kv8080x.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/02/07 12:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Firefox\Profiles\4kv8080x.default\extensions\{DEDDA510-573D-44d9-BF81-F85C3FA1FE54}(2)
[2008/02/07 12:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Firefox\Profiles\4kv8080x.default\extensions\temp
[2009/10/03 14:17:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 17:10:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/07 12:48:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/07 12:48:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/07 12:48:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/03/24 11:06:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/23 10:15:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2008/02/07 12:48:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla(2).org
[2009/09/10 17:09:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 17:09:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/10 17:09:58 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2003/05/15 00:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/12/14 17:19:09 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2002/09/27 08:59:00 | 00,090,112 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NpPopup.dll
[2006/11/14 13:02:23 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2006/11/14 13:02:23 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2006/11/14 13:02:23 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2006/11/14 13:02:24 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2006/11/14 13:02:24 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/11/14 13:02:24 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2006/11/14 13:02:24 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/12/14 17:19:27 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/12/14 17:18:47 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/23 14:14:11 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/23 14:14:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/23 14:14:11 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/23 14:14:11 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/23 14:14:11 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/23 14:14:11 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/23 14:14:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD_SRT] C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [wltray.exe] C:\WINDOWS\System32\wltray.exe (Belkin Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Logitech\Keyboard\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Charles Carey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...ry/msgrchkr.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.us.de...iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab28578.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://pcpitstop.com...cpConnCheck.cab (iCC Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237564647125 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...StatsClient.cab (MessengerStatsClient Class)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} http://toolbar.googl...gleActivate.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://messenger.zon...ry/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.../20/SassCln.CAB (SassCln Object)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab28578.cab (ZoneIntro Class)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://www.imgag.com...tall/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab28578.cab (CBreakshotControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...aploader_v5.cab (Reg Error: Key error.)
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} http://www.shockwave...ownloadCtrl.cab (BTDownloadCtrl Control)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...ireShowdown.cab (Solitaire Showdown Class)
O16 - DPF: DirectAnimation Java Classes file://c:\I386\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://c:\I386\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/03/07 04:38:16 | 00,000,184 | RH-- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2003/04/15 15:49:10 | 00,000,398 | ---- | M] () - F:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2003/04/15 15:49:10 | 00,000,398 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - Service key not found. File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/03 15:00:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/03 15:00:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charles Carey\Application Data\Malwarebytes
[2009/10/03 14:58:50 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/03 15:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/03 15:10:16 | 00,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charles Carey\Desktop\OTL.exe
[2009/10/03 15:09:48 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Charles Carey\Desktop\RootRepeal.exe
[2009/10/03 15:06:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charles Carey\Desktop\backups
[2009/10/03 15:00:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/03 15:00:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/03 14:59:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/03 14:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charles Carey\Desktop\MALWARE REMOVERS
[2009/09/10 10:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charles Carey\Desktop\benz
[2009/09/10 10:37:26 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/09/10 10:37:25 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2007/05/19 11:48:29 | 00,019,080 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\smimb.sys

========== Files - Modified Within 30 Days ==========

[2009/10/03 15:10:16 | 00,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Carey\Desktop\OTL.exe
[2009/10/03 15:09:48 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Charles Carey\Desktop\RootRepeal.exe
[2009/10/03 14:58:54 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Charles Carey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/03 14:58:31 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/03 14:58:30 | 00,348,373 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/03 14:57:54 | 00,181,572 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/03 14:57:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/03 14:57:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/03 14:57:38 | 21,464,88320 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/03 14:33:41 | 00,000,093 | ---- | M] () -- C:\Documents and Settings\Charles Carey\Application Data\AVSMediaPlayer.m3u
[2009/10/02 12:49:36 | 00,506,357 | ---- | M] () -- C:\Documents and Settings\Charles Carey\Desktop\TI_Canisters_UptoS600.pdf
[2009/10/02 11:05:00 | 00,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/02 11:04:51 | 00,202,448 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/09/29 14:41:15 | 00,000,774 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/29 14:41:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/09/29 14:41:15 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/23 10:18:19 | 00,217,412 | ---- | M] () -- C:\Documents and Settings\Charles Carey\My Documents\creditreport.PDF
[2009/09/15 19:39:02 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Charles Carey\My Documents\Business Sal1.doc
[2009/09/11 11:46:00 | 03,672,956 | ---- | M] () -- C:\Documents and Settings\Charles Carey\My Documents\ticket.pdf
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/03 14:58:54 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/02 12:49:34 | 00,506,357 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Desktop\TI_Canisters_UptoS600.pdf
[2009/09/23 10:18:18 | 00,217,412 | ---- | C] () -- C:\Documents and Settings\Charles Carey\My Documents\creditreport.PDF
[2009/09/15 16:04:49 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Charles Carey\My Documents\Business Sal1.doc
[2009/09/11 11:45:48 | 03,672,956 | ---- | C] () -- C:\Documents and Settings\Charles Carey\My Documents\ticket.pdf
[2009/06/11 12:46:51 | 00,000,093 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\AVSMediaPlayer.m3u
[2009/06/11 11:19:31 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/11 11:19:31 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 11:44:56 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\PFP110JPR.{PB
[2009/01/08 11:44:56 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\PFP110JCM.{PB
[2008/05/21 13:54:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/01 13:06:55 | 00,003,078 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2007/07/26 17:39:03 | 00,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/06/15 12:56:45 | 02,602,564 | -H-- | C] () -- C:\Documents and Settings\Charles Carey\Local Settings\Application Data\IconCache.db
[2007/04/21 13:58:20 | 00,000,791 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2007/01/02 17:07:02 | 00,000,262 | ---- | C] () -- C:\WINDOWS\game.ini
[2006/10/11 13:14:38 | 00,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/18 11:36:27 | 00,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2006/09/08 16:10:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/08 11:44:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/09/08 11:43:08 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/09/08 11:42:11 | 00,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/09/08 11:42:11 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/09/08 11:41:42 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/09/08 11:39:51 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/08 11:36:12 | 00,000,347 | ---- | C] () -- C:\WINDOWS\BRPfX04A.INI
[2006/09/08 11:36:11 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/09/08 11:36:02 | 00,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/09/08 11:36:01 | 00,000,459 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/08/25 18:14:58 | 00,000,709 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/08/22 20:46:35 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/08/22 20:24:23 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/06/01 18:22:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 18:22:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 18:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 18:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 18:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 18:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/07/17 18:43:44 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/07/17 18:43:43 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2004/12/25 12:50:29 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/12/05 08:49:59 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Local Settings\Application Data\fusioncache.dat
[2004/07/18 17:02:06 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/07/18 17:02:06 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/07/18 17:02:06 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/07/01 10:46:55 | 00,000,040 | ---- | C] () -- C:\WINDOWS\MUMMY.INI
[2004/06/22 10:50:24 | 00,000,452 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/06/03 19:14:46 | 00,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2004/06/02 20:00:06 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/05/05 18:51:29 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/02 19:00:48 | 00,000,150 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/04/12 14:49:59 | 00,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/02/21 15:36:02 | 00,000,429 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/12/30 09:49:34 | 00,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2003/11/08 17:05:58 | 00,000,630 | ---- | C] () -- C:\WINDOWS\KA.INI
[2003/11/02 07:45:40 | 00,127,808 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\GDIPFONTCACHEV1.DAT
[2003/10/04 10:51:13 | 00,000,077 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2003/10/04 09:53:55 | 00,000,067 | ---- | C] () -- C:\WINDOWS\PLAY-DOH.INI
[2003/10/03 18:43:47 | 00,000,095 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2003/09/27 20:27:12 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/09/27 19:17:52 | 00,001,946 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/08/16 07:15:46 | 00,001,089 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/08/15 17:24:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/08/11 20:42:19 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/11 19:05:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/11 17:33:00 | 00,000,534 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/08/11 17:32:54 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/11 17:26:51 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3g.DLL
[2003/08/11 17:25:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\DESKTOP.INI
[2003/08/11 17:25:05 | 00,130,152 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/08/08 13:21:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/08 13:20:13 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/08 13:16:26 | 00,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/08 13:16:26 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/08 13:10:40 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/08 12:59:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/08 12:49:42 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/26 15:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2003/01/13 15:21:58 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/18 22:48:40 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\cresvfw.dll
[2002/11/05 16:56:48 | 00,099,672 | ---- | C] () -- C:\WINDOWS\dibapi32.dll
[2002/11/05 16:56:48 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\preview.dll
[2002/11/05 16:56:48 | 00,012,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\cresscan.sys
[2002/09/03 09:59:58 | 00,000,774 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 09:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 09:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2000/06/21 17:46:28 | 01,489,152 | R--- | M] (Microsoft Corporation) -- C:\INSTMSI.EXE
[2000/06/21 17:46:30 | 01,499,904 | R--- | M] (Microsoft Corporation) -- C:\INSTMSIW.EXE
[2001/02/28 13:14:46 | 00,476,576 | R--- | M] (Microsoft Corporation) -- C:\SETUP.EXE

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A14D0C2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
< End of report >

OTL logfile created on: 10/3/2009 3:18:22 PM - Run 1
OTL by OldTimer - Version 3.0.18.1 Folder = C:\Documents and Settings\Charles Carey\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.92% Memory free
2.60 Gb Paging File | 2.19 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 87.38 Gb Free Space | 58.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 39.10 Mb Total Space | 32.45 Mb Free Space | 83.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Charles Carey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/12/11 20:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2005/06/08 17:32:44 | 00,958,545 | ---- | M] (Belkin Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2002/04/11 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe
PRC - [2001/12/12 20:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/05/27 21:05:42 | 00,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/03/26 18:19:10 | 00,045,056 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
PRC - [2003/01/13 11:19:26 | 00,757,760 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
PRC - [2003/08/29 04:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2008/07/19 10:58:07 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2004/04/14 14:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/03/18 09:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- C:\Logitech\Keyboard\iTouch\iTouch.exe
PRC - [2006/12/14 17:18:34 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 17:13:15 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/29 17:13:05 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
PRC - [1999/12/12 21:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2008/05/16 15:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/11/18 14:36:06 | 00,278,528 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE
PRC - [2009/03/21 14:52:15 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2003/02/27 07:04:04 | 00,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/06/08 17:32:42 | 00,778,318 | ---- | M] (Belkin Corporation) -- C:\WINDOWS\System32\wltray.exe
PRC - [2008/11/13 16:18:56 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/03/25 12:31:34 | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2009/06/03 08:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/11/13 16:18:56 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2003/02/26 08:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/07/19 16:26:28 | 00,466,944 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
PRC - [2006/01/22 18:30:16 | 00,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2002/08/29 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2009/10/03 15:10:16 | 00,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Carey\Desktop\OTL.exe
PRC - [2009/09/10 17:09:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/29 17:13:15 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/29 17:13:05 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2002/04/11 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 21:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - File not found -- -- (LBTServ [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/05/16 15:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/03/21 14:52:15 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - File not found -- -- (SNMPTRAP [On_Demand | Stopped])
SRV - [2009/06/03 08:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running])
SRV - [2008/11/13 16:18:56 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2004/12/11 20:28:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - File not found -- -- (x10nets [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2003/02/27 18:36:04 | 00,090,852 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/05/29 10:11:55 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2009/05/29 10:12:02 | 00,052,056 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2004/12/11 16:28:20 | 00,371,584 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Stopped])
DRV - [2009/05/01 17:03:38 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2009/05/01 17:03:38 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2003/10/28 16:17:52 | 00,005,273 | ---- | M] (Arrowkey) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC [Auto | Running])
DRV - [2003/01/13 11:19:26 | 00,249,344 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2003/03/18 15:55:04 | 00,046,248 | ---- | M] (Crescentec Corporation) -- C:\WINDOWS\System32\Drivers\CsMini20.sys -- (DCamUSB20 [On_Demand | Stopped])
DRV - [2003/01/17 21:36:02 | 00,424,127 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\snyucam4.sys -- (DCamUSBSony4 [On_Demand | Stopped])
DRV - [2003/01/13 11:19:26 | 00,021,654 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2006/06/16 10:38:54 | 00,003,968 | ---- | M] () -- C:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver [System | Running])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2004/03/10 13:42:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Stopped])
DRV - [2007/01/23 16:44:00 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2007/01/23 16:45:00 | 00,034,576 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Stopped])
DRV - [2006/05/10 09:56:26 | 00,036,736 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])
DRV - [2007/01/23 16:45:00 | 00,033,296 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Stopped])
DRV - [2007/01/23 16:45:00 | 00,028,176 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Stopped])
DRV - [2003/01/13 11:19:26 | 00,022,758 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009/08/11 14:43:50 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
DRV - [2008/05/16 15:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2004/02/22 07:34:48 | 00,034,528 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2002/11/11 17:52:58 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2003/05/15 19:41:16 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Stopped])
DRV - [2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/01/13 11:19:26 | 00,118,422 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2009/05/01 17:03:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008/04/21 08:19:58 | 00,051,648 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/11/27 15:10:34 | 00,013,312 | ---- | M] (TunePat.com) -- C:\WINDOWS\system32\DRIVERS\tpcdrdrv.sys -- (tpcdrdrv [Boot | Running])
DRV - [2009/03/20 12:51:31 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2003/01/13 11:19:26 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2002/11/05 16:56:48 | 00,012,692 | ---- | M] () -- C:\WINDOWS\System32\Drivers\cresscan.sys -- (Usb20Scan [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 14:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/11/13 16:19:00 | 00,353,680 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2005/03/02 15:26:02 | 00,018,560 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys -- (XUIF [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.c...wMessage?msg=51
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.affordablevacuum.com/"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.2.48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/24 11:06:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 17:10:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 17:10:01 | 00,000,000 | ---D | M]

[2009/08/04 13:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Extensions
[2008/08/27 10:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/04 13:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Extensions\[email protected]
[2009/10/03 14:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Firefox\Profiles\4kv8080x.default\extensions
[2009/04/29 16:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Firefox\Profiles\4kv8080x.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/02/07 12:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Firefox\Profiles\4kv8080x.default\extensions\{DEDDA510-573D-44d9-BF81-F85C3FA1FE54}(2)
[2008/02/07 12:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charles Carey\Application Data\mozilla\Firefox\Profiles\4kv8080x.default\extensions\temp
[2009/10/03 14:17:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 17:10:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/07 12:48:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/07 12:48:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/07 12:48:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/03/24 11:06:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/23 10:15:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2008/02/07 12:48:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla(2).org
[2009/09/10 17:09:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 17:09:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/10 17:09:58 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2003/05/15 00:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/12/14 17:19:09 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2002/09/27 08:59:00 | 00,090,112 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NpPopup.dll
[2006/11/14 13:02:23 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2006/11/14 13:02:23 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2006/11/14 13:02:23 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2006/11/14 13:02:24 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2006/11/14 13:02:24 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/11/14 13:02:24 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2006/11/14 13:02:24 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/12/14 17:19:27 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/12/14 17:18:47 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/23 14:14:11 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/23 14:14:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/23 14:14:11 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/23 14:14:11 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/23 14:14:11 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/23 14:14:11 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/23 14:14:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD_SRT] C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [wltray.exe] C:\WINDOWS\System32\wltray.exe (Belkin Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Logitech\Keyboard\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Charles Carey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...ry/msgrchkr.cab (Checkers Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.us.de...iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab28578.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://pcpitstop.com...cpConnCheck.cab (iCC Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237564647125 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...StatsClient.cab (MessengerStatsClient Class)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} http://toolbar.googl...gleActivate.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://messenger.zon...ry/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.../20/SassCln.CAB (SassCln Object)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab28578.cab (ZoneIntro Class)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://www.imgag.com...tall/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab28578.cab (CBreakshotControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...aploader_v5.cab (Reg Error: Key error.)
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} http://www.shockwave...ownloadCtrl.cab (BTDownloadCtrl Control)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...ireShowdown.cab (Solitaire Showdown Class)
O16 - DPF: DirectAnimation Java Classes file://c:\I386\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://c:\I386\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/03/07 04:38:16 | 00,000,184 | RH-- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2003/04/15 15:49:10 | 00,000,398 | ---- | M] () - F:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2003/04/15 15:49:10 | 00,000,398 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - Service key not found. File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/03 15:00:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/03 15:00:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charles Carey\Application Data\Malwarebytes
[2009/10/03 14:58:50 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/03 15:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/03 15:10:16 | 00,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charles Carey\Desktop\OTL.exe
[2009/10/03 15:09:48 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Charles Carey\Desktop\RootRepeal.exe
[2009/10/03 15:06:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charles Carey\Desktop\backups
[2009/10/03 15:00:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/03 15:00:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/03 14:59:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/03 14:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charles Carey\Desktop\MALWARE REMOVERS
[2009/09/10 10:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charles Carey\Desktop\benz
[2009/09/10 10:37:26 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/09/10 10:37:25 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2007/05/19 11:48:29 | 00,019,080 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\smimb.sys

========== Files - Modified Within 30 Days ==========

[2009/10/03 15:10:16 | 00,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Carey\Desktop\OTL.exe
[2009/10/03 15:09:48 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Charles Carey\Desktop\RootRepeal.exe
[2009/10/03 14:58:54 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Charles Carey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/03 14:58:31 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/03 14:58:30 | 00,348,373 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/03 14:57:54 | 00,181,572 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/03 14:57:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/03 14:57:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/03 14:57:38 | 21,464,88320 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/03 14:33:41 | 00,000,093 | ---- | M] () -- C:\Documents and Settings\Charles Carey\Application Data\AVSMediaPlayer.m3u
[2009/10/02 12:49:36 | 00,506,357 | ---- | M] () -- C:\Documents and Settings\Charles Carey\Desktop\TI_Canisters_UptoS600.pdf
[2009/10/02 11:05:00 | 00,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/02 11:04:51 | 00,202,448 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/09/29 14:41:15 | 00,000,774 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/29 14:41:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/09/29 14:41:15 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/23 10:18:19 | 00,217,412 | ---- | M] () -- C:\Documents and Settings\Charles Carey\My Documents\creditreport.PDF
[2009/09/15 19:39:02 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Charles Carey\My Documents\Business Sal1.doc
[2009/09/11 11:46:00 | 03,672,956 | ---- | M] () -- C:\Documents and Settings\Charles Carey\My Documents\ticket.pdf
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/03 14:58:54 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/02 12:49:34 | 00,506,357 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Desktop\TI_Canisters_UptoS600.pdf
[2009/09/23 10:18:18 | 00,217,412 | ---- | C] () -- C:\Documents and Settings\Charles Carey\My Documents\creditreport.PDF
[2009/09/15 16:04:49 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Charles Carey\My Documents\Business Sal1.doc
[2009/09/11 11:45:48 | 03,672,956 | ---- | C] () -- C:\Documents and Settings\Charles Carey\My Documents\ticket.pdf
[2009/06/11 12:46:51 | 00,000,093 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\AVSMediaPlayer.m3u
[2009/06/11 11:19:31 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/11 11:19:31 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 11:44:56 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\PFP110JPR.{PB
[2009/01/08 11:44:56 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\PFP110JCM.{PB
[2008/05/21 13:54:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/01 13:06:55 | 00,003,078 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2007/07/26 17:39:03 | 00,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/06/15 12:56:45 | 02,602,564 | -H-- | C] () -- C:\Documents and Settings\Charles Carey\Local Settings\Application Data\IconCache.db
[2007/04/21 13:58:20 | 00,000,791 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2007/01/02 17:07:02 | 00,000,262 | ---- | C] () -- C:\WINDOWS\game.ini
[2006/10/11 13:14:38 | 00,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/18 11:36:27 | 00,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2006/09/08 16:10:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/08 11:44:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/09/08 11:43:08 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/09/08 11:42:11 | 00,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/09/08 11:42:11 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/09/08 11:41:42 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/09/08 11:39:51 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/08 11:36:12 | 00,000,347 | ---- | C] () -- C:\WINDOWS\BRPfX04A.INI
[2006/09/08 11:36:11 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/09/08 11:36:02 | 00,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/09/08 11:36:01 | 00,000,459 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/08/25 18:14:58 | 00,000,709 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2006/08/22 20:46:35 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/08/22 20:24:23 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/06/01 18:22:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 18:22:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 18:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 18:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 18:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 18:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/07/17 18:43:44 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/07/17 18:43:43 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2004/12/25 12:50:29 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/12/05 08:49:59 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Local Settings\Application Data\fusioncache.dat
[2004/07/18 17:02:06 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/07/18 17:02:06 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/07/18 17:02:06 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/07/01 10:46:55 | 00,000,040 | ---- | C] () -- C:\WINDOWS\MUMMY.INI
[2004/06/22 10:50:24 | 00,000,452 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/06/03 19:14:46 | 00,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2004/06/02 20:00:06 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/05/05 18:51:29 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/02 19:00:48 | 00,000,150 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/04/12 14:49:59 | 00,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/02/21 15:36:02 | 00,000,429 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/12/30 09:49:34 | 00,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2003/11/08 17:05:58 | 00,000,630 | ---- | C] () -- C:\WINDOWS\KA.INI
[2003/11/02 07:45:40 | 00,127,808 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\GDIPFONTCACHEV1.DAT
[2003/10/04 10:51:13 | 00,000,077 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2003/10/04 09:53:55 | 00,000,067 | ---- | C] () -- C:\WINDOWS\PLAY-DOH.INI
[2003/10/03 18:43:47 | 00,000,095 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2003/09/27 20:27:12 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/09/27 19:17:52 | 00,001,946 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/08/16 07:15:46 | 00,001,089 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/08/15 17:24:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/08/11 20:42:19 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/11 19:05:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/11 17:33:00 | 00,000,534 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/08/11 17:32:54 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/11 17:26:51 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3g.DLL
[2003/08/11 17:25:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Charles Carey\Application Data\DESKTOP.INI
[2003/08/11 17:25:05 | 00,130,152 | ---- | C] () -- C:\Documents and Settings\Charles Carey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/08/08 13:21:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/08 13:20:13 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/08/08 13:16:26 | 00,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/08 13:16:26 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/08 13:10:40 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/08 12:59:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/08 12:49:42 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/26 15:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2003/01/13 15:21:58 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/18 22:48:40 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\cresvfw.dll
[2002/11/05 16:56:48 | 00,099,672 | ---- | C] () -- C:\WINDOWS\dibapi32.dll
[2002/11/05 16:56:48 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\preview.dll
[2002/11/05 16:56:48 | 00,012,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\cresscan.sys
[2002/09/03 09:59:58 | 00,000,774 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 09:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 09:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2000/06/21 17:46:28 | 01,489,152 | R--- | M] (Microsoft Corporation) -- C:\INSTMSI.EXE
[2000/06/21 17:46:30 | 01,499,904 | R--- | M] (Microsoft Corporation) -- C:\INSTMSIW.EXE
[2001/02/28 13:14:46 | 00,476,576 | R--- | M] (Microsoft Corporation) -- C:\SETUP.EXE

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A14D0C2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP