[code] OTScanIt2 logfile created on: 1/2/2009 6:51:55 PM - Run 1 OTScanIt2 by OldTimer - Version 1.0.4.2 Folder = C:\Documents and Settings\Owner.DANIEL\Desktop\OTScanIt2 Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 68.27% Memory free 3.72 Gb Paging File | 3.24 Gb Available in Paging File | 86.97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228.75 Gb Total Space | 202.20 Gb Free Space | 88.39% Space Free | Partition Type: NTFS Drive D: | 4.12 Gb Total Space | 2.39 Gb Free Space | 57.89% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DANIEL Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> [2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH) aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 23:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/08/05 23:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) groove.exe -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE -> [2007/08/28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) groovemonitor.exe -> %ProgramFiles%\Microsoft Office\Office12\GrooveMonitor.exe -> [2007/08/24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) hotsync.exe -> %ProgramFiles%\Palm\Hotsync.exe -> [2004/06/09 14:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) hpobnz08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> [2003/04/05 23:37:10 | 00,323,646 | ---- | M] (Hewlett-Packard Co.) hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> [2003/04/05 23:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> [2003/04/05 23:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.) hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/06 00:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) mbackmonitor.exe -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> [2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) mcafeedatabackup.exe -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe -> [2007/01/16 12:59:50 | 04,838,952 | ---- | M] (McAfee) mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/29 14:23:14 | 00,477,696 | ---- | M] (OldTimer Tools) prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> [2006/05/12 16:08:48 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2006/05/12 16:06:53 | 00,098,304 | ---- | M] (Apple Computer, Inc.) readericon45g.exe -> %ProgramFiles%\Digital Media Reader\readericon45G.exe -> [2005/12/09 20:44:40 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2007/07/17 21:49:04 | 00,185,896 | ---- | M] (RealNetworks, Inc.) soundman.exe -> %SystemRoot%\soundman.exe -> [2005/09/26 17:07:00 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) usnsvc.exe -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> [2001/08/16 22:41:58 | 00,028,738 | ---- | M] (Microsoft® Corporation) wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> [2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH) (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) (ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (MBackMonitor) MBackMonitor [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> [2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) (McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) (MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\mhn.dll -> [2004/08/10 14:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) (Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft Office\Office12\GrooveAuditService.exe -> [2007/08/24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> [2005/09/18 10:32:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) (PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> [2006/05/12 16:08:48 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) (WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> [2005/09/23 16:26:40 | 01,094,751 | ---- | M] (Agere Systems) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> [2005/09/26 17:07:00 | 03,644,800 | ---- | M] (Realtek Semiconductor Corp.) (AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2005/03/09 17:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) (asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> [2007/02/22 23:29:52 | 00,002,432 | ---- | M] (Sonic Solutions) (Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> [2007/02/22 23:29:52 | 00,002,560 | ---- | M] (Sonic Solutions) (CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) (dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hpzid412.sys -> [2003/03/09 15:31:00 | 00,051,024 | R--- | M] (HP) (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2003/03/09 15:31:02 | 00,016,080 | R--- | M] (HP) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2003/03/09 15:31:02 | 00,021,456 | ---- | M] (HP) (MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mcstrm.sys -> [2006/08/13 08:53:39 | 00,008,413 | ---- | M] (RealNetworks, Inc.) (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) (MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) (mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) (mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mxnic.sys -> [2001/08/17 15:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2005/09/18 10:32:00 | 03,493,984 | ---- | M] (NVIDIA Corporation) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2005/07/29 19:11:02 | 00,034,048 | ---- | M] (NVIDIA Corporation) (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2005/07/29 19:11:04 | 00,012,928 | ---- | M] (NVIDIA Corporation) (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> [2006/12/17 19:03:04 | 00,016,694 | ---- | M] (PalmSource, Inc.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2007/08/15 17:33:10 | 00,043,528 | ---- | M] (Sonic Solutions) (ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) (ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) (Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) (symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) (symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) (sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) (sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) (ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) (USBCM) Scientific-Atlanta USB Cable Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\639599.sys -> [2005/03/06 18:52:20 | 00,015,429 | R--- | M] ( ) (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) (WlanUIG) 2Wire 802.11g USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WlanUIG.sys -> [2004/05/16 19:46:15 | 00,347,648 | R--- | M] ( ) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com/ -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Default_page_URL" -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5082 -> HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.google.com -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5082 -> HKEY_USERS\.DEFAULT\: SearchURL\\"provider" -> gogl -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Default_page_URL" -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5082 -> HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.google.com -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5082 -> HKEY_USERS\S-1-5-18\: SearchURL\\"provider" -> gogl -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\] > -> -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\: Main\\"Page_Transitions" -> -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\: Main\\"Start Page" -> http://www.msn.com/ -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Owner.DANIEL\Application Data\Mozilla\FireFox\Profiles\ot3xt83w.default\prefs.js -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage_override.mstone -> "rv:1.9.0.5" -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 -> < HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2007/08/24 06:01:22 | 02,212,224 | ---- | M] (Microsoft Corporation) {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2007/11/09 11:09:08 | 00,058,688 | ---- | M] (McAfee, Inc.) {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 09:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\] > -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/05 23:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) "GrooveMonitor" -> %ProgramFiles%\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2007/08/24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) "MBkLogOnHook" -> %ProgramFiles%\McAfee\MBK\LogonHook.exe [C:\Program Files\McAfee\MBK\LogOnHook.exe] -> [2007/01/08 10:22:46 | 00,020,480 | ---- | M] (McAfee) "McAfee Backup" -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe] -> [2007/01/16 12:59:50 | 04,838,952 | ---- | M] (McAfee) "mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) "Microsoft Works Update Detection" -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> [2001/08/16 22:41:58 | 00,028,738 | ---- | M] (Microsoft® Corporation) "MSKDetectorExe" -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> File not found "NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2005/09/18 10:32:00 | 07,204,864 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2005/09/18 10:32:00 | 00,086,016 | ---- | M] (NVIDIA Corporation) "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2005/09/18 10:32:00 | 01,519,616 | ---- | M] () "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/05/12 16:06:53 | 00,098,304 | ---- | M] (Apple Computer, Inc.) "readericon" -> %ProgramFiles%\Digital Media Reader\readericon45G.exe [C:\Program Files\Digital Media Reader\readericon45G.exe] -> [2005/12/09 20:44:40 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) "Recguard" -> %SystemRoot%\SMINST\Recguard.exe [%WINDIR%\SMINST\RECGUARD.EXE] -> [2002/09/14 00:42:26 | 00,212,992 | ---- | M] () "SoundMan" -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> [2005/09/26 17:07:00 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) "TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2007/07/17 21:49:04 | 00,185,896 | ---- | M] (RealNetworks, Inc.) "Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "MsnMsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DWQueuedReporting" -> %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007/08/24 02:18:18 | 00,437,160 | ---- | M] (Microsoft Corporation) "Power2GoExpress" -> [NA] -> File not found < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DWQueuedReporting" -> %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007/08/24 02:18:18 | 00,437,160 | ---- | M] (Microsoft Corporation) "Power2GoExpress" -> [NA] -> File not found < Run [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\] > -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "MsnMsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) %AllUsersProfile%\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk -> %ProgramFiles%\Palm\Hotsync.exe -> [2004/06/09 14:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) %AllUsersProfile%\Start Menu\Programs\Startup\hp psc 2000 Series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> [2003/04/05 23:37:10 | 00,323,646 | ---- | M] (Hewlett-Packard Co.) %AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/06 00:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Owner.DANIEL Startup Folder > -> C:\Documents and Settings\Owner.DANIEL\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Microsoft Office Groove.lnk -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE -> [2007/08/28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) %UserProfile%\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006] > -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found \\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"CDRAutoRun" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"CDRAutoRun" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006] > -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006] > -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html] -> [2006/05/12 15:58:16 | 01,191,424 | ---- | M] (Google Inc.) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\] > -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> internet .[about] -> Trusted sites -> mcafee.com .[http] -> Trusted sites -> mcafee.com .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\] > -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> internet .[about] -> Trusted sites -> mcafee.com .[http] -> Trusted sites -> mcafee.com .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\] > -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3907450839-500561500-1269974018-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[McAfee.com Operating System Class] -> {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153782043234[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153834576171[MUWebControl Class] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[DwnldGroupMgr Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {D821DC4A-0814-435E-9820-661C543A4679} [HKLM] -> http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx[CRLDownloadWrapper Class] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3E3BE4E4-35A1-4382-9F91-3A6C6578B78A} -> (1394 Net Adapter) -> {62B7A359-9EEA-46F9-AA24-DF8D0DAC38D4} -> (Scientific-Atlanta WebSTAR 2000 series Cable Modem) -> {A35AA47A-E4DC-4722-8AC4-4684B1A1022D} -> (2Wire 802.11g USB Wireless LAN Card) -> {C7432FC1-99EA-40A3-9DE6-28D1C748F40C} -> (NVIDIA nForce Networking Controller) -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 18:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation) "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2007/08/24 06:01:22 | 02,212,224 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> File not found "C:\Program Files\Common Files\AOL\1147467964\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1147467964\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1147467964\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 17:33:08 | 00,012,888 | ---- | M] (America Online, Inc.) "C:\Program Files\Common Files\AOL\System Information\sinf.exe" -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> File not found "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) "C:\Program Files\iWin.com\Jewel Quest\JewelQuest.exe" -> C:\Program Files\iWin.com\Jewel Quest\JewelQuest.exe [C:\Program Files\iWin.com\Jewel Quest\JewelQuest.exe:*:Enabled:JewelQuest] -> File not found "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2006/07/24 09:48:03 | 00,159,744 | ---- | M] () "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE" -> C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE [C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint] -> File not found "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2007/08/28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" -> C:\Program Files\Microsoft Office\Office12\WINWORD.EXE [C:\Program Files\Microsoft Office\Office12\WINWORD.EXE:*:Enabled:Microsoft Office Word] -> [2008/10/18 18:38:02 | 00,347,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2008/12/02 15:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) "C:\Program Files\NetMeeting\conf.exe" -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> [2008/04/13 19:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) "C:\Program Files\Ruckus Player\Ruckus.exe" -> C:\Program Files\Ruckus Player\Ruckus.exe [C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus] -> File not found "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) "C:\StubInstaller.exe" -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> [2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> [2008/04/13 19:12:21 | 00,769,024 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/01/09 20:13:09 | 00,000,000 | ---- | M] () D:\Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{c81a7c22-0a07-11dc-ac54-001558422d75} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c81a7c22-0a07-11dc-ac54-001558422d75}\Shell\AutoRun\command \{c81a7c22-0a07-11dc-ac54-001558422d75}\Shell\AutoRun\command\\"" -> K:\Autorun.exe [K:\Autorun.exe /run] -> File not found \{c81a7c22-0a07-11dc-ac54-001558422d75} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c81a7c22-0a07-11dc-ac54-001558422d75}\Shell\Shell00\Command \{c81a7c22-0a07-11dc-ac54-001558422d75}\Shell\Shell00\Command\\"" -> K:\Autorun.exe [K:\Autorun.exe /run] -> File not found \{c81a7c22-0a07-11dc-ac54-001558422d75} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c81a7c22-0a07-11dc-ac54-001558422d75}\Shell\Shell01\Command \{c81a7c22-0a07-11dc-ac54-001558422d75}\Shell\Shell01\Command\\"" -> K:\Autorun.exe [K:\Autorun.exe /action] -> File not found \{c81a7c22-0a07-11dc-ac54-001558422d75} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c81a7c22-0a07-11dc-ac54-001558422d75}\Shell\Shell02\Command \{c81a7c22-0a07-11dc-ac54-001558422d75}\Shell\Shell02\Command\\"" -> K:\Autorun.exe [K:\Autorun.exe /uninstall] -> File not found [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 12/28/2008 8:12:21 PM Computer Name = DANIEL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 12/28/2008 8:12:21 PM Computer Name = DANIEL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 12/28/2008 8:12:21 PM Computer Name = DANIEL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 12/28/2008 8:12:21 PM Computer Name = DANIEL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 12/28/2008 8:12:28 PM Computer Name = DANIEL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 12/28/2008 8:12:28 PM Computer Name = DANIEL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 12/28/2008 8:12:29 PM Computer Name = DANIEL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 12/28/2008 8:12:29 PM Computer Name = DANIEL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Application [ Error ] 12/29/2008 8:53:22 AM Computer Name = DANIEL | Source = MsiInstaller | ID = 11706 -> Description = Product: SPSS 13.0 for Windows -- Error 1706.No valid source could be found for product SPSS 13.0 for Windows. The Windows Installer cannot continue. Application [ Error ] 12/29/2008 8:53:34 AM Computer Name = DANIEL | Source = MsiInstaller | ID = 11706 -> Description = Product: SPSS 13.0 for Windows -- Error 1706.No valid source could be found for product SPSS 13.0 for Windows. The Windows Installer cannot continue. OSession [ Error ] 4/30/2007 10:30:31 PM Computer Name = DANIEL | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3630 seconds with 2280 seconds of active time. This session ended with a crash. OSession [ Error ] 7/20/2007 8:52:12 AM Computer Name = DANIEL | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 7/20/2007 8:53:21 AM Computer Name = DANIEL | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 7/20/2007 8:53:24 AM Computer Name = DANIEL | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 7/20/2007 8:54:14 AM Computer Name = DANIEL | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 6/13/2008 1:17:05 PM Computer Name = DANIEL | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 16, Application Name: Microsoft Office Groove, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84 seconds with 0 seconds of active time. This session ended with a crash. System [ Error ] 12/31/2008 1:38:48 PM Computer Name = DANIEL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 12/31/2008 1:38:54 PM Computer Name = DANIEL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} System [ Error ] 12/31/2008 1:39:09 PM Computer Name = DANIEL | Source = Service Control Manager | ID = 7001 -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 System [ Error ] 12/31/2008 1:39:09 PM Computer Name = DANIEL | Source = Service Control Manager | ID = 7001 -> Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 System [ Error ] 12/31/2008 1:39:09 PM Computer Name = DANIEL | Source = Service Control Manager | ID = 7001 -> Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 System [ Error ] 12/31/2008 1:39:09 PM Computer Name = DANIEL | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 System [ Error ] 12/31/2008 1:39:09 PM Computer Name = DANIEL | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip System [ Error ] 12/31/2008 1:39:24 PM Computer Name = DANIEL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} System [ Error ] 12/31/2008 1:39:25 PM Computer Name = DANIEL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} System [ Error ] 12/31/2008 1:50:02 PM Computer Name = DANIEL | Source = Service Control Manager | ID = 7034 -> Description = The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). [Files/Folders - Created Within 30 Days] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/01/02 18:50:26 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/02 18:49:54 | 00,648,611 | ---- | C] () Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/31 15:03:00 | 00,001,602 | ---- | C] () Firefox Setup 3.0.5.exe -> %UserProfile%\Desktop\Firefox Setup 3.0.5.exe -> [2008/12/31 15:00:51 | 07,518,240 | ---- | C] (Mozilla) hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/31 12:48:25 | 20,117,46304 | -HS- | C] () user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2008/12/31 12:44:35 | 00,578,560 | ---- | C] (Microsoft Corporation) ERUNT -> %SystemRoot%\ERUNT -> [2008/12/31 12:42:25 | 00,000,000 | ---D | C] SDFix -> %SystemDrive%\SDFix -> [2008/12/31 12:39:53 | 00,000,000 | ---D | C] SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2008/12/31 12:33:12 | 01,529,241 | ---- | C] () McAfee Virtual Technician.lnk -> %UserProfile%\Desktop\McAfee Virtual Technician.lnk -> [2008/12/31 11:44:10 | 00,002,271 | ---- | C] () 4102515980_1.pdf -> %UserProfile%\Desktop\4102515980_1.pdf -> [2008/12/29 21:17:19 | 00,074,741 | ---- | C] () a-squared Free.lnk -> %AllUsersProfile%\Desktop\a-squared Free.lnk -> [2008/12/28 21:14:37 | 00,000,648 | ---- | C] () a-squared Free -> %UserProfile%\My Documents\a-squared Free -> [2008/12/28 21:14:32 | 00,000,000 | ---D | C] a-squared Free -> %ProgramFiles%\a-squared Free -> [2008/12/28 21:14:32 | 00,000,000 | ---D | C] a2FreeSetup.exe -> %UserProfile%\Desktop\a2FreeSetup.exe -> [2008/12/28 21:13:57 | 12,861,144 | ---- | C] (Emsi Software GmbH ) Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/28 20:49:11 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/28 20:49:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/28 20:49:09 | 00,000,696 | ---- | C] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/28 20:49:07 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/28 20:49:05 | 00,000,000 | ---D | C] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/28 20:49:05 | 00,000,000 | ---D | C] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/12/28 20:48:32 | 02,538,616 | ---- | C] (Malwarebytes Corporation ) HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/28 20:37:27 | 00,001,734 | ---- | C] () Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/12/28 20:37:27 | 00,000,000 | ---D | C] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/12/28 20:03:39 | 00,000,793 | ---- | C] () Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/12/28 20:03:39 | 00,000,793 | ---- | C] () Lavasoft -> %ProgramFiles%\Lavasoft -> [2008/12/28 20:03:36 | 00,000,000 | ---D | C] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2008/12/28 20:03:36 | 00,000,000 | ---D | C] aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe -> [2008/12/28 20:02:53 | 23,804,784 | ---- | C] () Recent -> %UserProfile%\Recent -> [2008/12/20 15:44:45 | 00,000,000 | RH-D | C] [Files/Folders - Modified Within 30 Days] 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2009/01/02 18:51:03 | 00,000,578 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/02 18:50:04 | 00,648,611 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/02 18:49:44 | 00,005,485 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/02 18:49:44 | 00,004,232 | ---- | M] () hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [2009/01/02 18:49:36 | 00,000,488 | ---- | M] () Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/31 15:03:00 | 00,001,602 | ---- | M] () Firefox Setup 3.0.5.exe -> %UserProfile%\Desktop\Firefox Setup 3.0.5.exe -> [2008/12/31 15:01:57 | 07,518,240 | ---- | M] (Mozilla) Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2008/12/31 13:12:57 | 00,021,664 | ---- | M] () nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2008/12/31 12:51:34 | 00,030,277 | ---- | M] () MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/12/31 12:51:33 | 00,000,330 | -H-- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/31 12:50:47 | 00,001,170 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/31 12:48:33 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/31 12:48:26 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/31 12:48:25 | 20,117,46304 | -HS- | M] () ntuser.dat -> %UserProfile%\ntuser.dat -> [2008/12/31 12:47:41 | 05,505,024 | ---- | M] () HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2008/12/31 12:45:51 | 00,000,686 | ---- | M] () user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2008/12/31 12:44:36 | 00,578,560 | ---- | M] (Microsoft Corporation) ntuser.ini -> %UserProfile%\ntuser.ini -> [2008/12/31 12:35:46 | 00,000,178 | -HS- | M] () SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2008/12/31 12:33:23 | 01,529,241 | ---- | M] () McAfee Virtual Technician.lnk -> %UserProfile%\Desktop\McAfee Virtual Technician.lnk -> [2008/12/31 11:44:10 | 00,002,271 | ---- | M] () FRU Task #Hewlett-Packard#hp psc 2170 series#1153785609.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1153785609.job -> [2008/12/29 21:33:00 | 00,000,390 | ---- | M] () 4102515980_1.pdf -> %UserProfile%\Desktop\4102515980_1.pdf -> [2008/12/29 21:17:24 | 00,074,741 | ---- | M] () a-squared Free.lnk -> %AllUsersProfile%\Desktop\a-squared Free.lnk -> [2008/12/28 21:14:37 | 00,000,648 | ---- | M] () a2FreeSetup.exe -> %UserProfile%\Desktop\a2FreeSetup.exe -> [2008/12/28 21:14:01 | 12,861,144 | ---- | M] (Emsi Software GmbH ) Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/28 20:49:09 | 00,000,696 | ---- | M] () mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/12/28 20:48:51 | 02,538,616 | ---- | M] (Malwarebytes Corporation ) HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/28 20:37:27 | 00,001,734 | ---- | M] () FRU Task #Hewlett-Packard#hp psc 2170 series#1221171590.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1221171590.job -> [2008/12/28 20:20:33 | 00,000,342 | ---- | M] () Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/12/28 20:03:39 | 00,000,793 | ---- | M] () Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/12/28 20:03:39 | 00,000,793 | ---- | M] () aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe -> [2008/12/28 20:03:02 | 23,804,784 | ---- | M] () McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [2008/12/28 20:00:06 | 00,000,356 | ---- | M] () Microsoft Office Word 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2007.lnk -> [2008/12/17 21:00:04 | 00,002,515 | ---- | M] () mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:54:08 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:54:04 | 00,015,504 | ---- | M] (Malwarebytes Corporation) mspod11.dat -> %AllUsersProfile%\Application Data\Microsoft\POD\mspod11.dat -> [2008/06/24 12:44:49 | 00,000,004 | ---- | M] () mspi11.dat -> %AllUsersProfile%\Application Data\Microsoft\PI\mspi11.dat -> [2008/06/24 12:44:49 | 00,000,004 | ---- | M] () opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2007/03/23 16:21:32 | 00,008,206 | ---- | M] () opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2007/03/23 15:49:02 | 00,008,206 | ---- | M] () wklntsk1.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk1.dat -> [2006/09/17 10:33:51 | 00,166,245 | ---- | M] () wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/09/17 10:32:58 | 00,016,384 | ---- | M] () data.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\data.dat -> [2006/07/25 16:15:06 | 00,003,804 | ---- | M] () [Alternate Data Streams] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable [File - Lop Check] Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2006/05/12 16:09:58 | 00,000,000 | RH-D | M] SampleView -> C:\Documents and Settings\Administrator\Application Data\SampleView -> [2006/05/12 16:09:58 | 00,000,000 | ---D | M] You've Got Pictures Screensaver -> C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver -> [2006/05/12 16:07:04 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/28 20:49:05 | 00,000,000 | RH-D | M] Broderbund Software -> C:\Documents and Settings\All Users\Application Data\Broderbund Software -> [2006/07/25 15:47:16 | 00,000,000 | ---D | M] CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2006/07/24 19:56:47 | 00,000,000 | ---D | M] HotSync -> C:\Documents and Settings\All Users\Application Data\HotSync -> [2006/12/17 19:03:58 | 00,000,000 | ---D | M] Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [2006/07/24 17:55:25 | 00,000,000 | ---D | M] Prism Deploy -> C:\Documents and Settings\All Users\Application Data\Prism Deploy -> [2006/05/12 15:53:21 | 00,000,000 | ---D | M] Pure Networks -> C:\Documents and Settings\All Users\Application Data\Pure Networks -> [2006/05/12 16:06:30 | 00,000,000 | ---D | M] Riverdeep Interactive Learning Limited -> C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited -> [2006/07/25 15:59:22 | 00,000,000 | ---D | M] Support.com -> C:\Documents and Settings\All Users\Application Data\Support.com -> [2006/07/24 10:25:47 | 00,000,000 | ---D | M] Trymedia -> C:\Documents and Settings\All Users\Application Data\Trymedia -> [2006/07/25 21:32:43 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/02/16 08:54:30 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Default User\Application Data -> [2006/05/12 16:09:58 | 00,000,000 | RH-D | M] SampleView -> C:\Documents and Settings\Default User\Application Data\SampleView -> [2006/05/12 16:09:58 | 00,000,000 | ---D | M] You've Got Pictures Screensaver -> C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver -> [2006/05/12 16:07:04 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2006/12/21 18:18:31 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2005/01/09 20:19:08 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Owner.DANIEL\Application Data -> [2008/12/28 20:49:11 | 00,000,000 | RH-D | M] CyberLink -> C:\Documents and Settings\Owner.DANIEL\Application Data\CyberLink -> [2006/07/24 19:57:06 | 00,000,000 | ---D | M] HotSync -> C:\Documents and Settings\Owner.DANIEL\Application Data\HotSync -> [2006/12/17 19:03:06 | 00,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\Owner.DANIEL\Application Data\Leadertech -> [2006/12/17 19:05:15 | 00,000,000 | ---D | M] LimeWire -> C:\Documents and Settings\Owner.DANIEL\Application Data\LimeWire -> [2006/08/17 10:52:37 | 00,000,000 | ---D | M] OfficeUpdate12 -> C:\Documents and Settings\Owner.DANIEL\Application Data\OfficeUpdate12 -> [2007/03/24 11:26:05 | 00,000,000 | ---D | M] Panasonic -> C:\Documents and Settings\Owner.DANIEL\Application Data\Panasonic -> [2007/06/13 18:38:05 | 00,000,000 | ---D | M] PlayFirst -> C:\Documents and Settings\Owner.DANIEL\Application Data\PlayFirst -> [2006/07/26 10:05:34 | 00,000,000 | ---D | M] Ruckus Network -> C:\Documents and Settings\Owner.DANIEL\Application Data\Ruckus Network -> [2008/01/08 15:41:12 | 00,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Owner.DANIEL\Application Data\SampleView -> [2006/07/24 17:55:17 | 00,000,000 | ---D | M] Snapfish -> C:\Documents and Settings\Owner.DANIEL\Application Data\Snapfish -> [2007/06/10 19:24:59 | 00,000,000 | ---D | M] Template -> C:\Documents and Settings\Owner.DANIEL\Application Data\Template -> [2006/09/17 10:32:49 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\Owner.DANIEL\Application Data\Viewpoint -> [2007/02/16 08:54:31 | 00,000,000 | ---D | M] You've Got Pictures Screensaver -> C:\Documents and Settings\Owner.DANIEL\Application Data\You've Got Pictures Screensaver -> [2006/07/24 17:55:17 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Owner.DANIEL.000\Application Data -> [2006/07/24 17:55:16 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/31 12:51:32 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/10 14:00:00 | 00,000,065 | RH-- | M] () FRU Task #Hewlett-Packard#hp psc 2170 series#1153785609.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1153785609.job -> [2008/12/29 21:33:00 | 00,000,390 | ---- | M] () FRU Task #Hewlett-Packard#hp psc 2170 series#1221171590.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1221171590.job -> [2008/12/28 20:20:33 | 00,000,342 | ---- | M] () ISP signup reminder 2.job -> C:\WINDOWS\Tasks\ISP signup reminder 2.job -> [2006/07/24 10:21:02 | 00,000,258 | ---- | M] () McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2007/08/15 00:09:52 | 00,000,350 | ---- | M] () McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2008/12/28 20:00:06 | 00,000,356 | ---- | M] () MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2008/12/31 12:51:33 | 00,000,330 | -H-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/31 12:48:33 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\Owner.DANIEL\Favorites\All Recipes .url:favicon 1078 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\BSU Email Services.url:favicon 894 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\http--www.efca.org-about-media-contraceptives.pdf.url:favicon 3638 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\Human Sexuality.url:favicon 2238 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\ING DIRECT.url:favicon 894 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\Malware Removal - HijackThis™ Logs Go Here - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\Maris on a Mission.url:favicon 3638 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\Online Conversion - Cooking Conversions.url:favicon 3638 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\South Bend Forum.com.url:favicon 10134 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\Sunflower Broadband On Demand Upcoming wwe sunflowerbroadband.com.url:favicon 822 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\The Lutheran Church - Missouri Synod - Pre-Marital Sex.url:favicon 318 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\Verizon.url:favicon 1406 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\Chase Credit Card.url:favicon 894 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\ELCA Message on Sexuality Some Common Convictions.url:favicon 3774 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\First Source Bank.url:favicon 318 bytes C:\Documents and Settings\Owner.DANIEL\Favorites\GM Card.url:favicon 3574 bytes C:\Documents and Settings\Owner.DANIEL\Local Settings\Application Data\Microsoft\Messenger\danwwf23@hotmail.com\SharingMetadata\bsumom84@hotmail.com\DFSR\Staging\CS{64941191-E14A-F2A0-FEC1-B1C261340831}\01\10-{64941191-E14A-F2A0-FEC1-B1C261340831}-v1-{C165789C-FC54-4380-B620-C1C5DA1830CA}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API scan completed successfully hidden files: 184 < End of report > [/code]