[code] OTScanIt2 logfile created on: 2/22/2009 11:00:37 AM - Run 2 OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\Andrew\Desktop\OTScanIt2 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 95.48% Memory free 3.09 Gb Paging File | 2.67 Gb Available in Paging File | 86.43% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.53 Gb Total Space | 82.73 Gb Free Space | 56.85% Space Free | Partition Type: NTFS Drive D: | 662.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 4.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive J: | 973.73 Mb Total Space | 414.41 Mb Free Space | 42.56% Space Free | Partition Type: FAT Computer Name: DREW Current User Name: Andrew Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> [2006/03/24 16:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE -> [2003/06/18 00:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) cthelper.exe -> %SystemRoot%\system32\CTHELPER.EXE -> [2004/03/11 14:50:52 | 00,028,672 | ---- | M] (Creative Technology Ltd) ctsvccda.exe -> %SystemRoot%\system32\CTsvcCDA.EXE -> [1999/12/13 14:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> [2003/09/17 09:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) dlbcserv.exe -> %ProgramFiles%\Dell Photo Printer 720\dlbcserv.exe -> [2005/01/08 17:42:54 | 00,315,392 | R--- | M] () dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 01:06:00 | 00,024,576 | R--- | M] (BVRP Software) dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [2005/01/27 00:02:00 | 00,086,016 | ---- | M] () dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> [2006/08/28 21:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/02/23 15:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/19 10:48:41 | 00,068,856 | ---- | M] (Google Inc.) googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/11/25 16:16:01 | 00,133,104 | ---- | M] (Google Inc.) iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\iaanotif.exe -> [2005/04/25 07:50:08 | 00,139,264 | ---- | M] (Intel Corporation) iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\iaantmon.exe -> [2005/04/25 07:49:52 | 00,086,142 | ---- | M] (Intel Corporation) ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/07/30 09:47:56 | 00,289,064 | ---- | M] (Apple Inc.) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/26 09:05:28 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/26 09:05:35 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) khalmnpr.exe -> %CommonProgramFiles%\Logitech\KHAL\KHALMNPR.EXE -> [2005/05/25 02:40:00 | 00,028,160 | ---- | M] (Logitech Inc.) lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> [2004/03/04 10:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) lxrjd31s.exe -> %SystemRoot%\system32\LxrJD31s.exe -> [2006/12/10 13:15:49 | 00,071,168 | ---- | M] () mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) mouse32a.exe -> %ProgramFiles%\Browser MOUSE\mouse32a.exe -> [2005/12/25 15:48:26 | 00,360,448 | ---- | M] () nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2009/01/15 08:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools) realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2009/02/20 13:45:43 | 00,185,896 | ---- | M] (RealNetworks, Inc.) rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> [2006/06/15 00:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2005/05/25 02:40:00 | 00,450,560 | ---- | M] (Logitech Inc.) spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) ssmmgr.exe -> %SystemRoot%\Samsung\ComSMMgr\ssmmgr.exe -> [2005/07/03 01:20:49 | 00,372,736 | ---- | M] (Samsung Electronics.) teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2004/12/06 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> [2006/06/15 00:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2004/09/15 11:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> [2004/02/06 22:56:14 | 00,041,025 | ---- | M] (GEMTEKS) wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe -> [2005/11/16 04:49:44 | 05,238,272 | ---- | M] (Linksys) wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTsvcCDA.EXE -> [1999/12/13 14:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/01/15 18:43:43 | 00,138,168 | ---- | M] (Google) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\iaantmon.exe -> [2005/04/25 07:49:52 | 00,086,142 | ---- | M] (Intel Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/26 09:05:28 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/02/23 10:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) (LxrJD31s) Lexar JD31 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LxrJD31s.exe -> [2006/12/10 13:15:49 | 00,071,168 | ---- | M] () (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2006/08/08 21:15:50 | 00,208,896 | ---- | M] (Nero AG) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2009/01/15 08:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) (SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> [2006/06/15 00:40:28 | 00,115,952 | ---- | M] (symantec) (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> [2006/01/24 19:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> [2006/06/15 00:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2004/09/15 11:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) (WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] -> -> File not found [Driver Services - Safe List] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> [2007/11/16 17:15:54 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) (BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\BCM42RLY.SYS -> [2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) (ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ctac32k.sys -> [2004/07/13 14:09:32 | 00,645,360 | ---- | M] (Creative Technology Ltd) (ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> [2004/08/06 14:43:26 | 00,366,384 | ---- | M] (Creative Technology Ltd) (ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ctdvda2k.sys -> [2003/11/13 01:11:54 | 00,333,600 | ---- | M] (Creative Technology Ltd) (ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ctprxy2k.sys -> [2004/07/13 14:11:58 | 00,006,096 | ---- | M] (Creative Technology Ltd) (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ctsfm2k.sys -> [2004/07/13 14:12:36 | 00,130,288 | ---- | M] (Creative Technology Ltd) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) (DgiVecp) Team MFP Comm Driver [Kernel | Auto | Stopped] -> %SystemRoot%\System32\Drivers\DgiVecp.sys -> [2005/03/13 23:01:38 | 00,041,984 | ---- | M] (DeviceGuys, Inc.) (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) (drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) (DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> [2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) (E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\e100b325.sys -> [2004/10/14 19:30:46 | 00,155,648 | ---- | M] (Intel Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/09/02 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) (emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\emupia2k.sys -> [2004/07/13 14:13:14 | 00,145,488 | ---- | M] (Creative Technology Ltd) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2008/09/02 02:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) (gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\gameenum.sys -> [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) (ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ha10kx2k.sys -> [2004/08/12 19:40:50 | 00,904,752 | ---- | M] (Creative Technology Ltd) (hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\hap16v2k.sys -> [2004/07/13 14:15:48 | 00,148,432 | ---- | M] (Creative Technology Ltd) (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWBS2.sys -> [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DP.sys -> [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) (iastor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iastor.sys -> [2005/04/25 12:28:14 | 00,871,040 | ---- | M] (Intel Corporation) (LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LHidKE.Sys -> [2005/05/20 15:01:32 | 00,025,600 | ---- | M] (Logitech, Inc.) (LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\LHidUsbK.Sys -> [2005/05/20 15:01:00 | 00,036,480 | ---- | M] (Logitech, Inc.) (LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LMouKE.Sys -> [2005/05/20 15:01:26 | 00,068,352 | ---- | M] (Logitech, Inc.) (LxrJD31d) LxrJD31d [Kernel | Auto | Running] -> %SystemRoot%\system32\Drivers\LxrJD31d.sys -> [2006/12/10 13:15:49 | 00,069,824 | ---- | M] () (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) (MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) (NAL) Nal Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\Drivers\iqvw32.sys -> [2004/11/02 14:12:14 | 00,019,456 | ---- | M] (Intel Corporation ) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090221.004\NAVENG.SYS -> [2009/02/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090221.004\NAVEX15.SYS -> [2009/02/20 03:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2009/01/15 08:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation) (NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\nwlnkipx.sys -> [2008/04/13 12:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) (NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\nwlnknb.sys -> [2004/08/04 04:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) (NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\nwlnkspx.sys -> [2004/08/04 04:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\omci.sys -> [2002/11/08 18:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> [2004/07/13 14:11:28 | 00,178,672 | ---- | M] (Creative Technology Ltd.) (PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PfModNT.sys -> [2004/08/06 21:29:14 | 00,006,656 | ---- | M] (Creative Technology Ltd.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2005/01/26 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\RT61.sys -> [2005/10/27 14:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) (SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> [2005/12/19 19:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> [2005/12/19 19:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2006/04/11 16:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> [2008/05/31 18:12:07 | 00,717,296 | ---- | M] () (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) (ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2006/05/05 15:19:50 | 00,107,696 | ---- | M] (Symantec Corporation) (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\SYMREDRV.SYS -> [2006/01/24 19:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\SYMTDI.SYS -> [2006/01/24 19:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) (tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) (tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) (tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) (tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) (tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) (tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) (tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) (tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) (GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.SYS -> [2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.dell4me.com/myway -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://bigpicture.typepad.com/ -> HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell4me.com/myway -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.dell4me.com/myway -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\] > -> -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: Main\\"Search Page" -> http://www.google.com -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: Main\\"Start Page" -> http://bigpicture.typepad.com/ -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: Search\\"SearchAssistant" -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: SearchURL\\"provider" -> gogl -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\: "ProxyOverride" -> *.local -> < HOSTS File > (250809 bytes and 8787 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 localhost 127.0.0.1 babe.the-killer.bz 127.0.0.1 www.babe.the-killer.bz 127.0.0.1 babe.k-lined.com 127.0.0.1 www.babe.k-lined.com 127.0.0.1 did.i-used.cc 127.0.0.1 www.did.i-used.cc 127.0.0.1 coolwwwsearch.com 127.0.0.1 www.coolwwwsearch.com 127.0.0.1 coolwebsearch.com 127.0.0.1 www.coolwebsearch.com 127.0.0.1 hi.studioaperto.net 127.0.0.1 www.hi.studioaperto.net 127.0.0.1 wazzupnet.com 127.0.0.1 www.wazzupnet.com 127.0.0.1 gueb.com 127.0.0.1 www.gueb.com 127.0.0.1 kabex.com 127.0.0.1 www.kabex.com 127.0.0.1 hityou.com 127.0.0.1 www.hityou.com 127.0.0.1 miosearch.com 127.0.0.1 www.miosearch.com 127.0.0.1 blue-elefant.com 127.0.0.1 www.blue-elefant.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 13:25:44 | 01,562,960 | -HS- | M] (Safer Networking Limited) {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2004/12/06 00:05:00 | 00,118,842 | ---- | M] (Sonic Solutions) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/26 09:04:59 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\google\googletoolbar1.dll [Google Toolbar Helper] -> [2007/01/15 18:43:39 | 02,403,392 | R--- | M] (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [Google Toolbar Notifier BHO] -> [2008/09/13 08:26:06 | 00,737,776 | ---- | M] (Google Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/26 09:04:59 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7A9B3BC-9009-4A37-A6DC-C38BDE9C0F6D} [HKLM] -> %SystemRoot%\system32\geBspoLC.dll [Reg Error: Value error.] -> File not found {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/26 09:05:28 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> [2007/01/15 18:43:39 | 02,403,392 | R--- | M] (Google Inc.) "{BA52B914-B692-46c4-B683-905236F6F655}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> [2007/01/15 18:43:39 | 02,403,392 | R--- | M] (Google Inc.) WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> [2007/01/15 18:43:39 | 02,403,392 | R--- | M] (Google Inc.) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\] > -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> [2007/01/15 18:43:39 | 02,403,392 | R--- | M] (Google Inc.) WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> [2007/01/15 18:43:39 | 02,403,392 | R--- | M] (Google Inc.) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ccApp" -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2006/03/24 16:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) "CTDVDDET" -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE ["C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"] -> [2003/06/18 00:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) "CTHelper" -> %SystemRoot%\system32\CTHELPER.EXE [CTHELPER.EXE] -> [2004/03/11 14:50:52 | 00,028,672 | ---- | M] (Creative Technology Ltd) "CTSysVol" -> %ProgramFiles%\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r] -> [2003/09/17 09:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) "dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2004/12/06 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) "DMXLauncher" -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2005/01/27 00:02:00 | 00,086,016 | ---- | M] () "DVDLauncher" -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> [2005/02/23 15:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) "FLMOFFICE4DMOUSE" -> %ProgramFiles%\Browser MOUSE\mouse32a.exe [C:\Program Files\Browser MOUSE\mouse32a.exe] -> [2005/12/25 15:48:26 | 00,360,448 | ---- | M] () "IAAnotif" -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\iaanotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2005/04/25 07:50:08 | 00,139,264 | ---- | M] (Intel Corporation) "ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/08/11 15:30:30 | 00,249,856 | ---- | M] (Macrovision Corporation) "ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/07/30 09:47:56 | 00,289,064 | ---- | M] (Apple Inc.) "Logitech Hardware Abstraction Layer" -> %SystemRoot%\KHALMNPR.EXE [KHALMNPR.EXE] -> [2005/05/20 14:46:56 | 00,028,160 | ---- | M] (Logitech Inc.) "NvCplDaemon" -> %SystemRoot%\system32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2009/01/15 08:19:00 | 13,680,640 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> %SystemRoot%\system32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2009/01/15 08:19:00 | 00,086,016 | ---- | M] (NVIDIA Corporation) "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2009/01/15 08:19:00 | 01,657,376 | ---- | M] () "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/05/27 09:50:30 | 00,413,696 | ---- | M] (Apple Inc.) "RegistryMechanic" -> [] -> File not found "Samsung Common SM" -> %SystemRoot%\Samsung\ComSMMgr\ssmmgr.exe ["C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun] -> [2005/07/03 01:20:49 | 00,372,736 | ---- | M] (Samsung Electronics.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/26 09:05:35 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2009/02/20 13:45:43 | 00,185,896 | ---- | M] (RealNetworks, Inc.) "UpdReg" -> %SystemRoot%\UpdReg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 00:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.) "vptray" -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> [2006/06/15 00:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DellSupport" -> ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> File not found "Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/11/25 16:16:01 | 00,133,104 | ---- | M] (Google Inc.) "SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) "swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/19 10:48:41 | 00,068,856 | ---- | M] (Google Inc.) "updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> [2006/03/30 15:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated) < Run [HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\] > -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DellSupport" -> ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> File not found "Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/11/25 16:16:01 | 00,133,104 | ---- | M] (Google Inc.) "SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) "swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/19 10:48:41 | 00,068,856 | ---- | M] (Google Inc.) "updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> [2006/03/30 15:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 01:06:00 | 00,024,576 | R--- | M] (BVRP Software) %AllUsersProfile%\Start Menu\Programs\Startup\dlbcserv.lnk -> %ProgramFiles%\Dell Photo Printer 720\dlbcserv.exe -> [2005/01/08 17:42:54 | 00,315,392 | R--- | M] () %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2005/05/25 02:40:00 | 00,450,560 | ---- | M] (Logitech Inc.) < Andrew Startup Folder > -> C:\Documents and Settings\Andrew\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\To Do List.doc -> [2009/02/20 11:25:27 | 00,019,968 | ---- | M] () < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoActiveDesktop" -> [0] -> File not found \\"ClassicShell" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006] > -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoActiveDesktop" -> [0] -> File not found \\"ClassicShell" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\] > -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | -HS- | M] (Safer Networking Limited) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | -HS- | M] (Safer Networking Limited) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | -HS- | M] (Safer Networking Limited) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | -HS- | M] (Safer Networking Limited) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\] > -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | -HS- | M] (Safer Networking Limited) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4590 domain(s) found. -> 44 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4590 domain(s) found. -> www_animefreak.tv [http] -> Trusted sites -> 44 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4589 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4589 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3536 domain(s) found. -> 135 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3536 domain(s) found. -> 135 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\] > -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4590 domain(s) found. -> www_animefreak.tv [http] -> Trusted sites -> 44 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\] > -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3980702569-2011118987-2649573393-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05D96F71-87C6-11D3-9BE4-00902742D6E0} [HKLM] -> https://qp1.csom.umn.edu/qp2.cab [QuickPlace Class] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> {1DD81666-F3AD-11D3-BA86-00500487B4EC} [HKLM] -> http://www.investors.com/member/ocx/WonSearchX.ocx [WonSearchX Control] -> {1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] -> {2B323CD9-50E3-11D3-9466-00A0C9700498} [HKLM] -> http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab [Yahoo! Audio Conferencing] -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab [Reg Error: Key error.] -> {78267546-F2AC-11D2-A278-005004676C44} [HKLM] -> http://www.investors.com/member/ocx/WonList.ocx [WonList Control] -> {7D1E9C49-BD6A-11D3-87A8-009027A35D73} [HKLM] -> http://chat.yahoo.com/cab/yacsui.cab [Yahoo! Audio UI1] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {AECD14A8-F662-11D1-A395-00805F535788} [HKLM] -> http://www.investors.com/member/ocx/plotwon.ocx [Plotwon Control] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} [HKLM] -> http://www.investors.com/member/ocx/PFMngr.ocx [PFMngr Control] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {220AC5C4-D89D-45E2-8822-4E3F2AFB9FFB} -> (Linksys Wireless-G PCI Adapter) -> {B687BB20-5525-43A4-ADF0-8621A282655A} -> (Intel(R) PRO/100 VE Network Connection) -> {FBB5B82A-01A6-4C48-ABFB-80B9D1E4205E} -> (1394 Net Adapter) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [2006/06/15 00:40:42 | 00,043,760 | ---- | M] (Symantec Corporation) vtutu -> -> File not found < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\Andrew\Desktop\[ PC Games ] - Age of Empires II(FULL)\empires2.exe" -> C:\Documents and Settings\Andrew\Desktop\[ PC Games ] - Age of Empires II(FULL)\empires2.exe [C:\Documents and Settings\Andrew\Desktop\[ PC Games ] - Age of Empires II(FULL)\empires2.exe:*:Enabled:Age of Empires II] -> File not found "C:\Documents and Settings\Andrew\Desktop\wc3\Warcraft III\war3.exe" -> C:\Documents and Settings\Andrew\Desktop\wc3\Warcraft III\war3.exe [C:\Documents and Settings\Andrew\Desktop\wc3\Warcraft III\war3.exe:*:Enabled:Warcraft III] -> [2003/06/22 15:24:40 | 01,494,483 | ---- | M] (Blizzard Entertainment) "C:\Documents and Settings\Andrew\My Documents\Hub Downloads\RAR_Warcraft3\Warcraft III\war3.exe" -> C:\Documents and Settings\Andrew\My Documents\Hub Downloads\RAR_Warcraft3\Warcraft III\war3.exe [C:\Documents and Settings\Andrew\My Documents\Hub Downloads\RAR_Warcraft3\Warcraft III\war3.exe:*:Enabled:Warcraft III] -> File not found "C:\Documents and Settings\Andrew\My Documents\Hub Downloads\RAR_Warcraft3\Warcraft III\Warcraft III.exe" -> C:\Documents and Settings\Andrew\My Documents\Hub Downloads\RAR_Warcraft3\Warcraft III\Warcraft III.exe [C:\Documents and Settings\Andrew\My Documents\Hub Downloads\RAR_Warcraft3\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> File not found "C:\Program Files\[ PC Games ] - Age of Empires II(FULL)\empires2.exe" -> C:\Program Files\[ PC Games ] - Age of Empires II(FULL)\empires2.exe [C:\Program Files\[ PC Games ] - Age of Empires II(FULL)\empires2.exe:*:Enabled:Age of Empires II] -> [1999/09/21 19:46:58 | 02,560,000 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) "C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.exe" -> C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.exe [C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.exe:*:Enabled:DKII] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Conference\Conference.dll" -> C:\Program Files\Conference\Conference.dll [C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team] -> File not found "C:\Program Files\DC++\DCPlusPlus.exe" -> C:\Program Files\DC++\DCPlusPlus.exe [C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++] -> File not found "C:\Program Files\Electronic Arts\EADM\Core.exe" -> C:\Program Files\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager] -> File not found "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword] -> [2007/08/14 11:09:20 | 14,092,712 | ---- | M] (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss] -> [2007/08/08 15:08:34 | 11,621,688 | ---- | M] (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4] -> [2007/05/16 22:52:50 | 11,739,782 | ---- | M] (Firaxis Games) "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer] -> [2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/07/30 09:47:50 | 20,252,968 | ---- | M] (Apple Inc.) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" -> C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD [C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion] -> [2001/08/10 15:20:26 | 02,699,309 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe" -> C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe [C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II] -> [2000/08/31 21:38:50 | 02,555,949 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" -> C:\Program Files\Microsoft Games\Age of Empires III\age3.exe [C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3] -> File not found "C:\Program Files\Microsoft Games\MechWarrior Vengeance\MW4.ICD" -> C:\Program Files\Microsoft Games\MechWarrior Vengeance\MW4.ICD [C:\Program Files\Microsoft Games\MechWarrior Vengeance\MW4.ICD:*:Enabled:MechWarrior IV] -> File not found "C:\Program Files\QuickTime\QuickTimePlayer.exe" -> C:\Program Files\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player] -> [2008/05/27 09:50:48 | 07,677,232 | ---- | M] (Apple Inc.) "C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> [2009/02/20 13:45:46 | 00,214,560 | ---- | M] (RealNetworks, Inc.) "C:\UnrealTournament\System\UnrealTournament.exe" -> C:\UnrealTournament\System\UnrealTournament.exe [C:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament] -> File not found "C:\UT2004\System\UT2004.exe" -> C:\UT2004\System\UT2004.exe [C:\UT2004\System\UT2004.exe:*:Enabled:UT2004] -> [2006/09/14 17:41:30 | 00,208,896 | ---- | M] () "C:\WINDOWS\system32\dplaysvr.exe" -> C:\WINDOWS\system32\dplaysvr.exe [C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper] -> [2008/04/13 18:12:17 | 00,029,696 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\LEXPPS.EXE" -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> [2004/03/04 10:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) "H:\Hub Downloads\RAR_Warcraft3\Warcraft3\Warcraft III\Warcraft III.exe" -> H:\Hub Downloads\RAR_Warcraft3\Warcraft3\Warcraft III\Warcraft III.exe [H:\Hub Downloads\RAR_Warcraft3\Warcraft3\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 12:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () D:\Autorun [] -> D:\Autorun.exe [ CDFS ] -> [2007/06/14 17:23:01 | 00,263,744 | R--- | M] (Firaxis Games) D:\autorun.exe [MZ | ] -> D:\autorun.exe [ CDFS ] -> [2007/06/14 17:23:01 | 00,263,744 | R--- | M] (Firaxis Games) D:\autorun.inf [[autorun] | OPEN=autorun.exe | ICON=Autorun\Civ4Installer.ico | LABEL=Sid Meier's Civilization 4 - Beyond the Sword | | [appdata] | Mutex=Civ4 21031 | InstallFile=setup.exe | PlayFile=Civ4BeyondSword.exe | RegKey=INSTALLDIR | | [0x09] | ;English | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=74,244,500 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software and its subsidiaries. Developed by Firaxis Games. Sid Meier's Civilization IV: Warlords, Civ, Civilization, 2K Games, the 2K logo, Firaxis Games, the Firaxis Games logo and Take-Two Interactive Software are all trademarks and/or registered trademarks of Take-Two Interactive Software, Inc. in the USA and/or foreign countries. Unauthorized copying, reverse engineering, transmission, public performance, rental, pay for play, or circumvention of copy protection is strictly prohibited. All rights reserved. | ExecPos=117,171 | InstallImage=Autorun\BTN01-Install.bmp | InstallHilite=Autorun\BTN01-Install_OVER.bmp | PlayImage=Autorun\BTN01-Play.bmp | PlayHilite=Autorun\BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\BTN02-ReadMe.bmp | ReadmeHilite=Autorun\BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\English\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\BTN03-Exit.bmp | ExitHilite=Autorun\BTN03-Exit_OVER.bmp | | [0x0c] | ;French | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=85,244,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software et ses filiales. Développé par Firaxis Games. Sid Meier's Civilization IV: Warlords, Civ, Civilization, 2K Games, le logo 2K, Firaxis Games, le logo Firaxis Games et Take-Two Interactive Software sont toutes des marques commerciales et/ou des marques déposées de Take-Two Interactive Software, Inc. aux États-Unis et/ou dans d'autres pays. Toute reproduction non autorisée, rétro-ingénierie, transmission, représentation publique, location, jeu contre de l'argent, ou détournement de la protection de copie est strictement interdite. Tous droits réservés. | ExecPos=117,171 | InstallImage=Autorun\FR_BTN01-Install.bmp | InstallHilite=Autorun\FR_BTN01-Install_OVER.bmp | PlayImage=Autorun\FR_BTN01-Play.bmp | PlayHilite=Autorun\FR_BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\FR_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\FR_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\French\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\FR_BTN03-Exit.bmp | ExitHilite=Autorun\FR_BTN03-Exit_OVER.bmp | | [0x10] | ;Italian | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=85,244,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software e sue sussidiarie. Sviluppato da Firaxis Games. Sid Meier's Civilization IV: Warlords, Civ, Civilization, 2K Games, il logo 2K, Firaxis Games, il logo Firaxis Games e Take-Two Interactive Software sono tutti marchi e/o marchi registrati di Take-Two Interactive Software, Inc. negli Stati Uniti e/o in altri paesi. La copia non autorizzata, l'esecuzione di ingegneria inversa, la trasmissione, la riproduzione in pubblico, l'affitto, la modalità pay for play o l'aggiramento della protezione contro la copia illegale sono assolutamente vietati. Tutti i diritti riservati. | ExecPos=117,171 | InstallImage=Autorun\IT_BTN01-Install.bmp | InstallHilite=Autorun\IT_BTN01-Install_OVER.bmp | PlayImage=Autorun\IT_BTN01-Play.bmp | PlayHilite=Autorun\IT_BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\IT_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\IT_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Italian\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\IT_BTN03-Exit.bmp | ExitHilite=Autorun\IT_BTN03-Exit_OVER.bmp | | [0x07] | ;German | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=85,230,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software und Tochtergesellschaften. Entwickelt von Firaxis Games. Sid Meier's Civilization IV: Warlords, Civ, Civilization, 2K Games, das 2K-Logo, Firaxis Games, das Firaxis Games-Logo und Take-Two Interactive Software sind Warenzeichen bzw. eingetragene Warenzeichen von Take-Two Interactive Software, Inc. in den USA und/oder anderen Ländern. Das unberechtigte Kopieren, die Zurückentwicklung (Reverse Engineering), Übertragung, öffentliche Aufführung, Vermietung, das Spielen gegen Zahlung eines Entgelts und die Umgehung von Urheberschutzmaßnahmen sind strengstens untersagt. Alle Rechte vorbehalten. | ExecPos=117,171 | InstallImage=Autorun\GE_BTN01-Install.bmp | InstallHilite=Autorun\GE_BTN01-Install_OVER.bmp | PlayImage=Autorun\GE_BTN01-Play.bmp | PlayHilite=Autorun\GE_BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\GE_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\GE_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\German\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\GE_BTN03-Exit.bmp | ExitHilite=Autorun\GE_BTN03-Exit_OVER.bmp | | [0x0a] | ;Spanish | Background=Autorun\Civ4BeyondtheSwordAutoRunBG.bmp | LegalPos=85,224,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=normal | LegalText=©2007 Take-Two Interactive Software y sus subsidiarias. Desarrollado por Firaxis Games. Sid Meier’s Civilization IV: Warlords, Civ, Civilization, 2K Games, el logotipo de 2K, Firaxis Games, el logotipo de Firaxis Games y Take-Two Interactive Software son marcas comerciales o marcas comerciales registradas de Take-Two Interactive Software, Inc. Queda estrictamente prohibida cualquiera de las siguientes acciones sin autorización previa: copia, ingeniería inversa, transmisión, demostración pública, alquiler, pago por uso del programa o intento de saltarse la protección anticopia. Todos los derechos reservados. | ExecPos=117,171 | InstallImage=Autorun\SP_BTN01-Install.bmp | InstallHilite=Autorun\SP_BTN01-Install_OVER.bmp | PlayImage=Autorun\SP_BTN01-Play.bmp | PlayHilite=Autorun\SP_BTN01-Play_OVER.bmp | ReadmePos=267,171 | ReadmeImage=Autorun\SP_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\SP_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Spanish\Readme.htm | ExitPos=412,171 | ExitImage=Autorun\SP_BTN03-Exit.bmp | ExitHilite=Autorun\SP_BTN03-Exit_OVER.bmp | ] -> D:\autorun.inf [ CDFS ] -> [2007/07/17 11:11:01 | 00,006,299 | R--- | M] () I:\autorun.inf [[AutoRun] | open=LaunchU3.exe | icon=LaunchU3.exe,0 | | [Definitions] | Launchpad=LaunchPad.exe | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | ] -> I:\autorun.inf [ CDFS ] -> [2005/08/28 09:32:34 | 00,000,145 | R--- | M] () J:\AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ] -> J:\AUTORUN.INF [ FAT ] -> [2006/09/10 17:20:18 | 00,000,090 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{482c7e6f-8dfd-11da-ac06-00123f7294d1} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{482c7e6f-8dfd-11da-ac06-00123f7294d1}\Shell\AutoRun\command \{482c7e6f-8dfd-11da-ac06-00123f7294d1}\Shell\AutoRun\command\\"" -> F:\JDSecure\Windows\JDSecure31.exe [F:\JDSecure\Windows\JDSecure31.exe] -> File not found \{76251fa6-1e71-11db-acb9-00123f7294d1} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76251fa6-1e71-11db-acb9-00123f7294d1}\Shell \{76251fa6-1e71-11db-acb9-00123f7294d1}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76251fa6-1e71-11db-acb9-00123f7294d1}\Shell\AutoRun \{76251fa6-1e71-11db-acb9-00123f7294d1}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76251fa6-1e71-11db-acb9-00123f7294d1}\Shell\AutoRun\command \{76251fa6-1e71-11db-acb9-00123f7294d1}\Shell\AutoRun\command\\"" -> I:\LaunchU3.exe [I:\LaunchU3.exe] -> [2005/08/28 09:32:35 | 00,925,696 | R--- | M] () \{76251fa7-1e71-11db-acb9-00123f7294d1} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76251fa7-1e71-11db-acb9-00123f7294d1}\Shell\AutoRun\command \{76251fa7-1e71-11db-acb9-00123f7294d1}\Shell\AutoRun\command\\"" -> J:\setupSNK.exe [J:\setupSNK.exe] -> [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation) \{a6eef4b4-8d7a-11dd-85c2-0018f82de83a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6eef4b4-8d7a-11dd-85c2-0018f82de83a}\Shell\AutoRun\command \{a6eef4b4-8d7a-11dd-85c2-0018f82de83a}\Shell\AutoRun\command\\"" -> G:\Launch.exe [G:\Launch.exe] -> File not found \{ad84e587-1016-11da-ab7c-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad84e587-1016-11da-ab7c-806d6172696f}\Shell \{ad84e587-1016-11da-ab7c-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad84e587-1016-11da-ab7c-806d6172696f}\Shell\AutoRun \{ad84e587-1016-11da-ab7c-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad84e587-1016-11da-ab7c-806d6172696f}\Shell\AutoRun\command \{ad84e587-1016-11da-ab7c-806d6172696f}\Shell\AutoRun\command\\"" -> D:\autorun.exe [D:\autorun.exe] -> [2007/06/14 17:23:01 | 00,263,744 | R--- | M] (Firaxis Games) [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 2/17/2009 10:05:03 PM Computer Name = DREW | Source = Symantec AntiVirus | ID = 16711726 -> Description = Security Risk Found!Risk: Trojan.Metajuan in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0232796.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 2/17/2009 10:05:03 PM Computer Name = DREW | Source = Symantec AntiVirus | ID = 16711685 -> Description = Risk Found!Risk: Trojan.Metajuan in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0232796.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 2/17/2009 10:05:03 PM Computer Name = DREW | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Risk: Trojan.Metajuan in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0232796.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 2/17/2009 10:05:24 PM Computer Name = DREW | Source = Symantec AntiVirus | ID = 16711726 -> Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0232797.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 2/17/2009 10:05:24 PM Computer Name = DREW | Source = Symantec AntiVirus | ID = 16711685 -> Description = Risk Found!Risk: Trojan.Vundo in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0232797.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 2/17/2009 10:05:26 PM Computer Name = DREW | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP980\A0232797.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Application [ Error ] 2/17/2009 11:16:25 PM Computer Name = DREW | Source = Symantec AntiVirus | ID = 16711726 -> Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\rundll32.exe by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged. Application [ Error ] 2/17/2009 11:16:27 PM Computer Name = DREW | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\rundll32.exe by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description: Application [ Error ] 2/19/2009 5:06:59 PM Computer Name = DREW | Source = Application Error | ID = 1000 -> Description = Faulting application chrome.exe, version 0.0.0.0, faulting module npswf32.dll, version 10.0.12.36, fault address 0x0000eb17. Application [ Error ] 2/22/2009 12:59:55 PM Computer Name = DREW | Source = Application Hang | ID = 1002 -> Description = Hanging application OTScanIt2.exe, version 1.0.8.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System [ Error ] 2/21/2009 2:07:29 PM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/21/2009 2:07:31 PM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/21/2009 2:08:27 PM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/21/2009 2:09:27 PM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/22/2009 12:25:27 AM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/22/2009 12:25:28 AM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/22/2009 12:25:28 AM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/22/2009 12:25:28 AM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/22/2009 12:25:28 AM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 System [ Error ] 2/22/2009 12:25:29 AM Computer Name = DREW | Source = Service Control Manager | ID = 7000 -> Description = The SDDMI2 service failed to start due to the following error: %%2 [Files/Folders - Created Within 30 Days] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/02/22 10:58:35 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/22 10:54:18 | 00,661,370 | ---- | C] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/02/22 02:08:02 | 01,581,424 | -H-- | C] () cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [2009/02/20 13:47:17 | 00,000,025 | ---- | C] () xing shared -> %CommonProgramFiles%\xing shared -> [2009/02/20 13:45:58 | 00,000,000 | ---D | C] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> [2009/02/20 13:45:45 | 00,278,528 | ---- | C] (Real Networks, Inc) Real -> %ProgramFiles%\Real -> [2009/02/20 13:45:41 | 00,000,000 | ---D | C] Real -> %AppData%\Real -> [2009/02/20 13:45:09 | 00,000,000 | ---D | C] Malwarebytes -> %AppData%\Malwarebytes -> [2009/02/17 17:28:37 | 00,000,000 | ---D | C] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/17 17:26:08 | 00,000,696 | ---- | C] () mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/17 17:26:04 | 00,015,504 | ---- | C] (Malwarebytes Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/17 17:25:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/02/17 17:25:21 | 00,000,000 | ---D | C] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/02/17 17:25:14 | 00,000,000 | ---D | C] ERDNT -> %SystemRoot%\ERDNT -> [2009/02/17 17:16:27 | 00,000,000 | ---D | C] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/02/17 17:14:33 | 00,000,592 | ---- | C] () ERUNT -> %ProgramFiles%\ERUNT -> [2009/02/17 17:14:16 | 00,000,000 | ---D | C] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [2009/02/17 15:14:14 | 00,000,000 | ---D | C] Recent -> %UserProfile%\Recent -> [2009/02/16 22:50:26 | 00,000,000 | RH-D | C] duefgaqb.ini -> %SystemRoot%\System32\duefgaqb.ini -> [2009/02/16 16:12:33 | 01,589,969 | -HS- | C] () idmigddy.ini -> %SystemRoot%\System32\idmigddy.ini -> [2009/02/15 13:36:25 | 01,583,467 | -HS- | C] () nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles -> [2009/02/14 23:09:57 | 00,000,000 | ---D | C] nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [2009/02/14 23:05:55 | 00,206,793 | ---- | C] () nview -> %SystemRoot%\nview -> [2009/02/14 23:05:55 | 00,000,000 | ---D | C] NVIDIA -> %SystemDrive%\NVIDIA -> [2009/02/14 23:05:10 | 00,000,000 | ---D | C] ATI Technologies -> %ProgramFiles%\ATI Technologies -> [2009/02/14 22:38:37 | 00,000,000 | ---D | C] DIFX -> %ProgramFiles%\DIFX -> [2009/02/14 22:36:18 | 00,000,000 | ---D | C] CONEXANT -> %ProgramFiles%\CONEXANT -> [2009/02/14 22:31:59 | 00,000,000 | ---D | C] D3DCompiler_40.dll -> %SystemRoot%\System32\D3DCompiler_40.dll -> [2009/02/14 22:31:29 | 02,036,576 | ---- | C] (Microsoft Corporation) d3dx10_40.dll -> %SystemRoot%\System32\d3dx10_40.dll -> [2009/02/14 22:31:29 | 00,452,440 | ---- | C] (Microsoft Corporation) D3DX9_40.dll -> %SystemRoot%\System32\D3DX9_40.dll -> [2009/02/14 22:31:28 | 04,379,984 | ---- | C] (Microsoft Corporation) XAudio2_3.dll -> %SystemRoot%\System32\XAudio2_3.dll -> [2009/02/14 22:31:28 | 00,514,384 | ---- | C] (Microsoft Corporation) xactengine3_3.dll -> %SystemRoot%\System32\xactengine3_3.dll -> [2009/02/14 22:31:28 | 00,235,856 | ---- | C] (Microsoft Corporation) XAPOFX1_2.dll -> %SystemRoot%\System32\XAPOFX1_2.dll -> [2009/02/14 22:31:28 | 00,070,992 | ---- | C] (Microsoft Corporation) XAudio2_2.dll -> %SystemRoot%\System32\XAudio2_2.dll -> [2009/02/14 22:31:27 | 00,509,448 | ---- | C] (Microsoft Corporation) XAPOFX1_1.dll -> %SystemRoot%\System32\XAPOFX1_1.dll -> [2009/02/14 22:31:27 | 00,068,616 | ---- | C] (Microsoft Corporation) X3DAudio1_5.dll -> %SystemRoot%\System32\X3DAudio1_5.dll -> [2009/02/14 22:31:27 | 00,023,376 | ---- | C] (Microsoft Corporation) D3DX9_39.dll -> %SystemRoot%\System32\D3DX9_39.dll -> [2009/02/14 22:31:26 | 03,851,784 | ---- | C] (Microsoft Corporation) D3DCompiler_39.dll -> %SystemRoot%\System32\D3DCompiler_39.dll -> [2009/02/14 22:31:26 | 01,493,528 | ---- | C] (Microsoft Corporation) d3dx10_39.dll -> %SystemRoot%\System32\d3dx10_39.dll -> [2009/02/14 22:31:26 | 00,467,984 | ---- | C] (Microsoft Corporation) xactengine3_2.dll -> %SystemRoot%\System32\xactengine3_2.dll -> [2009/02/14 22:31:26 | 00,238,088 | ---- | C] (Microsoft Corporation) XAudio2_1.dll -> %SystemRoot%\System32\XAudio2_1.dll -> [2009/02/14 22:31:25 | 00,507,400 | ---- | C] (Microsoft Corporation) xactengine3_1.dll -> %SystemRoot%\System32\xactengine3_1.dll -> [2009/02/14 22:31:25 | 00,238,088 | ---- | C] (Microsoft Corporation) XAPOFX1_0.dll -> %SystemRoot%\System32\XAPOFX1_0.dll -> [2009/02/14 22:31:25 | 00,065,032 | ---- | C] (Microsoft Corporation) X3DAudio1_4.dll -> %SystemRoot%\System32\X3DAudio1_4.dll -> [2009/02/14 22:31:25 | 00,025,608 | ---- | C] (Microsoft Corporation) D3DX9_38.dll -> %SystemRoot%\System32\D3DX9_38.dll -> [2009/02/14 22:31:24 | 03,850,760 | ---- | C] (Microsoft Corporation) D3DCompiler_38.dll -> %SystemRoot%\System32\D3DCompiler_38.dll -> [2009/02/14 22:31:24 | 01,491,992 | ---- | C] (Microsoft Corporation) XAudio2_0.dll -> %SystemRoot%\System32\XAudio2_0.dll -> [2009/02/14 22:31:24 | 00,479,752 | ---- | C] (Microsoft Corporation) d3dx10_38.dll -> %SystemRoot%\System32\d3dx10_38.dll -> [2009/02/14 22:31:24 | 00,467,984 | ---- | C] (Microsoft Corporation) D3DX9_37.dll -> %SystemRoot%\System32\D3DX9_37.dll -> [2009/02/14 22:31:23 | 03,786,760 | ---- | C] (Microsoft Corporation) D3DCompiler_37.dll -> %SystemRoot%\System32\D3DCompiler_37.dll -> [2009/02/14 22:31:23 | 01,420,824 | ---- | C] (Microsoft Corporation) d3dx10_37.dll -> %SystemRoot%\System32\d3dx10_37.dll -> [2009/02/14 22:31:23 | 00,462,864 | ---- | C] (Microsoft Corporation) xactengine3_0.dll -> %SystemRoot%\System32\xactengine3_0.dll -> [2009/02/14 22:31:23 | 00,238,088 | ---- | C] (Microsoft Corporation) X3DAudio1_3.dll -> %SystemRoot%\System32\X3DAudio1_3.dll -> [2009/02/14 22:31:23 | 00,025,608 | ---- | C] (Microsoft Corporation) D3DCompiler_36.dll -> %SystemRoot%\System32\D3DCompiler_36.dll -> [2009/02/14 22:31:22 | 01,374,232 | ---- | C] (Microsoft Corporation) d3dx10_36.dll -> %SystemRoot%\System32\d3dx10_36.dll -> [2009/02/14 22:31:22 | 00,444,776 | ---- | C] (Microsoft Corporation) xactengine2_10.dll -> %SystemRoot%\System32\xactengine2_10.dll -> [2009/02/14 22:31:22 | 00,267,272 | ---- | C] (Microsoft Corporation) d3dx9_36.dll -> %SystemRoot%\System32\d3dx9_36.dll -> [2009/02/14 22:31:21 | 03,734,536 | ---- | C] (Microsoft Corporation) xactengine2_9.dll -> %SystemRoot%\System32\xactengine2_9.dll -> [2009/02/14 22:31:21 | 00,267,112 | ---- | C] (Microsoft Corporation) D3DCompiler_35.dll -> %SystemRoot%\System32\D3DCompiler_35.dll -> [2009/02/14 22:31:20 | 01,358,192 | ---- | C] (Microsoft Corporation) d3dx10_35.dll -> %SystemRoot%\System32\d3dx10_35.dll -> [2009/02/14 22:31:20 | 00,444,776 | ---- | C] (Microsoft Corporation) d3dx9_35.dll -> %SystemRoot%\System32\d3dx9_35.dll -> [2009/02/14 22:31:19 | 03,727,720 | ---- | C] (Microsoft Corporation) msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [2009/02/14 22:25:23 | 00,000,000 | -H-D | C] Logs -> %SystemRoot%\Logs -> [2009/02/14 22:25:16 | 00,000,000 | ---D | C] crack -> %UserProfile%\Desktop\crack -> [2009/02/14 20:36:05 | 00,000,000 | ---D | C] Registry Clean Expert -> %ProgramFiles%\Registry Clean Expert -> [2009/02/14 20:32:52 | 00,000,000 | ---D | C] Reg Clean -> %UserProfile%\Desktop\Reg Clean -> [2009/02/14 20:31:04 | 00,000,000 | ---D | C] To Do List.doc -> %UserProfile%\Start Menu\Programs\Startup\To Do List.doc -> [2009/02/13 00:13:54 | 00,019,968 | ---- | C] () To Do List.doc -> %UserProfile%\My Documents\To Do List.doc -> [2009/02/13 00:12:46 | 00,019,968 | ---- | C] () wc3 -> %UserProfile%\Desktop\wc3 -> [2009/02/08 21:43:12 | 00,000,000 | ---D | C] Fall from Heaven 2.lnk -> %UserProfile%\Desktop\Fall from Heaven 2.lnk -> [2009/02/03 16:50:16 | 00,001,987 | ---- | C] () Spring 09 -> %UserProfile%\My Documents\Spring 09 -> [2009/01/23 14:49:01 | 00,000,000 | ---D | C] Securian Job Posting.doc -> %UserProfile%\Desktop\Securian Job Posting.doc -> [2009/01/23 11:53:36 | 01,008,640 | ---- | C] () [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 1 C:\Documents and Settings\Andrew\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Andrew\Local Settings\Temp\*.tmp -> OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/22 10:54:21 | 00,661,370 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/02/22 10:41:51 | 00,002,206 | ---- | M] () nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/02/22 10:41:03 | 00,196,912 | ---- | M] () Perflib_Perfdata_40c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_40c.dat -> [2009/02/22 10:40:55 | 00,016,384 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/02/22 10:40:39 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/02/22 10:40:20 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/22 10:40:10 | 26,824,25344 | -HS- | M] () ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/02/22 02:08:59 | 08,388,608 | ---- | M] () BMXStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx -> [2009/02/22 02:08:59 | 00,031,056 | ---- | M] () BMXState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx -> %SystemRoot%\System32\BMXState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx -> [2009/02/22 02:08:59 | 00,031,056 | ---- | M] () BMXCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx -> [2009/02/22 02:08:59 | 00,030,528 | ---- | M] () BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx -> [2009/02/22 02:08:59 | 00,030,528 | ---- | M] () settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [2009/02/22 02:08:59 | 00,001,080 | ---- | M] () settings.sfm -> %SystemRoot%\System32\settings.sfm -> [2009/02/22 02:08:59 | 00,001,080 | ---- | M] () DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat -> %SystemRoot%\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat -> [2009/02/22 02:08:59 | 00,000,384 | ---- | M] () DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat -> %SystemRoot%\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat -> [2009/02/22 02:08:59 | 00,000,384 | ---- | M] () {00000005-00000000-00000004-00001102-00000004-20061102}.CDF -> %SystemRoot%\{00000005-00000000-00000004-00001102-00000004-20061102}.CDF -> [2009/02/22 02:08:02 | 04,932,601 | ---- | M] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/02/22 02:08:02 | 01,581,424 | -H-- | M] () GoogleUpdateTaskUserS-1-5-21-3980702569-2011118987-2649573393-1006.job -> %SystemRoot%\tasks\GoogleUpdateTaskUserS-1-5-21-3980702569-2011118987-2649573393-1006.job -> [2009/02/22 01:30:33 | 00,000,930 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/02/21 11:25:54 | 00,007,471 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/02/21 11:25:54 | 00,005,685 | ---- | M] () cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [2009/02/20 13:47:17 | 00,000,025 | ---- | M] () pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> [2009/02/20 13:45:45 | 00,278,528 | ---- | M] (Real Networks, Inc) NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/02/20 13:43:19 | 00,000,116 | ---- | M] () To Do List.doc -> %UserProfile%\Start Menu\Programs\Startup\To Do List.doc -> [2009/02/20 11:25:27 | 00,019,968 | ---- | M] () Ibankingjobs.xls -> %UserProfile%\Desktop\Ibankingjobs.xls -> [2009/02/18 02:10:05 | 02,030,080 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/17 17:26:08 | 00,000,696 | ---- | M] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/02/17 17:14:33 | 00,000,592 | ---- | M] () duefgaqb.ini -> %SystemRoot%\System32\duefgaqb.ini -> [2009/02/16 16:13:00 | 01,589,969 | -HS- | M] () idmigddy.ini -> %SystemRoot%\System32\idmigddy.ini -> [2009/02/15 13:36:35 | 01,583,467 | -HS- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/02/14 23:08:04 | 00,000,278 | -HS- | M] () SIERRA.INI -> %SystemRoot%\SIERRA.INI -> [2009/02/14 21:09:38 | 00,000,479 | ---- | M] () To Do List.doc -> %UserProfile%\My Documents\To Do List.doc -> [2009/02/13 00:12:47 | 00,019,968 | ---- | M] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) LegitCheckControl.DLL -> %SystemRoot%\System32\LegitCheckControl.DLL -> [2009/02/06 12:35:56 | 01,486,208 | ---- | M] (Microsoft Corporation) Google Chrome.lnk -> %UserProfile%\Desktop\Google Chrome.lnk -> [2009/02/03 19:06:44 | 00,002,253 | ---- | M] () MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/02/03 17:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) Fall from Heaven 2.lnk -> %UserProfile%\Desktop\Fall from Heaven 2.lnk -> [2009/02/03 16:50:16 | 00,001,987 | ---- | M] () Securian Job Posting.doc -> %UserProfile%\Desktop\Securian Job Posting.doc -> [2009/01/23 11:59:47 | 01,008,640 | ---- | M] () The Battle for Middle-earth II_uninst.exe -> %UserProfile%\Local Settings\Temp\The Battle for Middle-earth II_uninst.exe -> [2006/01/03 21:54:47 | 00,073,728 | ---- | M] (Electronic Arts Inc.) opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2005/09/11 08:54:29 | 00,011,066 | ---- | M] () [Alternate Data Streams] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable [File - Lop Check] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/02/17 17:25:21 | 00,000,000 | RH-D | M] Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [2006/09/11 21:37:20 | 00,000,000 | ---D | M] Dell Photo Printer 720 -> C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720 -> [2005/09/04 10:30:16 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2005/08/16 14:49:35 | 00,000,000 | ---D | M] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2004/08/10 12:13:06 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/06/12 08:48:49 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Andrew\Application Data -> [2009/02/20 13:45:09 | 00,000,000 | RH-D | M] Ahead -> C:\Documents and Settings\Andrew\Application Data\Ahead -> [2007/02/10 22:03:32 | 00,000,000 | ---D | M] Corel -> C:\Documents and Settings\Andrew\Application Data\Corel -> [2005/09/04 10:02:02 | 00,000,000 | ---D | M] Costco Photo Organizer -> C:\Documents and Settings\Andrew\Application Data\Costco Photo Organizer -> [2008/04/06 12:18:15 | 00,000,000 | ---D | M] Costco Photo Viewer US -> C:\Documents and Settings\Andrew\Application Data\Costco Photo Viewer US -> [2008/04/06 12:32:37 | 00,000,000 | ---D | M] CyberLink -> C:\Documents and Settings\Andrew\Application Data\CyberLink -> [2005/10/04 23:21:32 | 00,000,000 | ---D | M] EuroTalk -> C:\Documents and Settings\Andrew\Application Data\EuroTalk -> [2007/01/12 22:38:32 | 00,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\Andrew\Application Data\Leadertech -> [2005/08/18 12:54:48 | 00,000,000 | ---D | M] My Games -> C:\Documents and Settings\Andrew\Application Data\My Games -> [2009/01/11 16:44:51 | 00,000,000 | ---D | M] SecondLife -> C:\Documents and Settings\Andrew\Application Data\SecondLife -> [2007/04/18 16:46:58 | 00,000,000 | ---D | M] SecuROM -> C:\Documents and Settings\Andrew\Application Data\SecuROM -> [2008/07/13 08:15:51 | 00,000,000 | RH-D | M] SPORE Creature Creator -> C:\Documents and Settings\Andrew\Application Data\SPORE Creature Creator -> [2008/09/06 11:21:00 | 00,000,000 | ---D | M] U3 -> C:\Documents and Settings\Andrew\Application Data\U3 -> [2008/03/12 21:01:00 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\Andrew\Application Data\Viewpoint -> [2007/06/12 08:48:50 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Default User\Application Data -> [2005/08/16 14:54:09 | 00,000,000 | RH-D | M] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2005/08/18 12:42:48 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2004/08/10 12:08:14 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/02/11 07:49:06 | 00,000,000 | --SD | M] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/08/15 06:48:49 | 00,000,284 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () GoogleUpdateTaskUserS-1-5-21-3980702569-2011118987-2649573393-1006.job -> C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3980702569-2011118987-2649573393-1006.job -> [2009/02/22 01:30:33 | 00,000,930 | ---- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/02/22 10:40:39 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:ad,0f,73,91,1c,82,5e,6d,32,bc,52,f8,14,25,7d,bf,a3,a8,a7,33,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:ad,0f,73,91,1c,82,5e,6d,32,bc,52,f8,14,25,7d,bf,a3,a8,a7,33,19,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. scan completed successfully hidden files: 298 < End of report > [/code]