Oops.. made a mistake. I ran the scan this time, but only got one log.
Here's the log:
OTListIt logfile created on: 3/17/2009 10:05:51 AM - Run 7
OTListIt2 by OldTimer - Version 2.0.3.8 Folder = C:\Documents and Settings\Goddess\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.00 Mb Total Physical Memory | 503.81 Mb Available Physical Memory | 49.25% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 122.42 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GEHENNA-C21FF70
Current User Name: Goddess
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe (SonicWALL, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Goddess\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (InCDsrvR [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (FETNDISB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys (D-Link )
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead Software AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Ahead Software AG)
DRV - (KLIF [System | Running]) -- C:\WINDOWS\system32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft...p...&ar=msnhomeIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.update:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {9C09CB1F-719C-4370-9B9E-6B3E0C4BAC2F}:1.0
FF - prefs.js..extensions.enabledItems: {F4D8DDF5-B13F-4C51-8F0B-94451D609C5F}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4
FF - HKLM\software\mozilla\Firefox\Extensions\\{9C09CB1F-719C-4370-9B9E-6B3E0C4BAC2F}: C:\DOCUMENTS AND SETTINGS\GODDESS\LOCAL SETTINGS\APPLICATION DATA\{9C09CB1F-719C-4370-9B9E-6B3E0C4BAC2F} [2009/03/07 14:25:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F4D8DDF5-B13F-4C51-8F0B-94451D609C5F}: C:\DOCUMENTS AND SETTINGS\LORD HARKONNEN\LOCAL SETTINGS\APPLICATION DATA\{F4D8DDF5-B13F-4C51-8F0B-94451D609C5F} [2009/03/07 22:23:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/11/21 00:09:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2008/11/16 07:47:45 | 00,000,000 | ---D | M]
[2008/09/05 12:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\mozilla\Extensions
[2008/09/05 12:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/14 12:53:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\mozilla\Firefox\Profiles\wsmimgp8.default\extensions
[2008/03/13 09:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\mozilla\Firefox\Profiles\wsmimgp8.default\extensions\
[email protected][2009/03/12 15:18:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/11/16 07:47:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/27 20:49:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/11/16 07:47:34 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/11/16 07:47:34 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3489b446-9585-4db4-98b0-85f23d99cbf9} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {aeb641f4-c2cd-4b34-87c7-865ed8fbfcba} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [CPM8b129cc9] Rundll32.exe "c:\windows\system32\yejimoya.dll",a File not found
O4 - HKLM..\Run: [mikarohiwe] Rundll32.exe "C:\WINDOWS\system32\bekopola.dll",s File not found
O4 - HKLM..\Run: [Mwudom] rundll32.exe "C:\WINDOWS\ipofedaw.dll",e File not found
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\hariviza.dll) - c:\windows\system32\hariviza.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pabipihe.dll) - c:\windows\system32\pabipihe.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\hariviza.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
========== Files/Folders - Created Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/03/15 19:44:18 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/15 07:15:47 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goddess\Desktop\OTListIt2.exe
[2009/03/14 12:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Goddess\Application Data\Malwarebytes
[2009/03/14 12:18:31 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 12:18:30 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/14 12:18:27 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/14 12:18:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/14 12:18:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/14 12:16:50 | 02,876,728 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Goddess\Desktop\mbam-setup.exe
[2009/03/14 12:16:29 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/14 08:54:33 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/14 08:54:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2009/03/14 08:52:40 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/14 08:51:13 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/03/13 18:20:34 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Goddess\My Documents\Address Book 2009.03.13.xls
[2009/03/12 15:55:05 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Goddess\My Documents\Address Book 2009.03.12.xls
[2009/03/12 15:28:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/03/12 15:19:36 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/03/12 15:19:32 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/12 15:19:30 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/03/12 15:14:24 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/12 15:14:24 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/12 15:14:24 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/12 15:14:24 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/12 15:14:24 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/12 15:14:24 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/12 15:14:24 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/12 15:14:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/12 15:14:24 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/12 15:14:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/12 15:12:58 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/12 15:12:34 | 02,933,518 | R--- | C] () -- C:\Documents and Settings\Goddess\Desktop\ComboFix.exe
[2009/03/12 12:25:02 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Goddess\My Documents\Phone Directory.doc
[2009/03/11 17:22:01 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Goddess\Desktop\HiJackThis.exe
[2009/03/11 08:37:36 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/07 19:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Goddess\My Documents\2009 Desktop
[2009/03/07 14:25:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Goddess\Local Settings\Application Data\{9C09CB1F-719C-4370-9B9E-6B3E0C4BAC2F}
[2009/03/07 13:45:02 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Goddess\Desktop\spybotsd162.exe
[2009/03/07 09:18:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/07 08:20:34 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Goddess\Desktop\Spybot - Search & Destroy.lnk
[2009/03/06 23:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/03/06 22:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Goddess\Application Data\MailFrontier
[2009/03/06 22:19:12 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/03/06 07:56:48 | 00,000,153 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/06 07:44:57 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Goddess\My Documents\Harddrives.xls
[2009/03/04 19:20:17 | 00,040,448 | ---- | C] () -- C:\Documents and Settings\Goddess\My Documents\Address Book 2009.03.04.xls
[2009/03/01 13:07:00 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Goddess\My Documents\2009 KL.xls
========== Files - Modified Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/03/17 10:10:36 | 22,903,5552 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/17 10:08:12 | 00,002,556 | ---- | M] () -- C:\rollback.ini
[2009/03/17 10:02:06 | 00,351,225 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/17 10:01:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/17 10:01:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/17 10:01:03 | 10,727,66976 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/17 04:27:21 | 03,067,916 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/03/15 11:06:55 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\Goddess\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/15 09:28:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/15 07:15:48 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goddess\Desktop\OTListIt2.exe
[2009/03/14 12:18:31 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 12:17:00 | 02,876,728 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Goddess\Desktop\mbam-setup.exe
[2009/03/14 11:50:04 | 00,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/14 08:54:34 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/14 08:52:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/13 18:44:31 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Goddess\My Documents\Address Book 2009.03.13.xls
[2009/03/13 14:10:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/13 14:02:08 | 02,933,518 | R--- | M] () -- C:\Documents and Settings\Goddess\Desktop\ComboFix.exe
[2009/03/13 13:40:43 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/13 13:04:49 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Goddess\My Documents\Address Book 2009.03.12.xls
[2009/03/12 15:25:29 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/03/12 15:19:36 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/12 12:25:03 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Goddess\My Documents\Phone Directory.doc
[2009/03/11 10:12:18 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Goddess\Desktop\HiJackThis.exe
[2009/03/11 05:48:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/09 14:11:16 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 14:11:16 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 14:11:16 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/07 13:46:31 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Goddess\Desktop\Spybot - Search & Destroy.lnk
[2009/03/07 13:45:27 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Goddess\Desktop\spybotsd162.exe
[2009/03/06 07:59:27 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/06 07:59:21 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/06 07:56:51 | 00,000,153 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/06 07:56:37 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Goddess\My Documents\Harddrives.xls
[2009/03/04 19:20:18 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\Goddess\My Documents\Address Book 2009.03.04.xls
[2009/03/01 14:48:07 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Goddess\My Documents\2009 KL.xls
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/19 03:18:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/18 18:47:32 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/02/15 14:14:59 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\Goddess\My Documents\Address Book 2009.02.10.xls
========== LOP Check ========== [2009/03/14 12:18:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/08 10:26:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/02/13 17:20:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/12/06 23:16:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/10/25 14:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/03/05 01:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/12/10 14:49:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/02/08 09:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/01/13 08:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007/10/25 13:21:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/03/14 12:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/06 23:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2007/10/28 13:15:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/07 19:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/11/20 03:07:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/14 12:18:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Goddess\Application Data
[2007/10/25 14:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\.clamwin
[2008/01/26 22:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Adobe
[2007/12/10 22:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Apple Computer
[2008/07/15 12:24:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\DivX
[2007/11/28 20:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Google
[2007/08/27 07:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Identities
[2008/01/05 11:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Leadertech
[2007/10/25 17:33:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Macromedia
[2009/03/06 22:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\MailFrontier
[2009/03/14 12:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Malwarebytes
[2008/03/29 07:45:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Goddess\Application Data\Microsoft
[2008/03/13 09:06:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Move Networks
[2008/09/05 12:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Mozilla
[2008/03/09 20:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Sun
[2009/02/08 09:04:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Uniblue
[2008/02/24 13:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goddess\Application Data\Ventrilo
[2009/03/15 09:28:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/17 10:01:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ========== ========== Custom Scans ========== ========== Net Services ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\NetSvcs
6to4 - -
AppMgmt - C:\WINDOWS\System32\appmgmts.dll - (Microsoft Corporation)
AudioSrv - C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation)
Browser - C:\WINDOWS\System32\browser.dll - (Microsoft Corporation)
CryptSvc - C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation)
DMServer - C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp.)
DHCP - C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation)
ERSvc - C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation)
EventSystem - C:\WINDOWS\system32\es.dll - (Microsoft Corporation)
FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
HidServ - C:\WINDOWS\System32\hidserv.dll - File not found
Ias - -
Iprip - -
Irmon - -
LanmanServer - C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation)
LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation)
Messenger - C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation)
Netman - C:\WINDOWS\System32\netman.dll - (Microsoft Corporation)
Nla - C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation)
Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation)
NWCWorkstation - -
Nwsapagent - -
Rasauto - C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation)
Rasman - C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation)
Remoteaccess - C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation)
Schedule - C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation)
Seclogon - C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation)
SENS - C:\WINDOWS\system32\sens.dll - (Microsoft Corporation)
Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation)
SRService - C:\WINDOWS\system32\srsvc.dll - (Microsoft Corporation)
Tapisrv - C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation)
Themes - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
TrkWks - C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation)
W32Time - C:\WINDOWS\system32\w32time.dll - (Microsoft Corporation)
WZCSVC - C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation)
Wmi - C:\WINDOWS\System32\advapi32.dll - (Microsoft Corporation)
WmdmPmSp - -
winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
wscsvc - C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation)
xmlprov - C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation)
BITS - C:\WINDOWS\system32\qmgr.dll - (Microsoft Corporation)
wuauserv - C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation)
ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
WmdmPmSN - C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation)
======= End Net Services ========= ========== SafeBoot-Minimal Settings ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)
Base - Driver Group
Boot Bus Extender - Driver Group
Boot file system - Driver Group
CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)
DcomLaunch - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)
dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)
dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)
dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)
dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)
dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)
EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
File system - Driver Group
Filter - Driver Group
HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
Lavasoft Ad-Aware Service - %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe - (Lavasoft)
Netlogon - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
PCI Configuration - Driver Group
PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
PNP Filter - Driver Group
Primary disk - Driver Group
RpcSs - %SystemRoot%\System32\rpcss.dll - (Microsoft Corporation)
SCSI Class - Driver Group
sermouse.sys - Driver
sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys - (Microsoft Corporation)
SRService - %SystemRoot%\system32\srsvc.dll - (Microsoft Corporation)
System Bus Extender - Driver Group
vga.sys - Driver
vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)
WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} - System
{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
======= End SafeBoot-Minimal ========= ========== SafeBoot-Network Settings ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\
AFD - %SystemRoot%\System32\drivers\afd.sys - (Microsoft Corporation)
AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)
Base - Driver Group
Boot Bus Extender - Driver Group
Boot file system - Driver Group
Browser - %SystemRoot%\System32\browser.dll - (Microsoft Corporation)
CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)
DcomLaunch - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)
Dhcp - %SystemRoot%\System32\dhcpcsvc.dll - (Microsoft Corporation)
dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)
dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)
dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)
dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)
dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)
DnsCache - %SystemRoot%\System32\dnsrslvr.dll - (Microsoft Corporation)
EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
File system - Driver Group
Filter - Driver Group
HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
ip6fw.sys - %SystemRoot%\system32\DRIVERS\Ip6Fw.sys - (Microsoft Corporation)
ipnat.sys - %SystemRoot%\system32\DRIVERS\ipnat.sys - (Microsoft Corporation)
LanmanServer - %SystemRoot%\System32\srvsvc.dll - (Microsoft Corporation)
LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll - (Microsoft Corporation)
Lavasoft Ad-Aware Service - %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe - (Lavasoft)
LmHosts - %SystemRoot%\System32\lmhsvc.dll - (Microsoft Corporation)
Messenger - %SystemRoot%\System32\msgsvc.dll - (Microsoft Corporation)
NDIS - %SystemRoot%\System32\drivers\ndis.sys - (Microsoft Corporation)
NDIS Wrapper - Driver Group
Ndisuio - %SystemRoot%\system32\DRIVERS\ndisuio.sys - (Microsoft Corporation)
NetBIOS - %SystemRoot%\system32\DRIVERS\netbios.sys - (Microsoft Corporation)
NetBIOSGroup - Driver Group
NetBT - %SystemRoot%\system32\DRIVERS\netbt.sys - (Microsoft Corporation)
NetDDEGroup - Driver Group
Netlogon - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
NetMan - %SystemRoot%\System32\netman.dll - (Microsoft Corporation)
Network - Driver Group
NetworkProvider - Driver Group
NtLmSsp - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
PCI Configuration - Driver Group
PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
PNP Filter - Driver Group
PNP_TDI - Driver Group
Primary disk - Driver Group
rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys - (Microsoft Corporation)
rdpdd.sys - %SystemRoot%\System32\rdpdd.dll - (Microsoft Corporation)
rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys - (Microsoft Corporation)
rdsessmgr - %SystemRoot%\system32\sessmgr.exe - (Microsoft Corporation)
RpcSs - %SystemRoot%\System32\rpcss.dll - (Microsoft Corporation)
SCSI Class - Driver Group
sermouse.sys - Driver
SharedAccess - %SystemRoot%\System32\ipnathlp.dll - (Microsoft Corporation)
sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys - (Microsoft Corporation)
SRService - %SystemRoot%\system32\srsvc.dll - (Microsoft Corporation)
Streams Drivers - Driver Group
System Bus Extender - Driver Group
Tcpip - %SystemRoot%\system32\DRIVERS\tcpip.sys - (Microsoft Corporation)
TDI - Driver Group
tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys - (Microsoft Corporation)
tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys - (Microsoft Corporation)
termservice - %SystemRoot%\System32\termsrv.dll - (Microsoft Corporation)
vga.sys - Driver
vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)
vsmon - %SystemRoot%\system32\ZoneLabs\vsmon.exe - (Check Point Software Technologies LTD)
WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
WZCSVC - %SystemRoot%\System32\wzcsvc.dll - (Microsoft Corporation)
{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} - Net
{4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} - System
{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
======= End SafeBoot-Network ========= ========== ActiveX Components ========== {08B0E5C0-4FCB-11CF-AAA5-00401C608500}: Java (Sun)
{10072CEC-8CC1-11D1-986E-00A0C955B42F}: Vector Graphics Rendering (VML)
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}: NetShow
{22d6f312-b0f6-11d0-94ab-0080c74c7e95}: Microsoft Windows Media Player 6.4
{283807B5-2C60-11D0-A31D-00AA00B92C03}: DirectAnimation
{2C7339CF-2B09-4501-B3F3-F3508C9228ED}: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
{36f8ec70-c29a-11d1-b5c7-0000f8051515}: Dynamic HTML Data Binding for Java
{3af36230-a269-11d1-b5bf-0000f8051515}: Offline Browsing Pack
{3bf42070-b3b1-11d1-b5c5-0000f8051515}: Uniscribe
{4278c270-a269-11d1-b5bf-0000f8051515}: Advanced Authoring
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
{44BBA842-CC51-11CF-AAFA-00AA00B6015B}: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
{44BBA848-CC51-11CF-AAFA-00AA00B6015C}: DirectShow
{44BBA855-CC51-11CF-AAFA-00AA00B6015F}: DirectDrawEx
{45ea75a0-a269-11d1-b5bf-0000f8051515}: Internet Explorer Help
{4f216970-c90c-11d1-b5c7-0000f8051515}: DirectAnimation Java Classes
{4f645220-306d-11d2-995d-00c04f98bbc9}: Microsoft Windows Script 5.7
{5056b317-8d4c-43ee-8543-b9d1e234b8f4}: Security Update for Windows XP (KB923789)
{5945c046-1e7d-11d1-bc44-00c04fd912be}: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
{5A8D6EE0-3E18-11D0-821E-444553540000}: ICW
{5fd399c0-a70a-11d1-9948-00c04f98bbc9}: Internet Explorer Setup Tools
{630b1da0-b465-11d1-9948-00c04f98bbc9}: Browsing Enhancements
{6BF52A52-394A-11d3-B153-00C04F79FAA6}: Microsoft Windows Media Player
{6fab99d0-bab8-11d1-994a-00c04f98bbc9}: MSN Site Access
{73FA19D0-2D75-11D2-995D-00C04F98BBC9}: Web Folders
{7790769C-0471-11d2-AF11-00C04FA35D02}: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
{89820200-ECBD-11cf-8B85-00AA005B4340}: regsvr32.exe /s /n /i:U shell32.dll
{89820200-ECBD-11cf-8B85-00AA005B4383}: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
{9381D8F2-0288-11D0-9501-00AA00B911A5}: Dynamic HTML Data Binding
{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}:
{C9E9A340-D1F1-11D0-821E-444553540600}: Internet Explorer Core Fonts
{CC2A9BA0-3BDD-11D0-821E-444553540000}: Task Scheduler
{CDD7975E-60F8-41d5-8149-19E51D6F71D0}: Windows Movie Maker v2.1
{D27CDB6E-AE6D-11cf-96B8-444553540000}: Shockwave Flash
{de5aed00-a4bf-11d1-9948-00c04f98bbc9}: HTML Help
{E92B03AB-B707-11d2-9CBD-0000F87A369E}: Active Directory Service Interface
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}: C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}: C:\WINDOWS\inf\unregmp2.exe /ShowWMP
>{26923b43-4d38-484f-9b9e-de460746276c}: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
======= End ActiveX ========= < %systemroot%\System32\antiwpa.dll > < %systemroot%\SYSTEM32\wpa.dll > < %systemroot%\setup\scripts\biestart.exe > < %systemroot%\system32\drivers\royal.sys > < %systemroot%\system32\serauth1.dll > < %systemroot%\system32\serauth2.dll > < %systemroot%\system32\sysaudio.sys > < %systemroot%\system32\wdmaud.sys > < %systemroot%\system32\aeaudio.sys >< End of report >