OTListIt:
OTListIt logfile created on: 2009-03-12 16:55:34 - Run 3
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\hussain.ali\Desktop\spyware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 5302 6326;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 129.28 Gb Free Space | 86.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RTLAT139
Current User Name: Hussain.Ali
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - c:\drivers\audio\r190031\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\DELTAV\IFIX\fixsrv.exe ()
PRC - C:\DELTAV\IFIX\NNTABLE.EXE ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\DELTAV\IFIX\SYSALERTQMGR.EXE ()
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\DELTAV\IFIX\ALMSUM.EXE ()
PRC - C:\DeltaV\bin\ntpd.exe (Fisher-Rosemount Systems, Inc.)
PRC - c:\deltav\bin\ram.exe (Fisher-Rosemount Systems, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (
http://tortoisesvn.net)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\hussain.ali\Desktop\spyware\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (ASFAgent [Auto | Running]) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BatchCampaignMgr [On_Demand | Stopped]) -- c:\deltav\bin\dvbcampaignmgr.exe (Fisher-Rosemount Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DeltaV [Auto | Stopped]) -- C:\DeltaV\bin\HawkService.exe (Fisher-Rosemount Systems, Inc.)
SRV - (DVBManager [On_Demand | Stopped]) -- c:\deltav\bin\dvbmanager.exe (Fisher-Rosemount Systems, Inc.)
SRV - (DvDbServer [On_Demand | Stopped]) -- C:\DeltaV\bin\dvdbserver.exe (Fisher-Rosemount Systems, Inc.)
SRV - (EventChronicleManager [On_Demand | Stopped]) -- C:\DeltaV\bin\EventChronicleManager.exe (Fisher-Rosemount Systems Inc.)
SRV - (Fix [Auto | Running]) -- C:\DELTAV\IFIX\fixsrv.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MSSQL$DELTAV_ADV_CNTRL [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$DELTAV_CHRONICLE [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetworkTimeProtocol [Auto | Running]) -- C:\DeltaV\bin\ntpd.exe (Fisher-Rosemount Systems, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RamService [Auto | Running]) -- c:\deltav\bin\ram.exe (Fisher-Rosemount Systems, Inc.)
SRV - (ReportService [On_Demand | Stopped]) -- C:\DeltaV\bin\ReportService.exe (Fisher-Rosemount Systems, Inc.)
SRV - (RunTimeRecorder [Disabled | Stopped]) -- C:\DeltaV\bin\RunTimeRecorder.exe (Fisher-Rosemount Systems, Inc.)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- c:\drivers\audio\r190031\stacsv.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (uploadmgr [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (winvnc [Auto | Running]) -- C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
========== Driver Services (SafeList) ========== DRV - (AESTAud [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (akshasp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\akshasp.sys (Aladdin Knowledge Systems)
DRV - (aksusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aksusb.sys (Aladdin Knowledge Systems)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (cvusbdrv [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (e1yexpress [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e1y5132.sys (Intel Corporation)
DRV - (Hardlock [Auto | Running]) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ikbf5 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ikbf5.sys (Intellution®, Inc.)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAL [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\iqvw32.sys (Intel Corporation )
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBCCID [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\usbccid.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www1.euro.del.......;l=en&s=genIE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Firefox\extensions\\
[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009-02-18 17:51:29 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009-03-12 16:40:46 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009-03-12 16:40:38 00,000,000 | ---D | M]
FF - C:\Documents and Settings\hussain.ali\Application Data\mozilla\Extensions [2009-03-12 16:40:48 00,000,000 | ---D | M]
FF - C:\Documents and Settings\hussain.ali\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-03-12 16:40:48 00,000,000 | ---D | M]
FF - C:\Documents and Settings\hussain.ali\Application Data\mozilla\Firefox\Profiles\2e0og2vz.default\extensions [2009-03-12 16:40:48 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009-03-12 16:40:38 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-03-12 16:40:38 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-11-17 14:01:19 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009-02-18 17:51:41 00,000,000 | ---D | M]
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper (Constantin Kaplinsky)
O4 - HKCU..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = IT Security Message - Please read carefully
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = These IT facilities are provided by Real Time for the purpose of its staff associates and partners carrying out company business.
Access is only granted upon authorisation by a responsible person. If you continue and log into the company network you will be deemed
to have accepted the provisions of the company's Network Access Policy and its Internet Access Policy and will be duly bound by them.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 180
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\QoS.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.mi...b?1223280103796 (WUWebControl Class)
O16 - DPF: {6BD88D94-03D2-4ABF-99A3-78E9C87DFCA5}
http://rtagrtest/agr...om/axmlcomp.cab (aComp Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.micros...b?1223280162593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (msgina.dll) - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{a60f8268-c5d8-11dd-ba4e-0022693c6764}\Shell - "" = AutoRun
O33 - MountPoints2\{a60f8268-c5d8-11dd-ba4e-0022693c6764}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a60f8268-c5d8-11dd-ba4e-0022693c6764}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a60f826a-c5d8-11dd-ba4e-0022693c6764}\Shell - "" = AutoRun
O33 - MountPoints2\{a60f826a-c5d8-11dd-ba4e-0022693c6764}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a60f826a-c5d8-11dd-ba4e-0022693c6764}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-03-12 16:40:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Application Data\Mozilla
[2009-03-12 16:40:42 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009-03-12 14:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-03-12 14:40:02 | 00,000,440 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009-03-12 13:59:22 | 00,006,407 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\Bookmarks 2009-03-12.json
[2009-03-12 13:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Desktop\spyware
[2009-03-12 12:15:41 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-03-12 12:12:16 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-03-12 12:03:59 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009-03-12 12:03:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-03-12 12:03:55 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-03-12 12:01:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-03-12 12:01:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-03-12 12:01:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-03-12 12:01:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-03-12 12:01:36 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-03-12 12:01:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-03-12 12:01:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-03-12 12:01:36 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-03-12 12:01:36 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-03-12 12:00:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-03-12 12:00:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-03-12 11:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009-03-12 11:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009-03-12 11:41:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Application Data\SUPERAntiSpyware.com
[2009-03-12 11:41:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009-03-12 11:03:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-03-12 08:58:41 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-03-12 08:58:35 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-03-12 08:56:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009-03-12 08:56:27 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009-03-12 08:56:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009-03-12 08:33:32 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\New Microsoft Excel Worksheet.xls
[2009-03-12 00:28:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009-03-12 00:08:50 | 37,076,58240 | -HS- | C] () -- C:\hiberfil.sys
[2009-03-11 23:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Application Data\Malwarebytes
[2009-03-11 23:41:22 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-03-11 23:41:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-03-11 23:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-03-11 23:41:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-03-11 22:46:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.gpref
[2009-03-11 22:40:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009-03-11 22:40:17 | 00,264,704 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009-03-11 22:40:17 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\QoS.dll
[2009-03-11 17:03:18 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\Priority Distribution.xls
[2009-03-11 12:59:57 | 00,395,776 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\CTR001.doc
[2009-03-10 22:06:45 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009-03-06 09:06:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Desktop\Travel
[2009-03-04 21:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2009-03-03 08:13:04 | 00,018,642 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\PC People.pdf
[2009-02-27 08:11:24 | 00,044,041 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\C1677 PIMS Support Rota 2009 r1.pdf
[2009-02-25 13:57:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Application Data\Media Player Classic
[2009-02-25 13:56:42 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-23 19:37:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009-02-23 19:36:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009-02-23 19:36:51 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009-02-23 19:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009-02-23 19:34:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009-02-23 19:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\My Documents\My Received Files
[2009-02-23 18:36:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-02-13 11:16:06 | 00,598,016 | ---- | C] () -- C:\Documents and Settings\hussain.ali\My Documents\module 3.vnx
========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-03-12 16:43:40 | 00,621,588 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-03-12 16:43:40 | 00,508,096 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-03-12 16:43:40 | 00,102,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-03-12 16:40:42 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009-03-12 16:40:02 | 00,000,440 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009-03-12 16:37:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-03-12 16:37:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-03-12 16:37:35 | 37,076,58240 | -HS- | M] () -- C:\hiberfil.sys
[2009-03-12 15:52:29 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ntp.drift
[2009-03-12 13:59:23 | 00,006,407 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\Bookmarks 2009-03-12.json
[2009-03-12 12:13:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-03-12 12:08:57 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-03-12 12:03:59 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-03-12 08:58:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-03-12 08:58:18 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-03-12 08:55:21 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\New Microsoft Excel Worksheet.xls
[2009-03-12 08:27:58 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\Priority Distribution.xls
[2009-03-11 22:46:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.gpref
[2009-03-11 22:40:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009-03-11 22:40:17 | 00,095,232 | ---- | M] () -- C:\WINDOWS\System32\QoS.dll
[2009-03-11 22:40:14 | 00,264,704 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009-03-11 22:40:14 | 00,264,704 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009-03-11 21:47:06 | 00,000,130 | ---- | M] () -- C:\WINDOWS\ntp.ini
[2009-03-11 13:59:36 | 00,395,776 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\CTR001.doc
[2009-03-08 14:04:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-03-05 16:19:26 | 00,000,310 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Application Data\APUSet.xml
[2009-03-05 16:19:25 | 00,006,516 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Application Data\PrimoPDFSet.xml
[2009-03-05 13:45:01 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\C2468 -Beryl A.lnk
[2009-03-04 19:32:11 | 06,423,260 | -H-- | M] () -- C:\Documents and Settings\hussain.ali\Local Settings\Application Data\IconCache.db
[2009-03-03 08:13:04 | 00,018,642 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\PC People.pdf
[2009-02-27 08:11:25 | 00,044,041 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\C1677 PIMS Support Rota 2009 r1.pdf
[2009-02-25 15:03:29 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009-02-25 15:03:29 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009-02-25 13:56:44 | 00,004,608 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-24 07:36:12 | 00,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-02-17 12:08:41 | 00,000,178 | ---- | M] () -- C:\WINDOWS\exp.INI
[2009-02-13 11:16:10 | 00,598,016 | ---- | M] () -- C:\Documents and Settings\hussain.ali\My Documents\module 3.vnx
[2009-02-13 11:16:06 | 00,001,217 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009-02-11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-02-11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== LOP Check ========== [2009-03-12 15:43:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009-03-12 08:56:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008-10-03 08:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009-01-19 12:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008-11-10 09:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008-10-06 15:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2008-09-28 08:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009-03-12 08:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009-03-11 23:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008-10-03 08:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009-02-23 19:36:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2004-08-11 16:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009-02-06 13:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009-03-12 11:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009-03-12 15:43:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-11-10 09:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2008-10-06 08:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009-03-12 16:40:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\hussain.ali\Application Data
[2009-01-23 15:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Adobe
[2008-11-13 15:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\AdobeUM
[2008-11-06 11:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\CyberLink
[2008-11-25 10:22:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\DAEMON Tools
[2008-09-28 08:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Dell
[2008-11-28 18:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Elluminate
[2008-11-20 10:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Help
[2004-08-11 16:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Identities
[2008-09-28 08:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\InstallShield
[2008-11-06 11:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Macromedia
[2009-03-11 23:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Malwarebytes
[2009-02-25 13:57:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Media Player Classic
[2009-02-23 19:37:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\hussain.ali\Application Data\Microsoft
[2009-03-12 16:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Mozilla
[2008-11-27 11:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Real
[2008-12-15 10:04:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Subversion
[2008-09-28 08:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Sun
[2009-03-12 11:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\SUPERAntiSpyware.com
[2008-12-16 14:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\TortoiseSVN
[2008-09-28 08:42:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Wave Systems Corp
[2008-12-04 10:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\WinRAR
[2009-03-12 08:58:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004-08-04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-03-12 16:37:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >