jcody777
2009-03-18, 02:03
I am not sure if my mother in lasw installed that pragram, this is her computer
not mine.
ALSO, this popped up while I was doing the scan you reccomended:
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\DOCUME~1\BARBARA\LOCALS~1\Temp\qgtrvoysOMPUTER.dll
Location: Quarantine
Computer: BARBARACOMPUTER
User: BARBARA
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Tue Mar 17 16:58:49 2009
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\DOCUME~1\BARBARA\LOCALS~1\Temp\qgtrvoysOMPUTER.dll
Location: Quarantine
Computer: BARBARACOMPUTER
User: BARBARA
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Tue Mar 17 17:01:09 2009
Here is the notepad results:
[code]
OTScanIt2 logfile created on: 3/17/2009 4:57:04 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\BARBARA\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.00 Mb Total Physical Memory | 390.07 Mb Available Physical Memory | 38.13% Memory free
2.41 Gb Paging File | 1.68 Gb Available in Paging File | 69.79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 5.27 Gb Free Space | 18.43% Space Free | Partition Type: NTFS
Drive D: | 2.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 71.47 Gb Total Space | 19.38 Gb Free Space | 27.11% Space Free | Partition Type: NTFS
Computer Name: BARBARACOMPUTER
Current User Name: BARBARA
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC)
aolsoftware.exe -> %CommonProgramFiles%\aol\1101736076\ee\aolsoftware.exe -> [2006/09/25 17:52:48 | 00,050,736 | ---- | M] (America Online, Inc.)
aolsoftware.exe -> %CommonProgramFiles%\AOL\1101736076\ee\AOLSoftware.exe -> [2006/09/25 17:52:48 | 00,050,736 | ---- | M] (America Online, Inc.)
aolsp scheduler.exe -> %CommonProgramFiles%\aol\1101736076\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe -> [2006/10/23 12:04:42 | 00,001,536 | ---- | M] ()
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> [2004/10/15 13:54:12 | 00,046,768 | ---- | M] (America Online Inc)
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> [2004/10/15 13:54:14 | 00,100,016 | ---- | M] (America Online, Inc)
bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> [2003/08/29 05:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation)
ctsvccda.exe -> %SystemRoot%\System32\CTsvcCDA.exe -> [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> [2002/07/30 12:36:00 | 00,032,768 | ---- | M] (Symantec Corporation)
diagent.exe -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> [2002/04/03 02:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/02/09 14:33:06 | 00,039,408 | ---- | M] (Google Inc.)
gwremind.exe -> %ProgramFiles%\Greetings Workshop\GWREMIND.EXE -> [1997/09/04 01:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation)
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> [2005/01/12 15:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
hpqdirec.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqDIREC.exe -> [2006/02/09 13:35:30 | 00,827,392 | ---- | M] (Hewlett-Packard Company)
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> [2006/02/10 07:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqSTE08.exe -> [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hptskmgr.exe -> %ProgramFiles%\HP\hpcoretech\comp\hptskmgr.exe -> [2005/01/12 15:54:56 | 00,135,168 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> [2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpzipm12.exe -> %SystemRoot%\System32\HPZipm12.exe -> [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/12/18 22:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/02/22 19:30:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/02/22 19:30:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
mspmspsv.exe -> %SystemRoot%\System32\MsPMSPSv.exe -> [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> %SystemRoot%\System32\nvsvc32.exe -> [2003/10/06 15:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
point32.exe -> %ProgramFiles%\Microsoft Hardware\Mouse\point32.exe -> [2001/08/23 19:37:40 | 00,167,936 | R--- | M] (Microsoft Corporation)
psi.exe -> %ProgramFiles%\Secunia\PSI\psi.exe -> [2008/12/17 03:05:10 | 00,748,840 | ---- | M] (Secunia)
qbdbmgrn.exe -> %ProgramFiles%\Intuit\QuickBooks 2006\QBDBMgrN.exe -> [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.)
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
realplay.exe -> %ProgramFiles%\Real\RealPlayer\RealPlay.exe -> [2004/11/29 06:49:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> [2002/07/30 12:40:44 | 00,573,440 | ---- | M] (Symantec Corporation)
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [2003/08/29 12:14:56 | 00,233,472 | ---- | M] ()
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [2003/08/29 20:05:35 | 00,360,448 | ---- | M] ()
shellmon.exe -> %ProgramFiles%\America Online 9.0\shellmon.exe -> [2005/07/12 07:17:50 | 00,054,872 | ---- | M] (America Online, Inc.)
vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> [2002/07/30 12:35:04 | 00,077,824 | ---- | M] (Symantec Corporation)
waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe -> [2004/11/19 10:54:58 | 00,037,464 | ---- | M] (America Online, Inc.)
wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> [2001/08/07 16:06:54 | 00,024,633 | ---- | M] (Microsoft® Corporation)
wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> [2001/08/16 21:41:58 | 00,028,738 | ---- | M] (Microsoft® Corporation)
[Win32 Services - Safe List]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC)
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> [2004/10/15 13:54:14 | 00,100,016 | ---- | M] (America Online, Inc)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\System32\CTsvcCDA.exe -> [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> [2002/07/30 12:36:00 | 00,032,768 | ---- | M] (Symantec Corporation)
(getPlus(R) Helper) getPlus(R) Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/09 14:33:03 | 00,137,200 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/02/22 19:30:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> [2002/07/30 12:40:44 | 00,573,440 | ---- | M] (Symantec Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\nvsvc32.exe -> [2003/10/06 15:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\System32\HPZipm12.exe -> [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP)
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\MsPMSPSv.exe -> [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2004/11/29 06:49:31 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(BCM42XX) Broadcom iLine10(tm) Network Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\bcm42xx5.sys -> [2001/08/17 05:11:26 | 00,054,271 | ---- | M] (Broadcom Corporation)
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\BCMSM.sys -> [2003/08/29 05:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation)
(brfilt) Brother MFC Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\Brfilt.sys -> [2001/08/17 14:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.)
(brparimg) Brother Multi Function Parallel Image driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\BrParImg.sys -> [2001/08/17 14:12:24 | 00,003,168 | ---- | M] (Brother Industries Ltd.)
(BrParWdm) Brother WDM Parallel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\BrParwdm.sys -> [2001/08/17 14:12:18 | 00,039,552 | ---- | M] (Brother Industries Ltd.)
(BrSerWDM) Brother WDM Serial driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\BrSerWdm.sys -> [2001/08/17 14:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\CVirtA.sys -> [2003/05/01 13:26:34 | 00,005,220 | R--- | M] (Cisco Systems, Inc.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\e100b325.sys -> [2002/09/19 15:59:50 | 00,139,776 | ---- | M] (Intel Corporation)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\gameenum.sys -> [2008/04/13 11:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZid412.sys -> [2006/04/12 17:04:39 | 00,049,664 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZipr12.sys -> [2006/04/12 17:04:39 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZius12.sys -> [2006/04/12 17:04:39 | 00,021,568 | ---- | M] (HP)
(IPFilter) Microsoft IntelliPoint Features driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\IPFilter.sys -> [2001/08/23 01:33:12 | 00,010,192 | R--- | M] (Microsoft Corporation)
(mf) mf [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\mf.sys -> [2008/04/13 11:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 06:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\MxlW2k.sys -> [2004/11/28 19:24:16 | 00,028,164 | ---- | M] (MusicMatch, Inc.)
(NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys -> [2002/06/19 21:57:12 | 00,218,112 | ---- | M] (Symantec Corporation)
(NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS -> [2002/06/19 21:57:14 | 00,029,184 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090313.007\NAVENG.SYS -> [2009/03/13 01:00:00 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090313.007\NAVEX15.SYS -> [2009/03/13 01:00:00 | 00,876,144 | ---- | M] (Symantec Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nv4_mini.sys -> [2003/10/06 15:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation)
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 09:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation)
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\P16X.sys -> [2002/08/30 09:29:02 | 01,293,440 | ---- | M] (Creative Technology Ltd.)
(PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\System32\PfModNT.sys -> [1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.)
(PSI) PSI [File_System | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\psi_mf.sys -> [2008/12/10 07:17:14 | 00,007,808 | ---- | M] (Secunia)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2002/09/03 09:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\PxHelp20.sys -> [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2004/11/28 19:02:54 | 00,073,224 | ---- | M] (Symantec Corporation)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.aol.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< HOSTS File > (297250 bytes and 10312 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/03 00:24:01 | 00,192,512 | R--- | M] ()
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/02/09 14:22:21 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/02/09 14:33:06 | 00,657,904 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/02/22 19:30:42 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/02/22 19:30:45 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/09 14:22:21 | 00,251,504 | ---- | M] ()
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> [2004/10/21 15:32:48 | 00,459,968 | ---- | M] (IE Toolbar)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/01/05 13:30:40 | 00,399,352 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/09 14:22:21 | 00,251,504 | ---- | M] ()
WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> [2004/10/21 15:32:48 | 00,459,968 | ---- | M] (IE Toolbar)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/01/05 13:30:40 | 00,399,352 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008/06/12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AOLDialer" -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] -> [2006/10/23 05:50:37 | 00,071,216 | R--- | M] (AOL LLC)
"BCMSMMSG" -> %SystemRoot%\BCMSMMSG.exe [BCMSMMSG.exe] -> [2003/08/29 05:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation)
"diagent" -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe ["C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup] -> [2002/04/03 02:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd)
"HostManager" -> %CommonProgramFiles%\AOL\1101736076\ee\AOLSoftware.exe [C:\Program Files\Common Files\AOL\1101736076\ee\AOLSoftware.exe] -> [2006/09/25 17:52:48 | 00,050,736 | ---- | M] (America Online, Inc.)
"HP Component Manager" -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> [2005/01/12 15:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"Microsoft Works Portfolio" -> %ProgramFiles%\Microsoft Works\WksSb.exe [C:\Program Files\Microsoft Works\WksSb.exe /AllUsers] -> [2001/08/23 14:52:52 | 00,331,830 | ---- | M] (Microsoft® Corporation)
"Microsoft Works Update Detection" -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> [2001/08/16 21:41:58 | 00,028,738 | ---- | M] (Microsoft® Corporation)
"MMTray" -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe] -> [2002/08/14 18:29:26 | 00,090,112 | ---- | M] (MUSICMATCH, Inc.)
"NvCplDaemon" -> %SystemRoot%\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2003/10/06 15:16:00 | 05,058,560 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2003/10/06 15:16:00 | 00,741,376 | ---- | M] (NVIDIA Corporation)
"POINTER" -> [point32.exe] -> File not found
"Pure Networks Port Magic" -> %ProgramFiles%\Pure Networks\Port Magic\PortAOL.exe ["C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run] -> [2004/04/05 14:33:54 | 00,099,480 | ---- | M] (Pure Networks, Inc.)
"QuickBooksDB" -> %ProgramFiles%\Intuit\QuickBooks 2006\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -n QB_BARBARACOMPUTER_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y] -> [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"RealTray" -> %ProgramFiles%\Real\RealPlayer\RealPlay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2004/11/29 06:49:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/02/22 19:30:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"UpdReg" -> %SystemRoot%\UpdReg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 02:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"vptray" -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] -> [2002/07/30 12:35:04 | 00,077,824 | ---- | M] (Symantec Corporation)
"WorksFUD" -> %ProgramFiles%\Microsoft Works\wkfud.exe [C:\Program Files\Microsoft Works\wkfud.exe] -> [2001/10/05 17:34:51 | 00,024,576 | ---- | M] (Microsoft® Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AOL Fast Start" -> %ProgramFiles%\America Online 9.0\AOL.EXE ["C:\Program Files\America Online 9.0\AOL.EXE" -b] -> [2005/07/12 07:17:44 | 00,050,776 | ---- | M] (America Online, Inc.)
"MoneyAgent" -> %ProgramFiles%\Microsoft Money\System\Money Express.exe ["C:\Program Files\Microsoft Money\System\Money Express.exe"] -> File not found
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/02/09 14:33:06 | 00,039,408 | ---- | M] (Google Inc.)
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
%AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> [2006/02/10 07:56:20 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 02:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> [2001/08/07 16:06:54 | 00,024,633 | ---- | M] (Microsoft® Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2007/01/22 12:21:00 | 00,815,104 | ---- | M] (Intuit Inc.)
< BARBARA Startup Folder > -> C:\Documents and Settings\BARBARA\Start Menu\Programs\Startup ->
-> %UserProfile%\Start Menu\Programs\Startup\DLHelperEXE.exe -> [2005/02/04 12:38:12 | 00,196,608 | ---- | M] ()
%UserProfile%\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk -> %ProgramFiles%\Greetings Workshop\GWREMIND.EXE -> [1997/09/04 01:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation)
%UserProfile%\Start Menu\Programs\Startup\Secunia PSI.lnk -> %ProgramFiles%\Secunia\PSI\psi.exe -> [2008/12/17 03:05:10 | 00,748,840 | ---- | M] (Secunia)
%UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [2003/08/29 20:05:35 | 00,360,448 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"" -> [] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
jcody777
2009-03-20, 23:29
OPPS, sorry.
OTScanIt2 logfile created on: 3/17/2009 4:57:04 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\BARBARA\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.00 Mb Total Physical Memory | 390.07 Mb Available Physical Memory | 38.13% Memory free
2.41 Gb Paging File | 1.68 Gb Available in Paging File | 69.79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 5.27 Gb Free Space | 18.43% Space Free | Partition Type: NTFS
Drive D: | 2.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 71.47 Gb Total Space | 19.38 Gb Free Space | 27.11% Space Free | Partition Type: NTFS
Computer Name: BARBARACOMPUTER
Current User Name: BARBARA
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC)
aolsoftware.exe -> %CommonProgramFiles%\aol\1101736076\ee\aolsoftware.exe -> [2006/09/25 17:52:48 | 00,050,736 | ---- | M] (America Online, Inc.)
aolsoftware.exe -> %CommonProgramFiles%\AOL\1101736076\ee\AOLSoftware.exe -> [2006/09/25 17:52:48 | 00,050,736 | ---- | M] (America Online, Inc.)
aolsp scheduler.exe -> %CommonProgramFiles%\aol\1101736076\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe -> [2006/10/23 12:04:42 | 00,001,536 | ---- | M] ()
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> [2004/10/15 13:54:12 | 00,046,768 | ---- | M] (America Online Inc)
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> [2004/10/15 13:54:14 | 00,100,016 | ---- | M] (America Online, Inc)
bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> [2003/08/29 05:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation)
ctsvccda.exe -> %SystemRoot%\System32\CTsvcCDA.exe -> [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> [2002/07/30 12:36:00 | 00,032,768 | ---- | M] (Symantec Corporation)
diagent.exe -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> [2002/04/03 02:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/02/09 14:33:06 | 00,039,408 | ---- | M] (Google Inc.)
gwremind.exe -> %ProgramFiles%\Greetings Workshop\GWREMIND.EXE -> [1997/09/04 01:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation)
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> [2005/01/12 15:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
hpqdirec.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqDIREC.exe -> [2006/02/09 13:35:30 | 00,827,392 | ---- | M] (Hewlett-Packard Company)
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> [2006/02/10 07:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqSTE08.exe -> [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hptskmgr.exe -> %ProgramFiles%\HP\hpcoretech\comp\hptskmgr.exe -> [2005/01/12 15:54:56 | 00,135,168 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> [2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpzipm12.exe -> %SystemRoot%\System32\HPZipm12.exe -> [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/12/18 22:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/02/22 19:30:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/02/22 19:30:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
mspmspsv.exe -> %SystemRoot%\System32\MsPMSPSv.exe -> [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> %SystemRoot%\System32\nvsvc32.exe -> [2003/10/06 15:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
point32.exe -> %ProgramFiles%\Microsoft Hardware\Mouse\point32.exe -> [2001/08/23 19:37:40 | 00,167,936 | R--- | M] (Microsoft Corporation)
psi.exe -> %ProgramFiles%\Secunia\PSI\psi.exe -> [2008/12/17 03:05:10 | 00,748,840 | ---- | M] (Secunia)
qbdbmgrn.exe -> %ProgramFiles%\Intuit\QuickBooks 2006\QBDBMgrN.exe -> [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.)
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
realplay.exe -> %ProgramFiles%\Real\RealPlayer\RealPlay.exe -> [2004/11/29 06:49:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> [2002/07/30 12:40:44 | 00,573,440 | ---- | M] (Symantec Corporation)
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [2003/08/29 12:14:56 | 00,233,472 | ---- | M] ()
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [2003/08/29 20:05:35 | 00,360,448 | ---- | M] ()
shellmon.exe -> %ProgramFiles%\America Online 9.0\shellmon.exe -> [2005/07/12 07:17:50 | 00,054,872 | ---- | M] (America Online, Inc.)
vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> [2002/07/30 12:35:04 | 00,077,824 | ---- | M] (Symantec Corporation)
waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe -> [2004/11/19 10:54:58 | 00,037,464 | ---- | M] (America Online, Inc.)
wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> [2001/08/07 16:06:54 | 00,024,633 | ---- | M] (Microsoft® Corporation)
wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> [2001/08/16 21:41:58 | 00,028,738 | ---- | M] (Microsoft® Corporation)
[Win32 Services - Safe List]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC)
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> [2004/10/15 13:54:14 | 00,100,016 | ---- | M] (America Online, Inc)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\System32\CTsvcCDA.exe -> [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> [2002/07/30 12:36:00 | 00,032,768 | ---- | M] (Symantec Corporation)
(getPlus(R) Helper) getPlus(R) Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/09 14:33:03 | 00,137,200 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/02/22 19:30:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> [2002/07/30 12:40:44 | 00,573,440 | ---- | M] (Symantec Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\nvsvc32.exe -> [2003/10/06 15:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\System32\HPZipm12.exe -> [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP)
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\MsPMSPSv.exe -> [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2004/11/29 06:49:31 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(BCM42XX) Broadcom iLine10(tm) Network Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\bcm42xx5.sys -> [2001/08/17 05:11:26 | 00,054,271 | ---- | M] (Broadcom Corporation)
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\BCMSM.sys -> [2003/08/29 05:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation)
(brfilt) Brother MFC Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\Brfilt.sys -> [2001/08/17 14:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.)
(brparimg) Brother Multi Function Parallel Image driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\BrParImg.sys -> [2001/08/17 14:12:24 | 00,003,168 | ---- | M] (Brother Industries Ltd.)
(BrParWdm) Brother WDM Parallel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\BrParwdm.sys -> [2001/08/17 14:12:18 | 00,039,552 | ---- | M] (Brother Industries Ltd.)
(BrSerWDM) Brother WDM Serial driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\BrSerWdm.sys -> [2001/08/17 14:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\CVirtA.sys -> [2003/05/01 13:26:34 | 00,005,220 | R--- | M] (Cisco Systems, Inc.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\e100b325.sys -> [2002/09/19 15:59:50 | 00,139,776 | ---- | M] (Intel Corporation)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\gameenum.sys -> [2008/04/13 11:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZid412.sys -> [2006/04/12 17:04:39 | 00,049,664 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZipr12.sys -> [2006/04/12 17:04:39 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HPZius12.sys -> [2006/04/12 17:04:39 | 00,021,568 | ---- | M] (HP)
(IPFilter) Microsoft IntelliPoint Features driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\IPFilter.sys -> [2001/08/23 01:33:12 | 00,010,192 | R--- | M] (Microsoft Corporation)
(mf) mf [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\mf.sys -> [2008/04/13 11:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 06:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\MxlW2k.sys -> [2004/11/28 19:24:16 | 00,028,164 | ---- | M] (MusicMatch, Inc.)
(NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys -> [2002/06/19 21:57:12 | 00,218,112 | ---- | M] (Symantec Corporation)
(NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS -> [2002/06/19 21:57:14 | 00,029,184 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090313.007\NAVENG.SYS -> [2009/03/13 01:00:00 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090313.007\NAVEX15.SYS -> [2009/03/13 01:00:00 | 00,876,144 | ---- | M] (Symantec Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nv4_mini.sys -> [2003/10/06 15:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation)
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 09:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation)
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\P16X.sys -> [2002/08/30 09:29:02 | 01,293,440 | ---- | M] (Creative Technology Ltd.)
(PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\System32\PfModNT.sys -> [1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.)
(PSI) PSI [File_System | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\psi_mf.sys -> [2008/12/10 07:17:14 | 00,007,808 | ---- | M] (Secunia)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2002/09/03 09:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\PxHelp20.sys -> [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2004/11/28 19:02:54 | 00,073,224 | ---- | M] (Symantec Corporation)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.aol.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< HOSTS File > (297250 bytes and 10312 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/03 00:24:01 | 00,192,512 | R--- | M] ()
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/02/09 14:22:21 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/02/09 14:33:06 | 00,657,904 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/02/22 19:30:42 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/02/22 19:30:45 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/09 14:22:21 | 00,251,504 | ---- | M] ()
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> [2004/10/21 15:32:48 | 00,459,968 | ---- | M] (IE Toolbar)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/01/05 13:30:40 | 00,399,352 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/09 14:22:21 | 00,251,504 | ---- | M] ()
WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> [2004/10/21 15:32:48 | 00,459,968 | ---- | M] (IE Toolbar)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/01/05 13:30:40 | 00,399,352 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008/06/12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AOLDialer" -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] -> [2006/10/23 05:50:37 | 00,071,216 | R--- | M] (AOL LLC)
"BCMSMMSG" -> %SystemRoot%\BCMSMMSG.exe [BCMSMMSG.exe] -> [2003/08/29 05:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation)
"diagent" -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe ["C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup] -> [2002/04/03 02:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd)
"HostManager" -> %CommonProgramFiles%\AOL\1101736076\ee\AOLSoftware.exe [C:\Program Files\Common Files\AOL\1101736076\ee\AOLSoftware.exe] -> [2006/09/25 17:52:48 | 00,050,736 | ---- | M] (America Online, Inc.)
"HP Component Manager" -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> [2005/01/12 15:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"Microsoft Works Portfolio" -> %ProgramFiles%\Microsoft Works\WksSb.exe [C:\Program Files\Microsoft Works\WksSb.exe /AllUsers] -> [2001/08/23 14:52:52 | 00,331,830 | ---- | M] (Microsoft® Corporation)
"Microsoft Works Update Detection" -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> [2001/08/16 21:41:58 | 00,028,738 | ---- | M] (Microsoft® Corporation)
"MMTray" -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe] -> [2002/08/14 18:29:26 | 00,090,112 | ---- | M] (MUSICMATCH, Inc.)
"NvCplDaemon" -> %SystemRoot%\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2003/10/06 15:16:00 | 05,058,560 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2003/10/06 15:16:00 | 00,741,376 | ---- | M] (NVIDIA Corporation)
"POINTER" -> [point32.exe] -> File not found
"Pure Networks Port Magic" -> %ProgramFiles%\Pure Networks\Port Magic\PortAOL.exe ["C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run] -> [2004/04/05 14:33:54 | 00,099,480 | ---- | M] (Pure Networks, Inc.)
"QuickBooksDB" -> %ProgramFiles%\Intuit\QuickBooks 2006\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -n QB_BARBARACOMPUTER_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y] -> [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"RealTray" -> %ProgramFiles%\Real\RealPlayer\RealPlay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2004/11/29 06:49:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/02/22 19:30:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"UpdReg" -> %SystemRoot%\UpdReg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 02:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"vptray" -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] -> [2002/07/30 12:35:04 | 00,077,824 | ---- | M] (Symantec Corporation)
"WorksFUD" -> %ProgramFiles%\Microsoft Works\wkfud.exe [C:\Program Files\Microsoft Works\wkfud.exe] -> [2001/10/05 17:34:51 | 00,024,576 | ---- | M] (Microsoft® Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AOL Fast Start" -> %ProgramFiles%\America Online 9.0\AOL.EXE ["C:\Program Files\America Online 9.0\AOL.EXE" -b] -> [2005/07/12 07:17:44 | 00,050,776 | ---- | M] (America Online, Inc.)
"MoneyAgent" -> %ProgramFiles%\Microsoft Money\System\Money Express.exe ["C:\Program Files\Microsoft Money\System\Money Express.exe"] -> File not found
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/02/09 14:33:06 | 00,039,408 | ---- | M] (Google Inc.)
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
%AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> [2006/02/10 07:56:20 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 02:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> [2001/08/07 16:06:54 | 00,024,633 | ---- | M] (Microsoft® Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2007/01/22 12:21:00 | 00,815,104 | ---- | M] (Intuit Inc.)
< BARBARA Startup Folder > -> C:\Documents and Settings\BARBARA\Start Menu\Programs\Startup ->
-> %UserProfile%\Start Menu\Programs\Startup\DLHelperEXE.exe -> [2005/02/04 12:38:12 | 00,196,608 | ---- | M] ()
%UserProfile%\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk -> %ProgramFiles%\Greetings Workshop\GWREMIND.EXE -> [1997/09/04 01:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation)
%UserProfile%\Start Menu\Programs\Startup\Secunia PSI.lnk -> %ProgramFiles%\Secunia\PSI\psi.exe -> [2008/12/17 03:05:10 | 00,748,840 | ---- | M] (Secunia)
%UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [2003/08/29 20:05:35 | 00,360,448 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"" -> [] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll [res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML] -> [2004/10/21 15:32:48 | 00,459,968 | ---- | M] (IE Toolbar)
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009/01/05 15:33:03 | 03,751,995 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~3\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{4982D40A-C53B-4615-B15B-B5B5E98D167C}:{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [Button: AOL Toolbar] -> [2004/10/21 15:32:48 | 00,459,968 | ---- | M] (IE Toolbar)
{4982D40A-C53B-4615-B15B-B5B5E98D167C}:{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [Menu: AOL Toolbar] -> [2004/10/21 15:32:48 | 00,459,968 | ---- | M] (IE Toolbar)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyPoker\IEExtension.dll [Button: PartyPoker.com] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [Menu: PartyPoker.com] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 15:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> [2004/10/21 15:32:48 | 00,459,968 | ---- | M] (IE Toolbar)
CmdMapping\\"{64FA9700-6A17-4bd5-A7D8-D81CF095995F}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> %ProgramFiles%\PartyPoker\IEExtension.dll [IECmdExecute Class] -> File not found
CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5357 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5978 domain(s) found. ->
.[msn] -> My Computer ->
objects_aol.com -> Out of zone range - ( 5 ) ->
53 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0335A685-ED24-4F7B-A08E-3BD15D84E668} [HKLM] -> http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab [Reg Error: Key error.] ->
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Reg Error: Key error.] ->
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.costcophotocenter.com/CostcoActivia.cab [Snapfish Activia] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172375316165 [WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172375298978 [MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{90051A81-3018-4826-8B38-DD60B6B53F9C} [HKLM] -> http://www.costcophotocenter.com/CostcoUpload.cab [Snapfish File Upload ActiveX Control] ->
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab [get_atlcom Class] ->
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0785536E-EC15-493C-A1EE-24003C7CA45C} -> (D-Link DHN-520 10Mb Home Phoneline Network Adapter) ->
{5EC3D48B-878F-4A58-8109-82803E27BC8A} -> (Intel(R) PRO/100 VE Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
NavLogon -> %SystemRoot%\System32\NavLogon.dll -> [2002/07/30 12:33:00 | 00,045,056 | ---- | M] ()
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [2003/08/03 00:20:57 | 00,126,976 | R--- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> [2004/11/19 10:54:58 | 00,037,464 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1101736076\EE\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1101736076\EE\aolsoftware.exe [C:\Program Files\Common Files\AOL\1101736076\EE\aolsoftware.exe:*:Enabled:AOL Shared Components] -> [2006/09/25 17:52:48 | 00,050,736 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service] -> [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer] -> [2006/10/23 05:50:37 | 00,071,216 | R--- | M] (AOL LLC)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/15 10:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/20 23:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/21 00:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/20 21:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/04/20 23:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/21 00:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2006/02/16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/19 05:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/17 00:19:34 | 00,192,512 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/21 00:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/09 16:41:28 | 00,573,440 | ---- | M] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/09 16:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" -> C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager] -> [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 11:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\autoAlbum.log [-i="C:\Documents and Settings\BARBARA\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_4\tmpAlb_4_0.txt" -o="C:\Documents and Settings\BARBARA\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_4\tmpAlb_4_0_out.txt" -g -b -s=4 -f="text"input text file: C:\Documents and Settings\BARBARA\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_4\tmpAlb_4_0.txt | output file: C:\Documents and Settings\BARBARA\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_4\tmpAlb_4_0_out.txt | | Value of width is 3507 and ht is 2550creating book layout ... | layout is complete, writing output file of type 1... | ] -> %SystemDrive%\autoAlbum.log [ NTFS ] -> [2005/10/27 20:25:53 | 00,000,627 | ---- | M] ()
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/11/28 17:27:47 | 00,000,000 | ---- | M] ()
D:\autorun.inf [[autorun] | shellexecute=PhotoStamps.html | ] -> D:\autorun.inf [ CDFS ] -> [2006/08/12 06:28:04 | 00,000,040 | R--- | M] ()
Z:\AutoBackupEXE.exe [MZ | ] -> Z:\AutoBackupEXE.exe [ NTFS ] -> [2007/01/22 11:11:06 | 00,086,016 | ---- | M] (Intuit Inc.)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell
\D\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun
\D\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
\G
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell
\G\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun
\G\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
\G\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
\{b74d43bb-414f-11d9-9479-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b74d43bb-414f-11d9-9479-806d6172696f}\Shell
\{b74d43bb-414f-11d9-9479-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b74d43bb-414f-11d9-9479-806d6172696f}\Shell\AutoRun
\{b74d43bb-414f-11d9-9479-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
[Files/Folders - Created Within 30 Days]
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/03/17 16:55:46 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2009/03/17 11:52:07 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/03/17 11:51:33 | 00,781,851 | ---- | C] ()
Barbie_at_50.wmv -> %UserProfile%\My Documents\Barbie_at_50.wmv -> [2009/03/17 05:48:26 | 05,157,832 | ---- | C] ()
HTMLText -> %UserProfile%\My Documents\HTMLText -> [2009/03/17 05:32:47 | 00,000,000 | ---D | C]
HTMLText.zip -> %UserProfile%\My Documents\HTMLText.zip -> [2009/03/17 05:32:29 | 03,037,082 | ---- | C] ()
HowMyLittleBrotherDied.wmv -> %UserProfile%\My Documents\HowMyLittleBrotherDied.wmv -> [2009/03/17 05:31:19 | 01,408,435 | ---- | C] ()
Ryan's_Tax_Shit_2006.pdf -> %UserProfile%\My Documents\Ryan's_Tax_Shit_2006.pdf -> [2009/03/16 18:30:19 | 00,260,214 | ---- | C] ()
MMM_Spaghetti -> %UserProfile%\My Documents\MMM_Spaghetti -> [2009/03/16 06:16:46 | 00,000,000 | ---D | C]
MMM_Spaghetti.zip -> %UserProfile%\My Documents\MMM_Spaghetti.zip -> [2009/03/16 06:16:42 | 00,272,837 | ---- | C] ()
RegistryFix7 -> %ProgramFiles%\RegistryFix7 -> [2009/03/14 19:28:41 | 00,000,000 | ---D | C]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/14 16:14:15 | 00,001,734 | ---- | C] ()
carride.doc -> %UserProfile%\My Documents\carride.doc -> [2009/03/13 06:46:15 | 00,146,944 | ---- | C] ()
QuinnRed'sflyer.pdf -> %UserProfile%\My Documents\QuinnRed'sflyer.pdf -> [2009/03/11 20:47:30 | 00,069,625 | ---- | C] ()
Windows Resource Kits -> %ProgramFiles%\Windows Resource Kits -> [2009/03/10 17:50:57 | 00,000,000 | ---D | C]
subinacl.msi -> %UserProfile%\Desktop\subinacl.msi -> [2009/03/10 17:49:41 | 00,379,392 | ---- | C] ()
file000 -> %UserProfile%\My Documents\file000 -> [2009/03/06 21:49:06 | 00,000,000 | ---D | C]
file000.zip -> %UserProfile%\My Documents\file000.zip -> [2009/03/06 21:49:00 | 00,864,516 | ---- | C] ()
broncootherside -> %UserProfile%\My Documents\broncootherside -> [2009/03/02 22:41:23 | 00,000,000 | ---D | C]
broncootherside.zip -> %UserProfile%\My Documents\broncootherside.zip -> [2009/03/02 22:41:17 | 00,671,569 | ---- | C] ()
DSC00397 -> %UserProfile%\My Documents\DSC00397 -> [2009/03/01 21:15:17 | 00,000,000 | ---D | C]
DSC00397.zip -> %UserProfile%\My Documents\DSC00397.zip -> [2009/03/01 21:15:12 | 00,575,597 | ---- | C] ()
FirehoseRodeo.wmv -> %UserProfile%\My Documents\FirehoseRodeo.wmv -> [2009/02/27 16:44:37 | 02,022,938 | ---- | C] ()
BabyDog.wmv -> %UserProfile%\My Documents\BabyDog.wmv -> [2009/02/27 16:42:43 | 03,836,547 | ---- | C] ()
Correct_Way_to_Arrest_a_Terrorist.wmv -> %UserProfile%\My Documents\Correct_Way_to_Arrest_a_Terrorist.wmv -> [2009/02/27 13:18:52 | 01,742,629 | ---- | C] ()
shoulda_been_a_superbowl_commercial.wmv -> %UserProfile%\My Documents\shoulda_been_a_superbowl_commercial.wmv -> [2009/02/24 21:52:56 | 01,658,866 | ---- | C] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/02/24 08:09:19 | 00,000,933 | ---- | C] ()
Huge_Dead_Snake.wmv -> %UserProfile%\My Documents\Huge_Dead_Snake.wmv -> [2009/02/21 09:26:54 | 02,037,677 | ---- | C] ()
Allatijokepek.pps -> %UserProfile%\My Documents\Allatijokepek.pps -> [2009/02/21 09:19:05 | 02,469,888 | ---- | C] ()
Good_Nig.wmv -> %UserProfile%\My Documents\Good_Nig.wmv -> [2009/02/15 20:58:56 | 05,125,275 | ---- | C] ()
Texas.wmv -> %UserProfile%\My Documents\Texas.wmv -> [2009/02/15 20:50:17 | 01,208,937 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/03/17 11:51:38 | 00,781,851 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/03/17 11:51:02 | 00,000,817 | ---- | M] ()
Barbie_at_50.wmv -> %UserProfile%\My Documents\Barbie_at_50.wmv -> [2009/03/17 05:48:58 | 05,157,832 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/03/17 05:32:56 | 00,109,568 | ---- | M] ()
HTMLText.zip -> %UserProfile%\My Documents\HTMLText.zip -> [2009/03/17 05:32:47 | 03,037,082 | ---- | M] ()
HowMyLittleBrotherDied.wmv -> %UserProfile%\My Documents\HowMyLittleBrotherDied.wmv -> [2009/03/17 05:31:28 | 01,408,435 | ---- | M] ()
Ryan's_Tax_Shit_2006.pdf -> %UserProfile%\My Documents\Ryan's_Tax_Shit_2006.pdf -> [2009/03/16 18:30:21 | 00,260,214 | ---- | M] ()
MMM_Spaghetti.zip -> %UserProfile%\My Documents\MMM_Spaghetti.zip -> [2009/03/16 06:16:44 | 00,272,837 | ---- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/03/14 19:29:22 | 08,650,752 | -H-- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/03/14 19:18:39 | 00,002,206 | ---- | M] ()
Perflib_Perfdata_6c8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_6c8.dat -> [2009/03/14 19:18:06 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/03/14 19:17:49 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/03/14 19:17:46 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/03/14 19:17:45 | 10,727,66976 | -HS- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/03/14 19:16:55 | 00,000,178 | -HS- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/03/14 18:23:06 | 00,000,284 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/14 16:14:15 | 00,001,734 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/03/13 10:53:17 | 00,005,517 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/03/13 10:53:17 | 00,004,232 | ---- | M] ()
wklntsk.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk.dat -> [2009/03/13 06:46:33 | 01,313,472 | ---- | M] ()
wklntnts.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntnts.dat -> [2009/03/13 06:46:33 | 01,313,472 | ---- | M] ()
carride.doc -> %UserProfile%\My Documents\carride.doc -> [2009/03/13 06:46:17 | 00,146,944 | ---- | M] ()
QuinnRed'sflyer.pdf -> %UserProfile%\My Documents\QuinnRed'sflyer.pdf -> [2009/03/11 20:47:32 | 00,069,625 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/03/11 06:00:34 | 00,439,552 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/03/11 06:00:34 | 00,380,350 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/03/11 06:00:34 | 00,052,764 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/03/11 03:08:23 | 00,490,680 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/03/11 03:01:50 | 00,001,374 | ---- | M] ()
subinacl.msi -> %UserProfile%\Desktop\subinacl.msi -> [2009/03/10 17:49:42 | 00,379,392 | ---- | M] ()
file000.zip -> %UserProfile%\My Documents\file000.zip -> [2009/03/06 21:49:05 | 00,864,516 | ---- | M] ()
broncootherside.zip -> %UserProfile%\My Documents\broncootherside.zip -> [2009/03/02 22:41:22 | 00,671,569 | ---- | M] ()
DSC00397.zip -> %UserProfile%\My Documents\DSC00397.zip -> [2009/03/01 21:15:16 | 00,575,597 | ---- | M] ()
FirehoseRodeo.wmv -> %UserProfile%\My Documents\FirehoseRodeo.wmv -> [2009/02/27 16:44:50 | 02,022,938 | ---- | M] ()
BabyDog.wmv -> %UserProfile%\My Documents\BabyDog.wmv -> [2009/02/27 16:43:07 | 03,836,547 | ---- | M] ()
Correct_Way_to_Arrest_a_Terrorist.wmv -> %UserProfile%\My Documents\Correct_Way_to_Arrest_a_Terrorist.wmv -> [2009/02/27 13:19:03 | 01,742,629 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation)
image001.zip -> %UserProfile%\My Documents\image001.zip -> [2009/02/24 21:54:26 | 00,837,150 | ---- | M] ()
shoulda_been_a_superbowl_commercial.wmv -> %UserProfile%\My Documents\shoulda_been_a_superbowl_commercial.wmv -> [2009/02/24 21:53:07 | 01,658,866 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/02/24 08:10:54 | 00,297,250 | R--- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/02/24 08:09:19 | 00,000,933 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %UserProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/23 19:51:35 | 00,000,708 | ---- | M] ()
Huge_Dead_Snake.wmv -> %UserProfile%\My Documents\Huge_Dead_Snake.wmv -> [2009/02/21 09:27:06 | 02,037,677 | ---- | M] ()
Allatijokepek.pps -> %UserProfile%\My Documents\Allatijokepek.pps -> [2009/02/21 09:19:21 | 02,469,888 | ---- | M] ()
Good_Nig.wmv -> %UserProfile%\My Documents\Good_Nig.wmv -> [2009/02/15 20:59:29 | 05,125,275 | ---- | M] ()
Texas.wmv -> %UserProfile%\My Documents\Texas.wmv -> [2009/02/15 20:50:25 | 01,208,937 | ---- | M] ()
hhcolreg.dat -> %AllUsersProfile%\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2006/11/22 19:07:13 | 00,008,126 | ---- | M] ()
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2006/02/22 17:45:00 | 00,004,064 | ---- | M] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2004/11/28 23:23:01 | 00,016,384 | ---- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
< End of report >