-
HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:21 PM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10340 bytes
OtViewIt Log
OTViewIt logfile created on: 10/6/2008 4:49:29 PM - Run 4
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.18 Gb Free Space | 76.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 239.82 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATT
Current User Name: Matthew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program
Files\Seagate\Basics\Service\SyncServicesBasics.exe
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive
7\MacDriveService.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks
Shared\Platform\nmsrvc.exe
[2008/04/14 06:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2004/09/19 12:27:46 | 00,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/10 10:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2008/04/14 06:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/09 17:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader
9.0\Reader\reader_sl.exe
[2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software
Update\hpwuSchd2.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics
Status\MaxMenuMgrBasics.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital
Imaging\bin\hpqste08.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version
Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/07/10 09:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program
Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service
[Disabled | Stopped])
[2008/04/14 06:42:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand |
Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) --
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/02/28 21:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe -- (Crypkey License
[Auto | Running])
[2008/07/24 23:56:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) --
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/10 10:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service
[On_Demand | Running])
[2008/05/02 10:28:48 | 00,150,528 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive
7\MacDriveService.exe -- (MacDriveService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network
Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks
Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source
Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2008/04/14 06:42:40 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled |
Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe --
(WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services ==========
[2005/05/12 14:39:56 | 01,287,296 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand |
Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM
[On_Demand | Running])
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
-- (HDAudBus [On_Demand | Running])
[2005/10/27 20:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand |
Stopped])
[2005/10/27 20:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand |
Stopped])
[2005/10/27 20:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand |
Stopped])
[2008/04/14 01:01:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm
[System | Running])
[2005/08/04 05:51:58 | 00,026,112 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\drivers\iteraid.sys --
(iteraid [Boot | Running])
[2008/07/22 14:29:46 | 00,288,768 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT
[Boot | Running])
[2007/02/28 11:15:08 | 00,019,072 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT
[Boot | Running])
[2006/01/09 22:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX [System | Running])
[2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand
| Running])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot
| Running])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto |
Running])
[2001/08/22 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys --
(Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis
[Auto | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot |
Running])
[2008/04/14 05:10:50 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port
[Boot | Running])
[2008/04/13 23:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and
Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/29 17:40:56 | 00,210,472 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (si3114r5 [Boot
| Running])
[2008/04/29 17:40:56 | 00,017,064 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter
[Boot | Running])
[2008/04/29 17:40:56 | 00,012,200 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil
[Boot | Running])
[2008/04/14 01:15:36 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci
[On_Demand | Running])
[2008/04/14 05:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx
[On_Demand | Stopped])
[2005/01/06 11:18:40 | 00,310,656 | ---- | M] (Marvell Semiconductor, Inc) -- C:\WINDOWS\system32\drivers\mrv8ka51.sys --
(W8100XP [On_Demand | Stopped])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf
[On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd
[On_Demand | Stopped])
[2008/04/04 04:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand |
Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe
Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe
Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking
Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/08/28 20:22:09 | 00,000,000 | ---D | M]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" (Maxtor Corporation)
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LClock"=C:\Program Files\LClock\LClock.exe ()
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"ShowDeskFix"=regsvr32 /s /n /i:u shell32 (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- |
M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120
| ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 |
00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- |
M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M]
(Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun
Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft
Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite... -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll
(Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft
Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: AIM -- C:\Program Files\AIM\aim.exe (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft
Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1935655697-1767777339-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0D41B8C5-2599-4893-8183-00195EC8D5F9}: http://support.asus.com/common/asusTek_sys_ctrl.cab -- asusTek_sysctrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in
1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in
1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in
1.6.0_07
========== (O17) DNS Name Servers ==========
{2758145E-4A84-4120-9748-0730EFB3919A} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
{6C6AA7EE-51C8-456F-BBAB-A10A953DE278} (Servers: | Description: ASUS 802.11b/g Wireless LAN Card)
{B94761F6-BF1A-4FCC-9595-BF86977FC8B6} (Servers: | Description: Windows Mobile-based Device)
{C7B75E5E-F00D-42C6-B592-264D9251F650} (Servers: | Description: 1394 Net Adapter)
{EA7C00F6-F25B-4A22-8F5E-FCB4791FF0C0} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft
Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/07/24 19:49:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]
autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell]
""=Autorun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\A
utoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\A
utoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/20 14:47:17 | 12,171,776 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21b7c0cd-8b52-11dd-b09d-0011d8d6081d}\Shell\O
pen\command]
""=G:\resycled\boot.com -- File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/30 17:07:09 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/30 17:07:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:58 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\gmer
[2008/10/30 17:03:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/06 16:47:27 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\search.bat
[2008/10/05 21:37:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240
[2008/10/05 21:31:04 | 07,474,870 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240.zip
[2008/10/05 00:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\VSTplugins
[2008/10/05 00:25:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Publish Providers
[2008/10/05 00:24:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
[2008/10/04 00:47:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\My Documents\Adobe
[2008/10/02 21:31:54 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/02 21:28:25 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:57 | 00,322,707 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 16:28:52 | 00,000,000 | ---D | C] -- C:\rsit
[2008/09/29 16:04:15 | 00,305,323 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:34 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/27 19:03:59 | 00,486,449 | ---- | C] ( ) -- C:\Documents and
Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/27 17:19:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 02:59:36 | 00,000,188 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2008/09/27 02:11:54 | 00,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2008/09/27 02:02:31 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Stellar Phoenix Windows Data
Recovery.lnk
[2008/09/27 02:02:24 | 00,260,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDATGRD.OCX
[2008/09/27 02:02:24 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2008/09/27 01:48:19 | 00,000,000 | ---D | C] -- C:\Documents and
Settings\Matthew\Desktop\Stellar_Phoneix_Windows_Data_Recovery_v_3.0.0.1_adi231189__CW
[2008/09/27 01:41:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ˆ
** - C:\WINDOWS\System32\?
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:59:53 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/25 23:59:53 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/25 23:59:53 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/25 23:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1
[2008/09/25 23:49:34 | 00,652,169 | ---- | C] () -- C:\Documents and
Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:40:12 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
[2008/09/25 23:40:12 | 00,000,000 | RHSD | C] -- C:\resycled
[2008/09/25 23:19:30 | 00,003,360 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/25 23:19:30 | 00,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/25 23:19:30 | 00,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/09/25 23:18:57 | 00,000,130 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/09/25 23:18:54 | 00,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2008/09/25 23:18:54 | 00,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
[2008/09/25 23:18:54 | 00,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/09/25 23:18:54 | 00,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/09/25 23:18:54 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/09/25 23:18:54 | 00,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/25 23:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix NTFS Data Recovery
[2008/09/25 21:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\EASIS
[2008/09/25 18:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/09/25 18:37:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/09/24 09:58:50 | 12,639,7177 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 00:47:34 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/24 00:47:34 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/18 18:52:38 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/18 18:52:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2008/09/18 18:50:30 | 00,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2008/09/18 18:50:26 | 00,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2008/09/18 18:50:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2008/09/18 18:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/09/15 22:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\retouching
[2008/09/15 22:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme
[2008/09/15 21:21:31 | 00,027,589 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/14 17:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2008/09/14 17:16:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2008/09/14 17:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2008/09/08 03:13:48 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/08 03:13:48 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 03:13:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2008/09/08 03:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2008/09/07 02:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Netflix
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/30 17:26:45 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/30 17:07:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/30 17:07:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/30 17:07:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/30 17:05:59 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/10/30 17:03:20 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\gmer.zip
[2008/10/06 16:47:27 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\search.bat
[2008/10/06 16:46:55 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/06 16:45:22 | 00,182,441 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/06 16:44:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/06 16:44:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/06 16:44:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/05 23:07:53 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008/10/05 21:35:32 | 07,474,870 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\dir615_revB_manual_240.zip
[2008/10/05 21:06:43 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/10/05 03:37:02 | 00,121,856 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 21:28:26 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTMoveIt3.exe
[2008/10/01 17:49:58 | 00,322,707 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\NY-S-00198.pdf
[2008/09/29 16:19:05 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Spybot - Search & Destroy.lnk
[2008/09/29 16:04:15 | 00,305,323 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\RSIT.exe
[2008/09/27 19:04:00 | 00,486,449 | ---- | M] ( ) -- C:\Documents and
Settings\Matthew\Desktop\Fixwareout.exe
[2008/09/27 17:29:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/09/27 17:19:15 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Matthew\Desktop\HJTInstall.exe
[2008/09/27 09:30:34 | 00,000,188 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/27 02:11:54 | 00,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2008/09/27 02:03:11 | 00,003,360 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2008/09/27 02:03:11 | 00,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
[2008/09/27 02:02:32 | 00,000,130 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2008/09/27 02:02:31 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Stellar Phoenix Windows Data
Recovery.lnk
[2008/09/26 23:54:33 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2008/09/26 23:54:33 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2008/09/26 23:49:59 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2008/09/26 23:49:59 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2008/09/25 23:59:53 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2008/09/25 23:49:35 | 00,652,169 | ---- | M] () -- C:\Documents and
Settings\Matthew\Desktop\snd-Stellar.Phoenix.FAT.and.NTFS.2.1.zip
[2008/09/25 23:19:30 | 00,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2008/09/24 09:58:50 | 12,639,7177 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Trailer_Final.mov
[2008/09/24 01:49:43 | 00,381,228 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/24 01:49:43 | 00,328,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/24 01:49:43 | 00,045,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/22 22:00:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/18 18:52:38 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2008/09/15 21:21:32 | 00,027,589 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Photo-Board-Theme.zip
[2008/09/10 03:00:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
