FYI, my Program Files and Windows folders, among others are in E Drive. Here's a closer look inside my E Drive:
And here's what's inside my C Drive:
Still C Drive?
FYI, my Program Files and Windows folders, among others are in E Drive. Here's a closer look inside my E Drive:
And here's what's inside my C Drive:
Still C Drive?
Hi
first E and then C
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
OK. I think I am done! I just have to go over the list of applications you have listed and their respective sites. Just one question, do you recommend that I install ALL of them to be safe?
Thanks!
Hi
My personal favorites
Spybot Search and Destroy
WinPatrol
MVPS Hosts File
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
OK. I am going for them. But that would be tomorrow because I badly need to sleep now. LOL!
Thanks and I will update you as soon as I have installed them tomorrow.
Take care! And thanks again!
The following file which we have been deleting/ fixing thru HJT has been reappearing:
O4 - HKCU\..\Run: [RegCom32] E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe
I noticed this when I installed and run WinPatrol. :(
Hi
Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
Please reply with
HijackThis log
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
Hello again! Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:34 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alifeinbloom.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegCom32] E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 8651 bytes
==========================================================
And it's there. Every now and then, Scotty prompts me about this and when I click NO, it automatically opens THIS file. Is it normal?
file:///E:/Program%20Files/BillP%20Studios/WinPatrol/helpme.html
Moreover, I tried removing it thru HJT to no avail. Scotty can't kill it too even if I opted for killing it upon reboot.
Help please. Thanks, peku006!
Hi
OTViewIt
- Please download OTViewIt by OldTimer and save it to your Desktop.
- Close all applications and windows.
- Double-click on the OTViewIt.exeto start OTViewIt.
- Place a checkmark in the blue-colored "Scan All Users" checkbox.
- Click the blue Run Scan button.
- OTViewIt will now start its scan.
- When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
Hello again! Sorry if I am consuming much of your time.
Here is my OTViewIt.Txt log. (File Age is 30 only)
OTViewIt logfile created on: 10/22/2008 11:11:25 PM - Run 3
OTViewIt by OldTimer - Version 1.0.17.0 Folder = E:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.42 Mb Total Physical Memory | 586.16 Mb Available Physical Memory | 57.78% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.30% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.37 Gb Total Space | 3.15 Gb Free Space | 58.63% Space Free | Partition Type: FAT32
Drive D: | 700.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 31.87 Gb Total Space | 13.74 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUZANNE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2008/10/18 22:58:40 | 00,611,664 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2007/07/27 20:27:09 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe
[2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2005/01/23 09:36:10 | 00,155,648 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\igfxtray.exe
[2005/01/23 09:31:34 | 00,126,976 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\hkcmd.exe
[2004/12/04 05:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- E:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/11/05 09:40:08 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2004/11/05 09:38:54 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/01/29 04:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe
[2008/10/17 09:56:33 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgcc.exe
[2008/10/07 23:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2003/05/15 17:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2008/10/09 23:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
[2008/10/22 23:03:43 | 00,421,888 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/18 22:58:40 | 00,611,664 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/05/01 20:56:13 | 00,072,704 | ---- | M] (Adobe Systems) -- E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/11/30 09:19:28 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2007/07/27 20:27:09 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2008/01/07 21:06:25 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- E:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS [Auto | Running])
[2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2004/11/18 16:32:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- E:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2003/07/29 04:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/29 04:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
========== Driver Services ==========
[2007/11/30 09:18:19 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2007/07/27 20:27:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/07/27 20:27:25 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2008/01/07 21:06:33 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2007/07/27 20:27:26 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- E:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2005/12/18 08:25:12 | 00,424,320 | ---- | M] (Broadcom Corporation) -- E:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2007/05/18 16:04:16 | 00,015,872 | ---- | M] () -- E:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh [On_Demand | Stopped])
[2005/02/17 22:41:18 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- E:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
[2005/02/17 22:42:02 | 00,349,696 | ---- | M] (Conexant Systems Inc.) -- E:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
[2004/04/14 23:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- E:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2003/06/07 03:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- E:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2004/12/15 14:18:34 | 00,207,232 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/12/15 14:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/01/23 10:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/17 10:04:14 | 00,013,059 | ---- | M] (Conexant) -- E:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/03/27 21:47:58 | 00,010,368 | ---- | M] (Padus, Inc.) -- E:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 09:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/02/06 16:31:36 | 00,020,640 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 06:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- E:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2008/04/14 02:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/10 18:23:42 | 00,061,600 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
[2006/11/10 18:23:48 | 00,009,360 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
[2006/11/10 18:23:50 | 00,097,184 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
[2006/11/10 18:23:54 | 00,088,688 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])
[2006/11/10 18:23:56 | 00,018,704 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])
[2006/11/10 18:23:58 | 00,086,560 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])
[2006/11/10 18:24:06 | 00,090,800 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/11/05 09:26:42 | 00,186,016 | ---- | M] (Synaptics, Inc.) -- E:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/06/24 01:16:08 | 00,162,176 | ---- | M] (Texas Instruments) -- E:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2008/04/14 02:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/14 02:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2004/12/15 14:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- E:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/14 02:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com/
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com/
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://alifeinbloom.blogspot.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\PE_E_..\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\PE_E_ALL USERS\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://alifeinbloom.blogspot.com/
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (617912 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 z.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtb5.acecounter.com
127.0.0.1 gtcc1.acecounter.com
16263 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- E:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[HKEY_USERS\PE_E_GUEST\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"=E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"DiskeeperSystray"="E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
"eabconfg.cpl"=E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
"HotKeysCmds"=E:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=E:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=E:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=E:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"WatchDog"=E:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
"WinPatrol"=E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
"YSearchProtection"="E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegCom32"=E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe File not found
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"YSearchProtection"=E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegCom32"=E:\DOCUME~1\User\LOCALS~1\Temp\IXP004.TMP\svchost.exe File not found
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"YSearchProtection"=E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
========== (O4) RunOnce Keys ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2003/05/15 17:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2005/05/07 07:58:24 | 00,335,872 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
[1999/11/05 07:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- E:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 16:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all video with BitComet: Reg Error: Value does not exist or could not be read. File not found
&D&ownload all with BitComet: Reg Error: Value does not exist or could not be read. File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 16:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/03/01 10:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 14:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/control...ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
//@install.mar@: msni in My Computer
//@mail.mar@: msni in Local intranet
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\PE_E_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\PE_E_GUEST\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-73586283-2052111302-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
//@install.mar@: msni in My Computer
//@mail.mar@: msni in Local intranet
43 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/downlo...eckControl.cab -- Windows Genuine Advantage Validation Tool
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/sh...0/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/ge...sh/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://E:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{018E86D0-A337-4530-A807-00B99E35794A} (Servers: | Description: Broadcom 802.11b/g WLAN)
{A14FC9BB-8D33-4FE0-80FD-9C8397260BB9} (Servers: | Description: 1394 Net Adapter)
{B7AAA585-C055-4ECB-A29C-6BAD361EB6EC} (Servers: | Description: )
{C8163867-8ED5-47F8-9CE5-4907DFA79EBB} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{D41B1318-5AC5-41CF-A99A-D809ECC89090} (Servers: | Description: Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5))
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- E:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTO_FR.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=FR | xkeyb c:\fdos\bin\key\fr | ]
[2004/03/06 04:19:32 | 00,000,305 | ---- | M] () -- C:\AUTO_FR.BAT -- [ FAT32 ]
AUTO_US.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=EN | xkeyb c:\fdos\bin\key\us.key | ]
[2004/03/06 04:19:02 | 00,000,278 | ---- | M] () -- C:\AUTO_US.BAT -- [ FAT32 ]
AUTO_IT.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=IT | xkeyb c:\fdos\bin\key\it | ]
[2004/03/06 04:34:12 | 00,000,306 | ---- | M] () -- C:\AUTO_IT.BAT -- [ FAT32 ]
AUTO_GR.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=GR | xkeyb c:\fdos\bin\key\gr | ]
[2004/03/06 04:33:40 | 00,000,305 | ---- | M] () -- C:\AUTO_GR.BAT -- [ FAT32 ]
AUTO_SP.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=SP | xkeyb c:\fdos\bin\key\sp | ]
[2004/03/06 04:35:08 | 00,000,305 | ---- | M] () -- C:\AUTO_SP.BAT -- [ FAT32 ]
AUTO_LA.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=LA | xkeyb c:\fdos\bin\key\la | ]
[2004/03/06 04:36:34 | 00,000,305 | ---- | M] () -- C:\AUTO_LA.BAT -- [ FAT32 ]
Auto_bp.bat [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=BP | xkeyb c:\fdos\bin\key\br274.key | ]
[2004/03/06 05:53:32 | 00,000,281 | ---- | M] () -- C:\Auto_bp.bat -- [ FAT32 ]
AUTO_PT.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=PT | xkeyb c:\fdos\bin\key\po.key | ]
[2004/03/06 05:53:54 | 00,000,278 | ---- | M] () -- C:\AUTO_PT.BAT -- [ FAT32 ]
AUTO_IE.BAT [@echo off | set dircmd=/p/ogn | set dosdir=C:\FDOS | set path=C:\;C:\FDOS;C:\FDOS\bin; | C:\FDOS\bin\mouse.exe | C:\FDOS\bin\Shsucdx /D:FDCD0001 | set lang=EN | xkeyb c:\fdos\bin\key\us.key | ]
[2004/03/06 04:19:02 | 00,000,278 | ---- | M] () -- C:\AUTO_IE.BAT -- [ FAT32 ]
AUTOEXEC.BAT []
[2006/01/21 16:07:24 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]
========== Files/Folders - Created Within 30 Days ==========
[4 E:\WINDOWS\*.tmp files]
[2008/10/22 23:03:35 | 00,421,888 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
[2008/10/22 22:40:20 | 00,000,000 | ---D | C] -- E:\_OTMoveIt
[2008/10/22 22:39:56 | 00,334,848 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2008/10/22 22:18:44 | 00,617,912 | ---- | C] () -- E:\WINDOWS\System32\drivers\HOSTS
[2008/10/22 21:57:29 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\WinPatrol
[2008/10/22 21:57:10 | 00,000,000 | ---D | C] -- E:\Program Files\BillP Studios
[2008/10/21 18:20:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2008/10/21 18:20:02 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/21 18:20:00 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2008/10/20 22:20:40 | 00,000,000 | -HSD | C] -- E:\RECYCLER
[2008/10/20 19:54:39 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2008/10/19 20:50:16 | 00,000,000 | ---D | C] -- E:\Program Files\Trend Micro
[2008/10/18 22:55:43 | 00,000,000 | ---D | C] -- E:\Program Files\Lavasoft
[2008/10/18 22:55:36 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/18 22:51:03 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Wise Installation Wizard
[2008/10/18 21:51:19 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\Malwarebytes
[2008/10/18 21:50:09 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/16 23:12:26 | 00,000,208 | ---- | C] () -- E:\WINDOWS\wininit.ini
[2008/10/16 21:44:11 | 00,076,257 | ---- | C] () -- E:\Documents and Settings\User\Desktop\IMG_4297.jpg
[2008/10/16 20:44:49 | 00,000,000 | ---D | C] -- E:\Documents and Settings\User\Application Data\ESET
[2008/10/16 20:12:02 | 00,262,144 | ---- | C] () -- E:\ntuser.dat
[2008/10/15 18:51:18 | 02,145,280 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 18:51:13 | 02,189,184 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 18:51:09 | 02,023,936 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 18:51:02 | 02,066,048 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 18:46:36 | 00,333,824 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 18:44:12 | 01,846,400 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/05 00:00:42 | 00,000,000 | ---D | C] -- E:\Program Files\Alwil Software
[2008/10/04 14:20:51 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Windows Live
[2008/10/03 23:14:27 | 00,015,872 | ---- | C] () -- E:\WINDOWS\System32\drivers\bfturboh.sys
[2008/10/03 23:14:07 | 00,000,000 | ---D | C] -- E:\Program Files\BUFFALO
[2008/09/30 22:29:52 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/30 22:28:36 | 00,000,000 | ---D | C] -- E:\Program Files\Fashion Fits
[2008/09/30 11:51:24 | 00,000,000 | ---D | C] -- E:\Program Files\Believe In Santa
[2008/09/30 11:37:26 | 00,000,000 | ---D | C] -- E:\Program Files\Dr Daisy Pet Vet
[2008/09/30 11:20:53 | 00,000,000 | ---D | C] -- E:\Program Files\Happy Hour
[2008/09/30 09:47:37 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Gogii
[2008/09/30 09:43:20 | 00,000,000 | ---D | C] -- E:\Program Files\Babysitting Mania
[2008/09/30 08:45:07 | 00,000,000 | ---D | C] -- E:\Program Files\Farm Frenzy
[2008/09/30 07:52:39 | 00,000,000 | ---D | C] -- E:\Program Files\Daycare Nightmare
[2008/09/30 07:27:36 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/09/30 07:26:48 | 00,000,000 | ---D | C] -- E:\Program Files\Cake Mania
[2008/09/29 21:21:47 | 00,004,096 | ---- | C] () -- E:\WINDOWS\d3dx.dat
[2008/09/29 21:17:19 | 00,000,000 | ---D | C] -- E:\Program Files\Sallys Salon
========== Files - Modified Within 30 Days ==========
[2 E:\WINDOWS\System32\*.tmp files]
[4 E:\WINDOWS\*.tmp files]
[2008/10/22 23:03:43 | 00,421,888 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTViewIt.exe
[2008/10/22 22:40:09 | 00,334,848 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\User\Desktop\OTMoveIt3.exe
[2008/10/22 22:27:05 | 00,002,262 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2008/10/22 22:24:05 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2008/10/22 22:23:30 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2008/10/20 20:29:26 | 00,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2008/10/19 16:55:36 | 00,000,208 | ---- | M] () -- E:\WINDOWS\wininit.ini
[2008/10/19 10:36:15 | 01,196,544 | -HS- | M] () -- E:\Documents and Settings\User\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> E:\Documents and Settings\User\Desktop\Thumbs.db:encryptable
[2008/10/16 23:22:08 | 03,711,778 | -H-- | M] () -- E:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2008/10/16 21:44:24 | 00,076,257 | ---- | M] () -- E:\Documents and Settings\User\Desktop\IMG_4297.jpg
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2008/10/16 20:12:02 | 00,262,144 | ---- | M] () -- E:\ntuser.dat
[2008/10/16 08:19:39 | 00,644,344 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 20:45:03 | 00,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2008/10/10 19:41:02 | 00,000,040 | ---- | M] () -- E:\WINDOWS\nero.INI
[2008/10/08 03:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\MRT.exe
[2008/10/05 07:09:07 | 00,002,577 | ---- | M] () -- E:\WINDOWS\System32\CONFIG.NT
[2008/10/04 01:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\ieframe.dll
[2008/10/04 01:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/29 21:21:47 | 00,004,096 | ---- | M] () -- E:\WINDOWS\d3dx.dat
[2008/09/28 13:36:08 | 00,000,035 | ---- | M] () -- E:\WINDOWS\Ulead32.INI
[2008/09/28 13:33:38 | 00,000,808 | ---- | M] () -- E:\WINDOWS\win.ini
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\HOSTS
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2008/09/23 11:43:08 | 00,617,912 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\HOSTS
< End of report >