Prunnet + BHOs = My computer is suffering - Help!

[drrchrds]

I am having trouble with Kaspersky, I can't seem to get it to run in Firefox and in IE it runs really slow. After almost 30 mins it had 1%, at that rate it will take 50 hours. It also found one infection, when I clicked to find out what it was the pop up was blocked, I allowed popups and the scan started over. ARGH. Any Idea why it wont run in firefox? The "accept" button never becomes clickable.

[peku006]

Hi drrchrds

Perhaps F-Secure is faster

F-Secure Online Scan

1. Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
2. You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
3. Click on Accept to accept the License Agreement.
4. Click on Custom Scan.
   • Under Virus Scan Options, select the Scan whole system option.
   • Under Other Scan Options, select these options:
     • Scan all files
     • Scan whole system for rootkits
     • Scan whole system for spyware
     • Scan inside archives
     • Use advanced heuristics
5. Click Start.
6. It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
7. Click on I want decide item by item.
8. Under Actions, select None for all infections found.
9. Click Next.
10. Click on Show Report.
11. Please copy and paste this report in your next reply.
12. Click Finish.

Thanks peku006

[drrchrds]

Scanning Report
Thursday, February 12, 2009 15:26:31 - 15:59:15

Computer name: CRUNCHER1
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\ H:\
Result: 1 malware found
TrackingCookie.Revsci (spyware)

* System

Statistics
Scanned:

* Files: 0
* System: 5574
* Not scanned: 0

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:37 PM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\WINDOWS\system32\EloTTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Elo Touch Systems] C:\Program Files\EloTouchSystems\EloTTray.exe (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [Google Update] "C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Mrs. Richards')
O4 - HKUS\S-1-5-21-1275210071-796845957-839522115-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mrs. Richards')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-1275210071-796845957-839522115-1010 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs. Richards')
O4 - S-1-5-21-1275210071-796845957-839522115-1010 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mrs. Richards')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Device Detector 2.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.13/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0145771234431512) (0145771234431512mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014577~1.EXE (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EloSystemService - Elo Touchsystems, Inc. - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bee6cb9fb98) (gupdate1c98bee6cb9fb98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13761 bytes

[drrchrds]

I am still having a lot of browser redirects. I tried to search for the tracking cookie found in the above scan Revsci, and the browser redirects to things like Yahoo HotJobs, 404 Page not found, and phony virus software sites (at least I suspect they are phony). Still having trouble.

[peku006]

Hi drrchrds

Have a look at this tutorial about Firefox and cookies Firefox's Cookie Options

Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

1. Double click on OTScanIt2.exe to run it.
2. Click on Extract. Once done, you will be prompted. Click OK and click Close.
3. Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
4. Under Rookit Search, select Yes.
5. Click on Run Scan at the top left hand corner.
6. When done, Notepad will open. Please post this log in your next reply.

Thanks peku006

[drrchrds]

A couple steps back, I ran the F-Secure scan and it didi find something, but I did not remove it. Last night i was curious to see if Avira would find it, and it did. I assume they found the same thing, F-scan called it TrackingCookie.Revsci and Avira called it HTML.Rce.Gen.

Should I have Avira quarantine it?

Also, I have been using McAfee for a long time but I wonder if I would be just as well off with AVG or Avira or something else. What do you recommend?

Lastly, I have used spybot for years, but do you recommend that I add an additional malware program to the mix? like Malwarebytes or something else?

OTScan (i am breaking this into two posts becuase the scan is larger than the alloted 64000 characters):

[code]
OTScanIt2 logfile created on: 2/13/2009 8:16:53 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\David\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.69% Memory free
2.60 Gb Paging File | 1.61 Gb Available in Paging File | 61.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 12.80 Gb Free Space | 17.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.53 Gb Total Space | 38.34 Gb Free Space | 51.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 42.34 Gb Free Space | 18.18% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: CRUNCHER1
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
avcenter.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avcenter.exe -> [2008/06/26 09:55:59 | 00,356,609 | ---- | M] (Avira GmbH)
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH)
avscan.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avscan.exe -> [2008/11/18 09:21:26 | 00,315,649 | ---- | M] (Avira GmbH)
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.)
devdtct2.exe -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> [2007/02/22 17:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.)
devdtct2.exe -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> [2007/02/22 17:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.)
elodkmon.exe -> %SystemRoot%\system32\EloDkMon.exe -> [2003/07/17 12:27:18 | 00,090,112 | ---- | M] (Elo Touchsystems, Inc.)
elodkmon.exe -> %SystemRoot%\system32\EloDkMon.exe -> [2003/07/17 12:27:18 | 00,090,112 | ---- | M] (Elo Touchsystems, Inc.)
elosrvce.exe -> %SystemRoot%\system32\EloSrvce.exe -> [2003/07/17 12:27:22 | 00,045,056 | ---- | M] (Elo Touchsystems, Inc.)
elottray.exe -> %SystemRoot%\system32\EloTTray.exe -> [2003/07/17 12:27:22 | 00,094,208 | ---- | M] (Elo Touchsystems, Inc.)
elottray.exe -> %SystemRoot%\system32\EloTTray.exe -> [2003/07/17 12:27:22 | 00,094,208 | ---- | M] (Elo Touchsystems, Inc.)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/04 11:05:55 | 00,307,704 | ---- | M] (Mozilla Corporation)
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/02/10 21:43:15 | 00,030,192 | ---- | M] (Google)
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/02/10 21:43:15 | 00,030,192 | ---- | M] (Google)
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> [2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google)
googleupdate.exe -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/10 21:28:10 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %SystemDrive%\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/11/12 18:37:50 | 00,133,104 | ---- | M] (Google Inc.)
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/09/02 23:12:43 | 00,133,104 | ---- | M] (Google Inc.)
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> [2005/01/27 19:16:58 | 00,856,064 | ---- | M] (Nero AG)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/02/12 11:20:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> [2001/10/12 07:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.)
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> [2008/10/17 14:07:07 | 00,087,360 | ---- | M] (LogMeIn, Inc.)
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> [2008/10/17 14:07:07 | 00,087,360 | ---- | M] (LogMeIn, Inc.)
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> [2008/10/17 14:07:07 | 00,087,360 | ---- | M] (LogMeIn, Inc.)
logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> [2007/08/03 15:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.)
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> [2007/08/03 15:09:34 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> [2007/08/03 15:09:34 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcupdmgr.exe -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> [2008/06/14 09:41:54 | 00,781,288 | ---- | M] (McAfee, Inc.)
mcupdui.exe -> %ProgramFiles%\McAfee\MSC\mcupdui.exe -> [2008/06/21 11:39:02 | 00,377,064 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)
mscams32.exe -> %ProgramFiles%\Microsoft LifeCam\MSCamS32.exe -> [2008/04/25 12:00:26 | 00,156,704 | ---- | M] (Microsoft Corporation)
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
onenotem.exe -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)
pctspk.exe -> %SystemRoot%\system32\pctspk.exe -> [2001/08/17 21:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.)
ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> [2008/10/17 14:07:39 | 00,116,032 | ---- | M] (LogMeIn, Inc.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH)
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.4\program\soffice.bin -> [2008/05/29 21:43:38 | 02,580,480 | ---- | M] (OpenOffice.org)
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.4\program\soffice.exe -> [2008/05/29 21:43:36 | 02,363,392 | ---- | M] (OpenOffice.org)
sstray.exe -> %SystemRoot%\system32\sstray.exe -> [2003/10/23 08:13:08 | 00,073,728 | R--- | M] (NVIDIA Corporation)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 11:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited)
uaservice7.exe -> %SystemRoot%\system32\UAService7.exe -> [2007/03/04 19:07:22 | 00,126,976 | ---- | M] ()
winword.exe -> %ProgramFiles%\Microsoft Office\Office10\WINWORD.EXE -> [2001/02/28 09:02:04 | 10,571,776 | R--- | M] (Microsoft Corporation)
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> [2007/01/19 12:49:30 | 00,103,928 | ---- | M] (Yahoo! Inc.)

[Win32 Services - Safe List]
(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(EloSystemService) EloSystemService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\EloSrvce.exe -> [2003/07/17 12:27:22 | 00,045,056 | ---- | M] (Elo Touchsystems, Inc.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(GoogleDesktopManager-110408-113106) Google Desktop Manager 5.8.811.4345 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/02/10 21:43:15 | 00,030,192 | ---- | M] (Google)
(gupdate1c98bee6cb9fb98) Google Update Service (gupdate1c98bee6cb9fb98) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/10 21:28:10 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/08 10:56:30 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> [2005/01/27 19:16:58 | 00,856,064 | ---- | M] (Nero AG)
(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> [2005/01/27 19:16:58 | 00,856,064 | ---- | M] (Nero AG)
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> [2001/10/12 07:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.)
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> [2008/10/17 14:07:39 | 00,116,032 | ---- | M] (LogMeIn, Inc.)
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> [2007/08/03 15:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2009/01/09 18:51:42 | 00,365,072 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2009/01/09 11:21:22 | 00,606,736 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)
(MSCamSvc) MSCamSvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft LifeCam\MSCamS32.exe -> [2008/04/25 12:00:26 | 00,156,704 | ---- | M] (Microsoft Corporation)
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Running] -> %SystemRoot%\system32\pctspk.exe -> [2001/08/17 21:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> [2006/03/02 20:49:14 | 00,069,632 | ---- | M] (HP)
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %SystemRoot%\system32\UAService7.exe -> [2007/03/04 19:07:22 | 00,126,976 | ---- | M] ()
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)
(0145771234431512mcinstcleanup) McAfee Application Installer Cleanup (0145771234431512) [Win32_Own | Auto | Stopped] -> -> File not found
(MBackMonitor) MBackMonitor [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/02/12 11:20:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)

[Driver Services - Safe List]
(AC2003) AC2003 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AC2003.sys -> [2003/09/09 15:23:30 | 00,003,584 | ---- | M] (ABIT Computer Corp.)
(AloPort) AloPort [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AloPort.sys -> [2099/01/01 12:00:00 | 00,003,087 | ---- | M] ()
(AmdK7) AMD K7 Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\amdk7.sys -> [2008/04/13 13:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation)
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> [2006/02/05 13:15:26 | 00,016,512 | ---- | M] (Adaptec)
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH)
(CLEDX) Team H2O CLEDX service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cledx.sys -> [2005/05/09 20:08:40 | 00,033,792 | ---- | M] (Team H2O)
(EloBus) Elobus Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\EloBus.sys -> [2003/07/17 12:27:18 | 00,014,848 | ---- | M] (Elo Touchsystems, Inc.)
(EloSer) Elo Serial Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\EloSer.Sys -> [2003/07/17 12:27:20 | 00,045,568 | ---- | M] (Elo Touchsystems, Inc.)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2006/03/29 07:20:08 | 00,049,664 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2006/03/29 07:20:08 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2006/03/29 07:20:09 | 00,021,568 | ---- | M] (HP)
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> [2005/01/27 19:08:02 | 00,099,200 | ---- | M] (Nero AG)
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDpass.sys -> [2005/01/27 19:07:34 | 00,028,928 | ---- | M] (Nero AG)
(incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDrm.sys -> [2005/01/27 12:07:28 | 00,027,776 | ---- | M] (Nero AG)
(KORGUMDS) KORG USB-MIDI Driver for Windows XP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KORGUMDS.SYS -> [2004/07/12 01:05:00 | 00,012,544 | ---- | M] (KORG Inc.)
(LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\rainfo.sys -> [2008/02/28 14:31:50 | 00,012,856 | ---- | M] (LogMeIn, Inc.)
(LMImirr) LMImirr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lmimirr.sys -> [2007/08/03 15:04:52 | 00,010,144 | ---- | M] (LogMeIn, Inc.)
(LMIRfsClientNP) LMIRfsClientNP [File_System | Disabled | Stopped] -> %SystemRoot%\system32\LMIRfsClientNP.dll -> [2008/10/17 14:07:12 | 00,083,288 | ---- | M] (LogMeIn, Inc.)
(LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\LMIRfsDriver.sys -> [2008/10/17 14:07:12 | 00,047,640 | ---- | M] (LogMeIn, Inc.)
(lusbaudio) Logitech USB Microphone [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\LVSound2.sys -> [2002/06/10 13:20:32 | 00,034,816 | ---- | M] (Logitech Inc.)
(LVBulk) LVBulk Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVBulk.sys -> [2002/06/10 13:21:02 | 00,010,254 | ---- | M] (Logitech Inc.)
(LVVI500A) LVVI500A Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lvvi500a.sys -> [2002/06/10 13:24:22 | 00,188,592 | ---- | M] (Logitech Inc.)
(LXARScan) Lexmark X73 MFP Scanner [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\LXARScan.sys -> [2001/07/04 23:15:00 | 00,018,024 | R--- | M] ( )
(Memctl) Memctl [Kernel | On_Demand | Stopped] -> %ProgramFiles%\ABIT\ABIT uGuru\MEMCTL.SYS -> [2001/11/29 18:49:56 | 00,004,047 | ---- | M] ()
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2009/01/09 12:03:40 | 00,079,304 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2009/01/09 12:03:40 | 00,035,272 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2009/01/09 12:03:40 | 00,213,640 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2009/01/09 12:03:06 | 00,034,216 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2009/01/09 12:03:40 | 00,040,552 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.)
(MSHUSBVideo) NX6000/NX3000/VX5000/VX7000 Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nx6000.sys -> [2008/04/25 07:18:24 | 00,033,800 | ---- | M] (Microsoft Corporation)
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mxopswd.sys -> [2007/05/03 13:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008/05/02 21:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation)
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> [2004/10/22 09:38:28 | 00,053,376 | ---- | M] (NVIDIA Corporation)
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> [2004/10/22 09:41:46 | 00,413,824 | ---- | M] (NVIDIA Corporation)
(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nv_agp.SYS -> [2003/03/19 02:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Ptserlp) PCTEL Serial Device Driver for PCI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptserlp.sys -> [2001/08/17 12:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rtl8139.sys -> [2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(sbp2port) SBP-2 Transport/Protocol Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sbp2port.sys -> [2008/04/13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SI3112r) Silicon Image SiI 3112 SATARaid Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SI3112r.sys -> [2004/05/12 13:01:18 | 00,097,408 | ---- | M] (Silicon Image, Inc.)
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> [2003/10/15 10:28:16 | 00,010,240 | ---- | M] (Silicon Image, Inc.)
(SMC1211) SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SMC1211.sys -> [2001/07/11 10:06:12 | 00,023,153 | ---- | M] (SMC Networks Inc.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbvideo.sys -> [2008/04/13 13:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation)
(Vmodem) XP Vmodem [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vmodem.sys -> [2001/08/17 12:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.)
(VNUSB) VN Series Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\VNUSB.sys -> [2006/04/07 16:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.)
(Vpctcom) XP Vpctcom [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vpctcom.sys -> [2001/08/17 12:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.)
(Vvoice) XP Vvoice [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vvoice.sys -> [2001/08/17 12:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.)
(Winflash) Winflash [Kernel | On_Demand | Stopped] -> %ProgramFiles%\ABIT\ABIT uGuru\WinFlash.sys -> [2002/09/17 11:55:06 | 00,003,548 | ---- | M] ()
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2003/03/31 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/webhp ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> %ProgramFiles%\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2008/10/17 11:45:10 | 00,247,312 | ---- | M] ()
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2008/06/20 04:41:56 | 00,058,688 | ---- | M] (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 09:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/02/08 10:56:50 | 00,657,904 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/02/12 11:20:10 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/02/12 11:20:11 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Google Desktop Search" -> ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found
"LogMeIn GUI" -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> [2007/08/03 15:09:34 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
"nForce Tray Options" -> %SystemRoot%\system32\sstray.exe [sstray.exe /r] -> [2003/10/23 08:13:08 | 00,073,728 | R--- | M] (NVIDIA Corporation)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/05/02 21:46:00 | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/05/02 21:46:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2008/05/02 21:46:00 | 01,630,208 | ---- | M] ()
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/02/12 11:20:10 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"UserFaultCheck" -> [%systemroot%\system32\dumprep 0 -u] -> File not found
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Malwarebytes' Anti-Malware" -> [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Google Update" -> %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/02 23:12:43 | 00,133,104 | ---- | M] (Google Inc.)
"googletalk" -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersProfile%\Start Menu\Programs\Startup\Acrobat Assistant.lnk.disabled -> [2004/07/30 14:57:46 | 00,000,910 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled -> [2004/08/02 20:27:46 | 00,000,890 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled -> [2004/07/30 14:50:14 | 00,000,890 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled -> [2007/03/31 08:04:05 | 00,001,757 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 2.lnk.disabled -> [2004/11/17 22:41:30 | 00,001,650 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> [2007/02/22 17:32:12 | 00,118,784 | ---- | M] (OLYMPUS IMAGING CORP.)
-> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled -> [2006/12/05 00:03:41 | 00,001,808 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled -> [2004/08/04 11:52:14 | 00,001,730 | ---- | M] ()
-> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk.disabled -> [2004/07/25 11:48:37 | 00,000,875 | ---- | M] ()
< David Startup Folder > -> C:\Documents and Settings\David\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
%UserProfile%\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
%UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk -> %ProgramFiles%\OpenOffice.org 2.4\program\quickstart.exe -> [2008/01/21 15:41:28 | 00,393,216 | ---- | M] ()
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}:{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKLM] -> %ProgramFiles%\Hello\PicasaCapture.dll [Button: Share in Hello] -> [2005/01/11 21:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{B13B4423-2647-4cfc-A4B3-C7D56CB83487}:{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKLM] -> %ProgramFiles%\Hello\PicasaCapture.dll [Menu: Share in H&ello] -> [2005/01/11 21:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> [2005/05/11 16:06:02 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{B13B4423-2647-4cfc-A4B3-C7D56CB83487}" [HKLM] -> %ProgramFiles%\Hello\PicasaCapture.dll [IECmdExecute Class] -> [2005/01/11 21:09:26 | 00,303,104 | ---- | M] (Picasa, Inc.)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> [2001/01/30 12:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5268 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8909 domain(s) found. ->
56 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> http://picasaweb.google.com/s/v/19.13/uploader2.cab [UploadListView Class] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab [McAfee.com Operating System Class] ->
{664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} [HKLM] -> http://support.f-secure.com/ols3beta/fscax.cab [F-Secure Online Scanner 3.3] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key does not exist or could not be opened.] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38194.4634259259 [Reg Error: Key does not exist or could not be opened.] ->
{B9191F79-5613-4C76-AA2A-398534BB8999} [HKLM] -> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab [YAddBook Class] ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab [DwnldGroupMgr Class] ->
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100 [Performance Viewer Activex Control] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6ECFF537-F61D-4349-87DE-F2462C3081A7} -> (1394 Net Adapter) ->
{885E16B9-8B02-4053-A329-443CCF42D831} -> (SMC EZ Card 10/100 PCI (SMC1211 Series)) ->
{A097EA18-8EC6-41D8-8547-971333B1751C} -> () ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2009/02/10 23:07:33 | 00,119,296 | ---- | M] (Google)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> -> File not found
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> [2008/10/17 14:07:09 | 00,087,352 | ---- | M] (LogMeIn, Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" -> C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll [C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin] -> [2009/01/12 19:17:50 | 03,782,128 | ---- | M] (Google)
"C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" -> C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe [C:\Documents and Settings\Mrs. Richards\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin] -> [2009/01/12 18:10:32 | 00,083,440 | ---- | M] (Google)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\DropBox\DropBox\DropBox.exe" -> C:\Program Files\DropBox\DropBox\DropBox.exe [C:\Program Files\DropBox\DropBox\DropBox.exe:*:Enabled:DropBox] -> [2006/05/09 00:59:30 | 00,139,264 | ---- | M] (DropShots)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> [2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" -> C:\Program Files\Microsoft LifeCam\LifeCam.exe [C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe] -> [2008/04/25 12:04:44 | 00,140,320 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" -> C:\Program Files\Microsoft LifeCam\LifeEnC2.exe [C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe] -> [2008/04/25 12:04:46 | 00,230,432 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" -> C:\Program Files\Microsoft LifeCam\LifeExp.exe [C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe] -> [2008/04/25 12:02:08 | 00,160,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" -> C:\Program Files\Microsoft LifeCam\LifeTray.exe [C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe] -> [2008/04/25 12:00:00 | 00,107,552 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Morpheus\Morpheus.exe" -> C:\Program Files\Morpheus\Morpheus.exe [C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell] -> [2006/11/10 15:41:48 | 00,735,744 | ---- | M] (Streamcast Networks, Inc)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/02/04 11:05:55 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Support.com\bin\tgcmd.exe" -> C:\Program Files\Support.com\bin\tgcmd.exe [C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:BellSouth Bulletin and Job processor] -> [2004/07/25 13:49:02 | 01,847,296 | ---- | M] (BellSouth)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Media Player\wmplayer.exe" -> C:\Program Files\Windows Media Player\wmplayer.exe [C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player] -> [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/01/19 12:49:28 | 04,670,968 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/01/19 12:49:30 | 00,091,640 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [SET PATH=C:\LAUREATE\SHARED | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/07/13 23:13:27 | 00,000,029 | ---- | M] ()
C:\AUTOEXEC.OLD [] -> %SystemDrive%\AUTOEXEC.OLD [ NTFS ] -> [2004/07/25 05:05:26 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}\Shell
\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}\Shell\AutoRun
\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found


[Files/Folders - Created Within 30 Days]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
3 C:\Documents and Settings\David\Desktop\*.tmp files -> C:\Documents and Settings\David\Desktop\*.tmp ->
x73_lut.dat -> %ProgramFiles%\x73_lut.dat -> [2100/02/23 14:35:34 | 00,000,768 | ---- | C] ()
gtx73.ini -> %ProgramFiles%\gtx73.ini -> [2100/02/08 15:53:34 | 00,001,437 | ---- | C] ()
ACMonitor_X73.exe -> %ProgramFiles%\ACMonitor_X73.exe -> [2100/02/08 15:03:54 | 00,053,248 | ---- | C] (Silitek Corp.)
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/02/13 08:16:10 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/13 08:15:43 | 00,656,714 | ---- | C] ()
fsaua.data -> %SystemDrive%\fsaua.data -> [2009/02/12 15:15:32 | 00,000,000 | ---D | C]
Sun -> %ProgramFiles%\Sun -> [2009/02/12 11:20:39 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/02/12 08:58:24 | 00,000,000 | -HSD | C]
SpyBotPosts.url -> %UserProfile%\Desktop\SpyBotPosts.url -> [2009/02/12 08:28:35 | 00,000,137 | ---- | C] ()
LastGood -> %SystemRoot%\LastGood -> [2009/02/12 04:36:53 | 00,000,000 | ---D | C]
New Microsoft Word Document.doc -> %UserProfile%\Desktop\New Microsoft Word Document.doc -> [2009/02/11 16:53:52 | 00,010,752 | ---- | C] ()
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2009/02/11 11:36:54 | 00,000,000 | ---D | C]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/02/11 03:01:54 | 00,001,374 | ---- | C] ()
ComboFix -> %SystemDrive%\ComboFix -> [2009/02/10 22:52:10 | 00,000,000 | ---D | C]
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/02/10 22:45:52 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/02/10 22:45:48 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/02/10 22:45:42 | 00,000,000 | ---D | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/02/10 22:42:27 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/02/10 22:42:27 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/02/10 22:42:27 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2009/02/10 22:42:27 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2009/02/10 22:42:27 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2009/02/10 22:42:27 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/02/10 22:42:27 | 00,068,096 | ---- | C] ()


Continued on Next Post.....

[drrchrds]

continued from last post.....



VFIND.exe -> %SystemRoot%\VFIND.exe -> [2009/02/10 22:42:27 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/02/10 22:42:27 | 00,029,696 | ---- | C] (NirSoft)
Qoobox -> %SystemDrive%\Qoobox -> [2009/02/10 22:40:45 | 00,000,000 | ---D | C]
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2009/02/10 21:42:13 | 00,001,836 | ---- | C] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/02/10 21:14:11 | 00,000,882 | ---- | C] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/10 19:49:28 | 21,470,12608 | -HS- | C] ()
AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [2009/02/10 19:46:32 | 00,001,851 | ---- | C] ()
avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> [2009/02/10 19:46:22 | 00,045,376 | ---- | C] (Avira GmbH)
avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> [2009/02/10 19:46:22 | 00,022,336 | ---- | C] (Avira GmbH)
ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> [2009/02/10 19:46:21 | 00,028,352 | ---- | C] (Avira GmbH)
avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2009/02/10 19:46:19 | 00,075,072 | ---- | C] (Avira GmbH)
Avira -> %ProgramFiles%\Avira -> [2009/02/10 19:46:18 | 00,000,000 | ---D | C]
Avira -> %AllUsersProfile%\Application Data\Avira -> [2009/02/10 19:46:18 | 00,000,000 | ---D | C]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [2009/02/10 19:37:37 | 00,000,000 | ---D | C]
SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [2009/02/10 19:37:11 | 00,000,000 | ---D | C]
Device Detector 3.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> [2009/02/09 15:06:43 | 00,001,650 | ---- | C] ()
OpenOffice.org 2.4.lnk -> %UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk -> [2009/02/09 15:06:42 | 00,000,876 | ---- | C] ()
Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [2009/02/08 10:56:38 | 00,000,000 | ---D | C]
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/02/08 10:56:35 | 00,000,868 | ---- | C] ()
Google Updater.exe -> %UserProfile%\Desktop\Google Updater.exe -> [2009/02/08 10:55:47 | 01,038,992 | ---- | C] ()
Skype -> %UserProfile%\Desktop\Skype -> [2009/02/08 10:49:38 | 00,000,000 | ---D | C]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2009/02/08 02:16:53 | 00,000,000 | ---D | C]
oueg.sys -> %SystemRoot%\System32\drivers\oueg.sys -> [2009/02/08 01:29:50 | 00,061,440 | ---- | C] ()
ERDNT -> %SystemRoot%\ERDNT -> [2009/02/07 01:49:24 | 00,000,000 | ---D | C]
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/02/07 01:49:01 | 00,000,767 | ---- | C] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/02/07 01:48:57 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/02/07 01:48:57 | 00,000,592 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/02/07 01:48:56 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/02/07 01:05:51 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/07 01:05:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/07 01:05:41 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/07 01:05:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/02/07 01:05:37 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/02/07 01:05:37 | 00,000,000 | ---D | C]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/02/07 01:00:50 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/02/07 01:00:50 | 00,000,000 | ---D | C]
Malware Detection -> %UserProfile%\Desktop\Malware Detection -> [2009/02/07 01:00:27 | 00,000,000 | ---D | C]
Recent -> %UserProfile%\Recent -> [2009/02/06 19:56:59 | 00,000,000 | RH-D | C]
DLLs Removed 2-6-2009 -> %SystemRoot%\System32\DLLs Removed 2-6-2009 -> [2009/02/06 19:19:24 | 00,000,000 | ---D | C]
Prunnet.doc -> %UserProfile%\Desktop\Prunnet.doc -> [2009/02/06 07:09:11 | 00,026,624 | ---- | C] ()
~$runnet.doc -> %UserProfile%\Desktop\~$runnet.doc -> [2009/02/06 07:09:11 | 00,000,162 | -H-- | C] ()
delete this crap -> %SystemRoot%\System32\delete this crap -> [2009/02/04 22:23:23 | 00,000,000 | ---D | C]
SpillSpace -> %UserProfile%\Desktop\SpillSpace -> [2009/02/02 21:01:29 | 00,000,000 | ---D | C]
Colors-restored.mp3 -> %UserProfile%\Desktop\Colors-restored.mp3 -> [2009/02/01 09:57:57 | 02,259,456 | ---- | C] ()
XAMPP Control Panel.lnk -> %UserProfile%\Desktop\XAMPP Control Panel.lnk -> [2009/01/31 21:04:32 | 00,000,357 | ---- | C] ()
xampp -> %SystemDrive%\xampp -> [2009/01/31 20:39:02 | 00,000,000 | ---D | C]
xampp-win32-1.7.0-installer.exe -> %UserProfile%\Desktop\xampp-win32-1.7.0-installer.exe -> [2009/01/31 20:19:12 | 40,759,679 | ---- | C] ()
Menus you liked.doc -> %UserProfile%\Desktop\Menus you liked.doc -> [2009/01/30 21:05:43 | 00,024,576 | ---- | C] ()
Vintige-Bubble-Banner-1-27-.jpg -> %UserProfile%\Desktop\Vintige-Bubble-Banner-1-27-.jpg -> [2009/01/27 16:47:39 | 00,070,031 | ---- | C] ()
Bubbles-rpt.png -> %UserProfile%\Desktop\Bubbles-rpt.png -> [2009/01/27 16:32:28 | 00,051,865 | ---- | C] ()
Bubbles-rpt.psd -> %UserProfile%\Desktop\Bubbles-rpt.psd -> [2009/01/27 16:21:33 | 00,110,514 | ---- | C] ()
Bubbles.psd -> %UserProfile%\Desktop\Bubbles.psd -> [2009/01/27 16:16:40 | 00,112,812 | ---- | C] ()
header.php -> %UserProfile%\Desktop\header.php -> [2009/01/26 23:44:22 | 00,002,568 | ---- | C] ()
connections-reloaded.2.1.zip -> %UserProfile%\Desktop\connections-reloaded.2.1.zip -> [2009/01/26 23:31:34 | 00,089,849 | ---- | C] ()
train.png -> %UserProfile%\Desktop\train.png -> [2009/01/26 23:18:42 | 00,001,295 | ---- | C] ()
functions.php -> %UserProfile%\Desktop\functions.php -> [2009/01/26 23:05:33 | 00,004,083 | ---- | C] ()
Web Copy-revised.3doc.doc -> %UserProfile%\Desktop\Web Copy-revised.3doc.doc -> [2009/01/25 11:16:17 | 00,314,880 | ---- | C] ()
Folder.jpg -> %UserProfile%\Desktop\Folder.jpg -> [2009/01/22 16:13:21 | 00,010,420 | -HS- | C] ()
AlbumArtSmall.jpg -> %UserProfile%\Desktop\AlbumArtSmall.jpg -> [2009/01/22 16:13:21 | 00,002,526 | -HS- | C] ()
CLASH-PROJECT.cwp -> %UserProfile%\Desktop\CLASH-PROJECT.cwp -> [2009/01/21 08:51:21 | 00,039,522 | ---- | C] ()
clash-should-I-stay-excerpt.mp3 -> %UserProfile%\Desktop\clash-should-I-stay-excerpt.mp3 -> [2009/01/21 08:46:10 | 01,296,822 | ---- | C] ()
03 - Should I Stay Or Should I Go.mp3 -> %UserProfile%\Desktop\03 - Should I Stay Or Should I Go.mp3 -> [2009/01/21 08:36:40 | 05,729,368 | ---- | C] ()
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [2009/01/21 02:10:53 | 00,000,268 | -H-- | C] ()
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [2009/01/21 02:10:53 | 00,000,244 | -H-- | C] ()
silkscreen -> %UserProfile%\Desktop\silkscreen -> [2009/01/19 20:02:47 | 00,000,000 | ---D | C]
silkscreen.zip -> %UserProfile%\Desktop\silkscreen.zip -> [2009/01/18 20:55:23 | 00,023,289 | ---- | C] ()
logo.png -> %UserProfile%\Desktop\logo.png -> [2009/01/18 08:24:34 | 00,008,788 | ---- | C] ()
Aguilar-benefit2.eps -> %UserProfile%\Desktop\Aguilar-benefit2.eps -> [2009/01/17 15:04:25 | 06,219,430 | ---- | C] ()
Aguilar-benefit.pdf -> %UserProfile%\Desktop\Aguilar-benefit.pdf -> [2009/01/17 14:44:30 | 03,502,921 | ---- | C] ()
WIT-Gallery -> %UserProfile%\Desktop\WIT-Gallery -> [2009/01/16 22:31:52 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
2 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp ->
3 C:\Documents and Settings\David\Desktop\*.tmp files -> C:\Documents and Settings\David\Desktop\*.tmp ->
45 C:\Documents and Settings\David\Local Settings\temp\jkos-David\binaries\*.tmp files -> C:\Documents and Settings\David\Local Settings\temp\jkos-David\binaries\*.tmp ->
45 C:\Documents and Settings\David\Local Settings\temp\jkos-David\binaries\*.tmp files -> C:\Documents and Settings\David\Local Settings\temp\jkos-David\binaries\*.tmp ->
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
AloPort.sys -> %SystemRoot%\System32\drivers\AloPort.sys -> [2099/01/01 12:00:00 | 00,003,087 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/13 08:15:47 | 00,656,714 | ---- | M] ()
User_Feed_Synchronization-{262578A8-0CC7-4369-953F-800F1B773610}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{262578A8-0CC7-4369-953F-800F1B773610}.job -> [2009/02/13 08:15:00 | 00,000,422 | -H-- | M] ()
User_Feed_Synchronization-{2A50439D-5D8A-4C95-B940-18961C5CA924}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{2A50439D-5D8A-4C95-B940-18961C5CA924}.job -> [2009/02/13 08:15:00 | 00,000,392 | -H-- | M] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/02/13 00:29:10 | 00,000,882 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1010.job -> %SystemRoot%\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1010.job -> [2009/02/13 00:29:09 | 00,000,958 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1004.job -> %SystemRoot%\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1004.job -> [2009/02/13 00:29:09 | 00,000,926 | ---- | M] ()
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/02/12 23:32:32 | 00,000,868 | ---- | M] ()
perf.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\perf.dat -> [2009/02/12 16:01:15 | 00,000,128 | ---- | M] ()
fssm32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2009/02/12 15:26:10 | 00,519,816 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2009/02/12 15:26:10 | 00,519,816 | ---- | M] (F-Secure Corp.)
fm4av.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2009/02/12 15:26:10 | 00,482,448 | ---- | M] ()
fm4av.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2009/02/12 15:26:10 | 00,482,448 | ---- | M] ()
fsgk32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2009/02/12 15:26:10 | 00,440,448 | ---- | M] (F-Secure Corp.)
fsgk32.exe -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2009/02/12 15:26:10 | 00,440,448 | ---- | M] (F-Secure Corp.)
AVPFPI0.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2009/02/12 15:26:10 | 00,154,304 | ---- | M] (Kaspersky Lab)
AVPFPI0.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2009/02/12 15:26:10 | 00,154,304 | ---- | M] (Kaspersky Lab)
fsepx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsepx32.dll -> [2009/02/12 15:26:10 | 00,150,144 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsepx32.dll -> [2009/02/12 15:26:10 | 00,150,144 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2009/02/12 15:26:10 | 00,120,456 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2009/02/12 15:26:10 | 00,120,456 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsuss.dll -> [2009/02/12 15:26:10 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsuss.dll -> [2009/02/12 15:26:10 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2009/02/12 15:26:10 | 00,100,456 | ---- | M] (F-Secure Corp.)
fsgkiapi.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2009/02/12 15:26:10 | 00,100,456 | ---- | M] (F-Secure Corp.)
avpproxy.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2009/02/12 15:26:10 | 00,084,672 | ---- | M] (F-Secure Corporation)
avpproxy.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2009/02/12 15:26:10 | 00,084,672 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2009/02/12 15:26:10 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2009/02/12 15:26:10 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2009/02/12 15:25:56 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2009/02/12 15:25:56 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\mlcwin\fsmart.dll -> [2009/02/12 15:25:56 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsmart.dll -> [2009/02/12 15:25:56 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsedb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2009/02/12 15:25:48 | 02,242,162 | ---- | M] ()
fsedb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2009/02/12 15:25:48 | 02,242,162 | ---- | M] ()
fsecr32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2009/02/12 15:25:48 | 01,079,944 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2009/02/12 15:25:48 | 01,079,944 | ---- | M] (F-Secure Corporation)
fsupdllb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2009/02/12 15:25:48 | 00,422,594 | ---- | M] ()
fsupdllb.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2009/02/12 15:25:48 | 00,422,594 | ---- | M] ()
fsblu.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2009/02/12 15:25:18 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsbld.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2009/02/12 15:25:18 | 00,731,784 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2009/02/12 15:25:14 | 00,651,264 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2009/02/12 15:25:14 | 00,651,264 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2009/02/12 15:25:09 | 00,588,856 | ---- | M] (Norman ASA)
Nse_w32.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2009/02/12 15:25:09 | 00,588,856 | ---- | M] (Norman ASA)
sai.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\sai.dat -> [2009/02/12 15:24:50 | 00,001,348 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\sai.dat -> [2009/02/12 15:24:50 | 00,001,348 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\ext.dat -> [2009/02/12 15:24:50 | 00,000,449 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\ext.dat -> [2009/02/12 15:24:50 | 00,000,449 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\updates\avmisc\sae.dat -> [2009/02/12 15:24:50 | 00,000,243 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\sae.dat -> [2009/02/12 15:24:50 | 00,000,243 | ---- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\temp\jkos-David\engine\bases\sfdb.dat -> [2009/02/12 13:58:04 | 00,000,084 | ---- | M] ()
prremote.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\prremote.dll -> [2009/02/12 13:57:37 | 00,090,112 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\msvcr80.dll -> [2009/02/12 13:57:36 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\msvcp80.dll -> [2009/02/12 13:57:36 | 00,548,864 | ---- | M] (Microsoft Corporation)
ikave.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\ikave.dll -> [2009/02/12 13:57:35 | 00,065,536 | ---- | M] ()
msvcm80.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\msvcm80.dll -> [2009/02/12 13:57:30 | 00,479,232 | ---- | M] (Microsoft Corporation)
User_Feed_Synchronization-{9D5DE8E1-A15F-4186-BFF7-B3EC781BA0FD}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{9D5DE8E1-A15F-4186-BFF7-B3EC781BA0FD}.job -> [2009/02/12 13:46:35 | 00,000,438 | -H-- | M] ()
kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\kosglue-7.0.25.0.dll -> [2009/02/12 12:08:25 | 00,729,152 | ---- | M] (Kaspersky Lab)
kave.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\kave.dll -> [2009/02/12 12:08:24 | 00,282,624 | ---- | M] (Kaspersky Lab.)
prLoader.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\prLoader.dll -> [2009/02/12 12:08:24 | 00,184,320 | ---- | M] (Kaspersky Lab)
ScanningProcess.exe -> %UserProfile%\Local Settings\temp\jkos-David\binaries\ScanningProcess.exe -> [2009/02/12 12:08:24 | 00,139,264 | ---- | M] (Kaspersky Lab.)
FSSync.dll -> %UserProfile%\Local Settings\temp\jkos-David\binaries\FSSync.dll -> [2009/02/12 12:08:23 | 00,038,400 | ---- | M] (Kaspersky Lab)
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/02/12 11:34:22 | 16,777,216 | ---- | M] ()
Perflib_Perfdata_128c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_128c.dat -> [2009/02/12 11:20:30 | 00,016,384 | ---- | M] ()
SpyBotPosts.url -> %UserProfile%\Desktop\SpyBotPosts.url -> [2009/02/12 08:29:05 | 00,000,137 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/02/12 02:14:06 | 00,007,336 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/02/12 02:14:05 | 00,008,941 | ---- | M] ()
New Microsoft Word Document.doc -> %UserProfile%\Desktop\New Microsoft Word Document.doc -> [2009/02/11 16:53:52 | 00,010,752 | ---- | M] ()
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [2009/02/11 12:00:00 | 00,000,328 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/02/11 11:09:59 | 00,177,348 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/02/11 11:09:49 | 00,012,598 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2009/02/11 09:32:33 | 00,064,589 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/02/11 03:10:51 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/02/11 03:10:44 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/11 03:10:42 | 21,470,12608 | -HS- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/02/11 03:09:07 | 00,000,278 | -HS- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/02/11 03:01:57 | 00,001,374 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/02/10 23:04:16 | 00,000,292 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/02/10 23:03:22 | 00,000,027 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/02/10 22:45:52 | 00,000,281 | RHS- | M] ()
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2009/02/10 21:42:13 | 00,001,836 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/02/10 19:54:54 | 00,000,685 | ---- | M] ()
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/02/10 19:54:54 | 00,000,211 | ---- | M] ()
AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [2009/02/10 19:46:32 | 00,001,851 | ---- | M] ()
msvcp71.dll -> %SystemRoot%\System32\msvcp71.dll -> [2009/02/09 15:15:00 | 00,499,712 | ---- | M] (Microsoft Corporation)
msvcr71.dll -> %SystemRoot%\System32\msvcr71.dll -> [2009/02/09 15:15:00 | 00,348,160 | ---- | M] (Microsoft Corporation)
Google Updater.exe -> %UserProfile%\Desktop\Google Updater.exe -> [2009/02/08 10:55:56 | 01,038,992 | ---- | M] ()
ntuser.bak -> %UserProfile%\ntuser.bak -> [2009/02/08 01:34:42 | 16,252,928 | ---- | M] ()
oueg.sys -> %SystemRoot%\System32\drivers\oueg.sys -> [2009/02/08 01:29:50 | 00,061,440 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [2009/02/08 00:30:40 | 00,085,120 | ---- | M] ()
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/02/07 01:49:02 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/02/07 01:48:57 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/02/07 01:48:57 | 00,000,592 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/07 01:05:41 | 00,000,696 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/02/07 01:00:50 | 00,001,734 | ---- | M] ()
hosts.20090208-022224.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090208-022224.backup -> [2009/02/06 20:12:07 | 00,293,508 | R--- | M] ()
hosts.20090206-201207.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090206-201207.backup -> [2009/02/06 19:53:32 | 00,293,508 | R--- | M] ()
Prunnet.doc -> %UserProfile%\Desktop\Prunnet.doc -> [2009/02/06 18:51:58 | 00,026,624 | ---- | M] ()
~$runnet.doc -> %UserProfile%\Desktop\~$runnet.doc -> [2009/02/06 07:09:11 | 00,000,162 | -H-- | M] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2009/02/04 21:35:00 | 00,001,548 | ---- | M] ()
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [2009/02/04 10:55:48 | 00,066,636 | -H-- | M] ()
Google Chrome.lnk -> %UserProfile%\Desktop\Google Chrome.lnk -> [2009/02/03 21:44:17 | 00,002,244 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation)
Colors-restored.mp3 -> %UserProfile%\Desktop\Colors-restored.mp3 -> [2009/02/01 09:58:47 | 02,259,456 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/02/01 09:32:02 | 00,059,904 | ---- | M] ()
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [2009/02/01 01:00:52 | 00,000,352 | -H-- | M] ()
XAMPP Control Panel.lnk -> %UserProfile%\Desktop\XAMPP Control Panel.lnk -> [2009/01/31 21:04:33 | 00,000,357 | ---- | M] ()
xampp-win32-1.7.0-installer.exe -> %UserProfile%\Desktop\xampp-win32-1.7.0-installer.exe -> [2009/01/31 20:26:47 | 40,759,679 | ---- | M] ()
Menus you liked.doc -> %UserProfile%\Desktop\Menus you liked.doc -> [2009/01/31 05:44:19 | 00,024,576 | ---- | M] ()
Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [2009/01/29 10:02:38 | 00,568,320 | -HS- | M] ()
Vintige-Bubble-Banner-1-27-.jpg -> %UserProfile%\Desktop\Vintige-Bubble-Banner-1-27-.jpg -> [2009/01/27 16:47:39 | 00,070,031 | ---- | M] ()
Bubbles-rpt.png -> %UserProfile%\Desktop\Bubbles-rpt.png -> [2009/01/27 16:32:28 | 00,051,865 | ---- | M] ()
Bubbles-rpt.psd -> %UserProfile%\Desktop\Bubbles-rpt.psd -> [2009/01/27 16:22:05 | 00,110,514 | ---- | M] ()
Bubbles.psd -> %UserProfile%\Desktop\Bubbles.psd -> [2009/01/27 16:16:41 | 00,112,812 | ---- | M] ()
header.php -> %UserProfile%\Desktop\header.php -> [2009/01/26 23:44:23 | 00,002,568 | ---- | M] ()
connections-reloaded.2.1.zip -> %UserProfile%\Desktop\connections-reloaded.2.1.zip -> [2009/01/26 23:31:35 | 00,089,849 | ---- | M] ()
train.png -> %UserProfile%\Desktop\train.png -> [2009/01/26 23:18:42 | 00,001,295 | ---- | M] ()
functions.php -> %UserProfile%\Desktop\functions.php -> [2009/01/26 23:05:34 | 00,004,083 | ---- | M] ()
Web Copy-revised.3doc.doc -> %UserProfile%\Desktop\Web Copy-revised.3doc.doc -> [2009/01/25 11:16:18 | 00,314,880 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/01/25 11:09:44 | 00,085,120 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/01/24 17:30:37 | 00,000,116 | ---- | M] ()
Folder.jpg -> %UserProfile%\Desktop\Folder.jpg -> [2009/01/22 16:13:21 | 00,010,420 | -HS- | M] ()
AlbumArtSmall.jpg -> %UserProfile%\Desktop\AlbumArtSmall.jpg -> [2009/01/22 16:13:21 | 00,002,526 | -HS- | M] ()
03 - Should I Stay Or Should I Go.mp3 -> %UserProfile%\Desktop\03 - Should I Stay Or Should I Go.mp3 -> [2009/01/21 08:55:47 | 05,729,368 | ---- | M] ()
CLASH-PROJECT.cwp -> %UserProfile%\Desktop\CLASH-PROJECT.cwp -> [2009/01/21 08:51:21 | 00,039,522 | ---- | M] ()
clash-should-I-stay-excerpt.mp3 -> %UserProfile%\Desktop\clash-should-I-stay-excerpt.mp3 -> [2009/01/21 08:46:30 | 01,296,822 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/01/21 07:47:25 | 00,311,584 | ---- | M] ()
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [2009/01/21 02:10:53 | 00,000,268 | -H-- | M] ()
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [2009/01/21 02:10:53 | 00,000,244 | -H-- | M] ()
silkscreen.zip -> %UserProfile%\Desktop\silkscreen.zip -> [2009/01/18 20:55:24 | 00,023,289 | ---- | M] ()
logo.png -> %UserProfile%\Desktop\logo.png -> [2009/01/18 08:24:38 | 00,008,788 | ---- | M] ()
Aguilar-benefit2.eps -> %UserProfile%\Desktop\Aguilar-benefit2.eps -> [2009/01/17 15:04:25 | 06,219,430 | ---- | M] ()
Aguilar-benefit.pdf -> %UserProfile%\Desktop\Aguilar-benefit.pdf -> [2009/01/17 14:44:30 | 03,502,921 | ---- | M] ()
Microsoft Expression Web .lnk -> %UserProfile%\Desktop\Microsoft Expression Web .lnk -> [2009/01/16 22:12:07 | 00,002,461 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation)
hosts.20090206-195332.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090206-195332.backup -> [2009/01/15 15:53:05 | 00,289,887 | R--- | M] ()
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [2009/01/15 01:57:09 | 00,000,264 | -H-- | M] ()
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\opa12.dat -> [2008/01/19 09:59:41 | 00,008,422 | ---- | M] ()
daas_s.dll -> %UserProfile%\Local Settings\temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/01/11 14:45:50 | 00,495,616 | ---- | M] (F-Secure Corporation)
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\opa11.dat -> [2007/06/27 20:44:09 | 00,011,100 | ---- | M] ()
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2006/12/19 20:30:04 | 00,001,388 | ---- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %ProgramFiles%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNP0F13\3&13c0b0c5&0\Device Parameters]
"FirmwareIdentified"=dword:00000001
"Migrated"=dword:00000001
"EnableWheelDetection"=dword:00000002
"MouseDataQueueSize"=dword:00000064
"MouseResolution"=dword:00000003
"MouseSynchIn100ns"=dword:01312d00
"SampleRate"=dword:00000064
"WheelDetectionTimeout"=dword:000005dc
"MouseInitializePolled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\PNP0F13\3&13c0b0c5&0\Device Parameters]
"FirmwareIdentified"=dword:00000001
"Migrated"=dword:00000001
"EnableWheelDetection"=dword:00000002
"MouseDataQueueSize"=dword:00000064
"MouseResolution"=dword:00000003
"MouseSynchIn100ns"=dword:01312d00
"SampleRate"=dword:00000064
"WheelDetectionTimeout"=dword:000005dc
"MouseInitializePolled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0F13\3&13c0b0c5&0\Device Parameters]
"FirmwareIdentified"=dword:00000001
"Migrated"=dword:00000001
"EnableWheelDetection"=dword:00000002
"MouseDataQueueSize"=dword:00000064
"MouseResolution"=dword:00000003
"MouseSynchIn100ns"=dword:01312d00
"SampleRate"=dword:00000064
"WheelDetectionTimeout"=dword:000005dc
"MouseInitializePolled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\ACPI\PNP0F13\3&13c0b0c5&0\Device Parameters]
"FirmwareIdentified"=dword:00000001
"Migrated"=dword:00000001
"EnableWheelDetection"=dword:00000002
"MouseDataQueueSize"=dword:00000064
"MouseResolution"=dword:00000003
"MouseSynchIn100ns"=dword:01312d00
"SampleRate"=dword:00000064
"WheelDetectionTimeout"=dword:000005dc
"MouseInitializePolled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,02,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\xd8P\23]
"DisplayName"="\x3f18\23\x4150\23"
"DeviceDesc"="\x3f18\23\x4150\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x50d8\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"09236.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000c6e
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes
C:\Documents and Settings\David\Favorites\Bible Gateway.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Free Translation Online.url:favicon 2238 bytes
C:\Documents and Settings\David\Favorites\Google.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\Calendar.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\Economist.com.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\Gmail.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\Google.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\LogMeIn.url:favicon 2550 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\AdSense.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\Constant Contact.url:favicon 0 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\EurekAlert! Public News List.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\FeedBurner .url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\Google Analytics.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\Photobucket.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\Picasa Web Albums - Dr. Richards.url:favicon 1406 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\About Chiropractic.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Contact Us.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Credits.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Directions.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Home.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Meet Dr. Richards.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\New Patient Info.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Research.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Spine~Mail Blog.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Testimonials Blog.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RichardsChiropractic.com\Testimonials Page.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\FeedForAll Index.url:favicon 318 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\FeedForAll and RSS Support.url:favicon 318 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\My Feeds.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\Publicize BuzzBoost (2).url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\Publicize BuzzBoost.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\rss2html.php URL tool.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\RSS Feed Spine~Mail Feedburner\Spine~Mail News from Dr. Richards.url:favicon 1150 bytes
C:\Documents and Settings\David\Favorites\Links\My Website\rss2html.php URL tool.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Links\Pandora.url:favicon 15086 bytes
C:\Documents and Settings\David\Favorites\Links\Wachovia.url:favicon 7406 bytes
C:\Documents and Settings\David\Favorites\NickJr.com--Play to Learn with Dora the Explorer, Blue's Clues, Little Bill and More!.url:favicon 3384 bytes
C:\Documents and Settings\David\Favorites\RhymeZone.url:favicon 318 bytes
C:\Documents and Settings\David\Favorites\rss2html.php URL tool.url:favicon 3262 bytes
C:\Documents and Settings\David\Favorites\Welcome to Sweetwater.com Call Us @ 800 222 4700.url:favicon 5222 bytes
C:\Documents and Settings\Katherine\Favorites\Links\Gmail.url:favicon 1406 bytes
C:\Documents and Settings\Katherine\Favorites\Links\LogMeIn.url:favicon 2550 bytes
C:\Documents and Settings\Katherine\Favorites\Links\My eBay.url:favicon 1406 bytes
C:\Documents and Settings\Katherine\Favorites\Links\NickJr.url:favicon 3384 bytes
C:\Documents and Settings\Katherine\Favorites\Links\Pandora.url:favicon 15086 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\About Chiropractic.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Contact Us.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Customer Login - Online email marketing software from Constant Contact.url:favicon 0 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Directions.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Download Free Article Directory Software Script Enterprise Web Content Management System CMS PHP Program.url:favicon 3638 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Home.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Meet Dr. Richards.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\New Patient Info.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Patient Testimonials Blog.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\RFC.com\Spine~Mail.url:favicon 3262 bytes
C:\Documents and Settings\Katherine\Favorites\Links\TurboTax Online.url:favicon 4838 bytes
C:\Documents and Settings\Katherine\Favorites\Links\Wachovia.url:favicon 7406 bytes
C:\Documents and Settings\Katherine\Favorites\Linksys Technical Support.url:favicon 3638 bytes
C:\Documents and Settings\Katherine\My Documents\baby shoes - Pip Squeakers - baby shoes.url:favicon 1406 bytes
C:\Documents and Settings\Katherine\My Documents\Katie's Old Documents\Desktop\Favorites\YRE - Wormsloe State Historic Site, Georgia - Happy Wanderers.url:favicon 1406 bytes
C:\Documents and Settings\Katie\Favorites\Gmail.url:favicon 1150 bytes
C:\Documents and Settings\Katie\Favorites\Google Personal Homepage.url:favicon 1406 bytes
C:\Documents and Settings\Katie\Favorites\Links\Gmail.url:favicon 1406 bytes
C:\Documents and Settings\Katie\Favorites\Links\Wachovia.URL:favicon 7406 bytes
C:\Documents and Settings\Katie\Favorites\LogMeIn.url:favicon 2550 bytes
C:\Documents and Settings\Katie\Favorites\My eBay Summary.url:favicon 1406 bytes
scan completed successfully
hidden files: 651

< End of report >
[/code]

[peku006]

Hi drrchrds

Multiple Anti-Virus Software
You have more than one anti-virus application running on your computer:
Avira
McAfee
The problem with having more than one anti-virus application running is that they will be fighting over the same rights, and this can make your system unstable as well as reduce your security rather than increase it.

A couple steps back, I ran the F-Secure scan and it didi find something, but I did not remove it. Last night i was curious to see if Avira would find it, and it did. I assume they found the same thing, F-scan called it TrackingCookie.Revsci and Avira called it HTML.Rce.Gen.

Tracking or third-party cookies come from outside the site you're visiting -- usually, from advertising agencies that place ads at many sites. These companies can combine data gathered by their cookies to see what you read at different sites, but they can learn your identity only if you (or the sites that buy their services) provide that to them.
Please read: Firefox's Cookie Options

Should I have Avira quarantine it?

yes you can do it

Also, I have been using McAfee for a long time but I wonder if I would be just as well off with AVG or Avira or something else. What do you recommend?

I have avira and comodo

Lastly, I have used spybot for years, but do you recommend that I add an additional malware program to the mix? like Malwarebytes or something else?

spybot is a very good program and MalwareBytes AntiMalware is a good program to have and to run every few weeks just to be sure that you are still clean.

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code:

[Files/Folders - Created Within 30 Days]
NY -> x73_lut.dat -> %ProgramFiles%\x73_lut.dat
NY -> gtx73.ini -> %ProgramFiles%\gtx73.ini
[Files/Folders - Modified Within 30 Days]
NY -> qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm
NY -> sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

Thanks peku006

[drrchrds]

BTW, I am uninstalling McAfee and installing Comodo.
If I have both Avira and Comodo, should I have Comodo active or Avira?

I regularly use 3 other computers, what can I do to avoid this infection on the others? I read in Wikipedia that Vundo exploits a vulnerability in Java.
Is the removal of old Java and the installation of new Java enough to protect them? The same Wiki page recommends PeerGuardian to protect. Any thoughts?

OT Scan Log:

[Files/Folders - Created Within 30 Days]
C:\Program Files\x73_lut.dat moved successfully.
C:\Program Files\gtx73.ini moved successfully.
[Files/Folders - Modified Within 30 Days]
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.7.1 fix logfile created on 02132009_183114

Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[peku006]

Hi drrchrds
Avira is antivirus and Comodo is firewall

Is the removal of old Java and the installation of new Java enough to protect them?

No, but it helps if java has been updated

The same Wiki page recommends PeerGuardian to protect. Any thoughts?

I have never used PeerGuardian .I do not recommend it ,because it´s only blocking incoming and outgoing connections based on IP blocklists
(and I do not use P2P programs )

Peer Guardian is a simple software firewall designed for use with Microsoft Windows P2P file sharing clients. Peer Guardian works, first, by maintaining a database of IP addresses, logging and/or blocking incoming requests coming from those addresses. Secondly, Peer Guardian may prevent outcoming connections to fake P2P servers.

How's the computer running now?