Internet Redirect - iexplorer - shutting down select programs - help?

Blade81 · May 16, 2009

Sign of "win32elf-MBA [Trj]" has been found in "C:\WINDOWS\MEMORY.DMP" file.

Hi

By looking at the location seems to be a false positive.

proskoma · May 16, 2009

OTListIt.txt PT 1

OTListIt logfile created on: 5/16/2009 8:21:00 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\David Wilson\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 65.64% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.82 Gb Total Space | 30.66 Gb Free Space | 27.92% Space Free | Partition Type: FAT32
Drive D: | 8.09 Gb Total Space | 6.72 Gb Free Space | 83.06% Space Free | Partition Type: FAT32
Drive E: | 55.88 Gb Total Space | 30.61 Gb Free Space | 54.77% Space Free | Partition Type: FAT32
Drive F: | 39.21 Gb Total Space | 25.54 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVEHOME
Current User Name: David Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/06/17 16:16:32 | 00,176,128 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
PRC - [2000/11/15 18:53:04 | 00,237,568 | ---- | M] (Promise Technology Inc.) -- C:\Program Files\Promise\FastTrak\FtrakSvc.exe
PRC - [2003/12/17 15:51:44 | 00,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
PRC - [2002/01/14 07:49:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2009/05/05 22:38:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/02/22 16:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/17 16:56:16 | 00,207,936 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
PRC - [2007/02/14 01:32:36 | 00,159,811 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/06/17 16:23:48 | 00,093,248 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
PRC - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2006/11/20 03:42:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2002/01/24 16:10:40 | 00,126,976 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/06/13 06:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/04/13 19:45:30 | 00,290,905 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.EXE
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2002/08/20 10:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2009/05/05 22:38:38 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/05 16:08:46 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2004/04/13 20:47:56 | 00,335,979 | ---- | M] (2Wire Inc.) -- C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
PRC - [2002/10/22 06:50:00 | 00,204,800 | ---- | M] (MJMSoft Design Limited) -- C:\Program Files\TrayDay\TrayDay.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/04 03:56:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/08/04 03:56:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/08/04 03:56:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/16 08:20:16 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2000/11/30 14:30:40 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/06/17 16:16:36 | 00,098,304 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe -- (Backup Scheduler [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2000/11/15 18:53:04 | 00,237,568 | ---- | M] (Promise Technology Inc.) -- C:\Program Files\Promise\FastTrak\FtrakSvc.exe -- (FastTrakSvc [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
SRV - [2003/12/17 15:51:44 | 00,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService [Auto | Running])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found -- -- (idsvcSPTISRV [Auto | Stopped])
SRV - File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])
SRV - [2002/01/14 07:49:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Auto | Running])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/04 03:56:42 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iprip.dll -- (Iprip [Auto | Running])
SRV - [2009/05/05 22:38:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/02/22 16:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/06/17 16:56:16 | 00,207,936 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe -- (NsService [Auto | Running])
SRV - [2007/02/14 01:32:36 | 00,159,811 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/01/30 15:19:20 | 00,065,625 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2008/06/17 16:23:48 | 00,093,248 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe -- (Real time Backup Loader [Auto | Running])
SRV - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2006/11/20 03:42:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2004/01/30 15:16:06 | 00,065,622 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2008/07/15 17:38:32 | 00,394,608 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2002/01/24 16:10:40 | 00,126,976 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_ [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 02:00:04 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\4mmdat.sys -- (4mmdat [On_Demand | Running])
DRV - [2009/02/05 16:05:12 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2004/08/04 02:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2000/06/27 14:39:16 | 00,022,994 | ---- | M] (AMD Corporation) -- C:\WINDOWS\System32\DRIVERS\amdagp10.sys -- (amdagp10 [Boot | Running])
DRV - [2002/08/29 00:59:12 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\System32\DRIVERS\AN983.sys -- (AN983 [On_Demand | Running])
DRV - [2007/02/06 15:01:48 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [System | Running])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:24 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2001/08/17 12:48:52 | 00,281,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys -- (ati2mpaa [On_Demand | Stopped])
DRV - [2001/09/26 23:32:38 | 00,285,088 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys -- (ati2mtaa [On_Demand | Stopped])
DRV - [2004/08/04 01:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys -- (atinrvxx [On_Demand | Stopped])
DRV - [2001/08/17 12:49:12 | 00,049,920 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atirtcap.sys -- (ATIVRVXX [On_Demand | Stopped])
DRV - [2006/05/04 02:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped])
DRV - [2006/05/04 02:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped])
DRV - [2004/04/13 15:37:56 | 00,285,824 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2002/07/19 08:10:20 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup [System | Running])
DRV - [2008/06/17 16:16:46 | 00,155,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk [System | Running])
DRV - [2008/06/17 16:16:46 | 00,077,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap [Boot | Running])
DRV - [2003/03/30 12:19:20 | 00,006,494 | ---- | M] (Mitsubishi Electric , NEC-Mitsubishi Electric Visual Systems) -- C:\WINDOWS\System32\DRIVERS\Moni2c.sys -- (DDCCI [On_Demand | Stopped])
DRV - [2004/04/15 22:57:26 | 00,140,416 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
DRV - [2004/04/13 15:37:30 | 00,023,680 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2002/06/03 11:18:32 | 00,040,832 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371 [On_Demand | Running])
DRV - [2002/05/23 11:28:56 | 00,070,656 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\fasttrak.sys -- (fasttrak [Boot | Running])
DRV - [2004/08/04 02:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/12/17 15:41:38 | 00,005,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys -- (GhPciScan [System | Running])
DRV - [2007/02/06 13:27:04 | 00,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2004/09/22 09:01:20 | 00,814,464 | R--- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys -- (hcwPVRP2 [On_Demand | Stopped])
DRV - [2002/01/14 07:49:38 | 00,033,602 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk [Boot | Running])
DRV - [2001/09/19 06:11:00 | 00,050,432 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys -- (l8042pr2 [On_Demand | Stopped])
DRV - [2001/09/19 06:11:00 | 00,022,064 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys -- (LHidFlt2 [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,037,822 | ---- | M] (Logitech) -- C:\WINDOWS\system32\drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,005,840 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2 [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,067,440 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2004/04/13 19:20:08 | 00,015,781 | R--- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2004/04/13 15:29:22 | 00,023,680 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2004/08/04 01:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys -- (MVDCODEC [Auto | Stopped])
DRV - [2007/02/14 01:32:32 | 03,983,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/04/16 14:21:30 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/04/13 15:23:58 | 00,117,248 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
DRV - [2008/05/22 18:22:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/10/07 16:42:14 | 00,038,468 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Stopped])
DRV - [2004/04/15 22:53:40 | 00,198,528 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2004/05/16 20:46:18 | 00,390,752 | R--- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\wlanCIG.sys -- (wlanCIG [On_Demand | Running])
DRV - [2004/03/01 14:57:04 | 00,010,368 | ---- | M] (Streamzap, Inc.) -- C:\WINDOWS\system32\drivers\zremote.sys -- (zremote [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.yahoo.com/index.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/index.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/05 22:38:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2005/04/27 22:53:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2005/04/27 22:53:26 | 00,000,000 | ---D | M]

[2005/04/30 10:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Wilson\Application Data\mozilla\Firefox\Profiles\5nzx41m4.default\extensions
[2005/04/27 22:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2005/04/27 22:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/05 22:38:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2007/10/20 10:31:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2007/10/09 01:33:30 | 00,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/10/09 01:33:30 | 00,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/10/09 01:33:32 | 00,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/10/09 01:33:32 | 00,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/10/09 01:33:32 | 00,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/10/08 20:39:56 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2007/10/08 20:39:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/10/08 20:39:56 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2007/10/08 20:39:56 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/10/08 20:39:56 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/10/08 20:39:56 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {81CA3009-6200-4A6D-93C6-F1E9A6821C7F} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY (Conexant Systems, Inc.)
O4 - HKLM..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" (Safer Networking Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004..\Run: [LDM] \Program\BackWeb-8876480.exe File not found
O4 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe (2Wire Inc.)
O4 - Startup: C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe (MJMSoft Design Limited)
O4 - Startup: C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O8 - Extra context menu item: Download with GetRight - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Open with GetRight Browser - Reg Error: Value error. File not found
O9 - Extra Button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - File not found
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - File not found
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxmsdec.CAB (Reg Error: Key error.)
O16 - DPF: {00000160-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://gulllake.gospelcom.net/unsecure/other_media/views/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} http://www.live365.com/players/p365vip.cab (Live365PlayerVIP Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab (Microsoft.WinRep)
O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx (PWReset Control)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab (Install Class)
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} http://entimg.msn.com/client/msnediag3518.cab (MsneDiag Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab (YbUploadFavsCtl Class)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} http://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.8121527778 (Reg Error: Key error.)
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab (Autodesk DWF Viewer Control)
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab (WebResponseAttachments Control)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab (Live365Player Class)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate.microsoft.com/R848/V31Controls/x86/w98/en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (iTunesDetector Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3518.cab (MsnMusicAx Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Checkers http://download.games.yahoo.com/games/clients/y/kt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chess http://download.yahoo.com/games/clients/y/cr1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Hearts http://download.yahoo.com/games/clients/y/hr1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.yahoo.com/games/clients/y/por9_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\gibbebx.dll ()
O24 - Desktop Components:0 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/23 09:33:06 | 00,000,099 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2001/11/04 15:42:42 | 00,000,095 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2001/11/05 23:02:34 | 00,000,095 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell - "" = AutoRun
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2002/03/23 10:06:56 | 00,000,000 | ---D | M]

proskoma · May 16, 2009

OTListIt.txt PT 2

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/05/16 08:20:17 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe
[2009/05/16 08:14:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/05/16 08:09:32 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/16 08:09:19 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe
[2009/05/16 08:05:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/13 07:50:42 | 00,000,000 | -HSD | C] -- C:\FOUND.043
[2009/05/08 11:01:12 | 00,000,000 | --S- | C] () -- C:\WINDOWS\System32\148114617.dat
[2009/05/07 23:33:17 | 16,101,45792 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/07 22:28:26 | 01,080,054 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\Aquarium 1.bmp
[2009/05/07 22:24:10 | 01,080,056 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\bach.bmp
[2009/05/07 22:11:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Money Plus
[2009/05/06 18:41:05 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\dds.scr
[2009/05/06 00:10:58 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 00:10:57 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/06 00:10:57 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/06 00:10:57 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/06 00:10:57 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/06 00:10:57 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/06 00:10:57 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/06 00:10:57 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/06 00:10:57 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/06 00:10:41 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/06 00:10:41 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/06 00:10:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/06 00:03:40 | 00,147,100 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/05 22:11:10 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\gibbebx.dat
[2009/05/05 22:10:14 | 00,001,024 | -H-- | C] () -- C:\diskfile1
[2009/05/05 22:10:13 | 00,016,384 | -H-- | C] () -- C:\logicinf.bin
[2009/05/05 21:53:01 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\dllgidoor.dat
[2009/04/28 19:05:04 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\gmer.exe
[2009/04/23 20:39:11 | 02,988,491 | R--- | C] () -- C:\Documents and Settings\David Wilson\Desktop\ComboFix.exe
[2009/04/22 18:53:37 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/22 18:53:35 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/22 18:53:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/22 18:52:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/22 18:52:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/22 18:52:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/22 18:52:40 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/22 18:52:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/22 18:52:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/22 18:52:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/22 18:52:40 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/22 18:52:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/20 19:43:08 | 00,000,000 | ---D | C] -- C:\rsit
[2009/04/19 18:34:48 | 00,360,021 | ---- | C] () -- C:\something.scr
[2009/04/18 14:49:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/18 14:49:17 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/18 14:49:07 | 00,000,523 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\NTREGOPT.lnk
[2009/04/18 14:49:05 | 00,000,504 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\ERUNT.lnk
[2009/04/18 14:49:00 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/18 10:10:52 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/18 10:09:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/18 00:21:42 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\Spybot - Search & Destroy.lnk
[2009/04/18 00:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/18 00:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/17 21:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Wilson\Application Data\Malwarebytes
[2009/04/17 21:04:10 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/17 21:04:10 | 00,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/17 21:04:08 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/17 21:04:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/17 21:04:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/17 19:53:43 | 00,000,066 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/17 08:22:21 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/04/16 21:00:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{A21E413E-98CC-4ABB-9843-E6AA4F456F61}
[2008/12/20 18:15:42 | 03,421,371 | ---- | C] () -- C:\WINDOWS\System32\gibbebx.dll
[2008/12/20 18:15:42 | 03,048,796 | ---- | C] () -- C:\WINDOWS\System32\dllgidoor.dll
[2008/10/11 13:52:43 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2008/10/11 13:52:43 | 00,077,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys
[2008/10/04 12:00:34 | 00,139,430 | ---- | C] () -- C:\WINDOWS\System32\urifil.dll
[2008/10/04 12:00:31 | 00,039,360 | ---- | C] () -- C:\WINDOWS\System32\bugreport.dll
[2008/05/22 18:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 18:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 18:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/08 09:37:39 | 00,000,782 | ---- | C] () -- C:\WINDOWS\System32\snetbonly.dll
[2007/10/21 19:14:25 | 00,334,174 | ---- | C] () -- C:\WINDOWS\sqlite3.dll
[2007/08/18 08:33:06 | 00,390,752 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\wlanCIG.sys
[2007/08/12 18:04:09 | 00,158,856 | ---- | C] () -- C:\WINDOWS\System32\pxyfil.dll
[2007/07/25 15:24:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/14 01:32:38 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/02/14 01:32:38 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/02/14 01:32:36 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/02/14 01:32:36 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/02/14 01:32:36 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/02/14 01:32:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/14 01:32:32 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/03 12:23:24 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/26 16:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/22 00:36:14 | 00,000,252 | ---- | C] () -- C:\WINDOWS\System32\SNet.dll
[2006/02/05 19:01:10 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/07/10 19:34:23 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/22 15:22:22 | 00,000,281 | ---- | C] () -- C:\WINDOWS\irremote.ini
[2005/05/22 15:21:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2005/05/22 15:21:24 | 00,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2005/05/22 14:48:36 | 00,002,586 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005/01/26 17:07:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/01/15 12:23:28 | 00,000,479 | ---- | C] () -- C:\WINDOWS\RAIDeUtility.ini
[2004/12/20 10:59:02 | 00,000,119 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2004/10/10 19:32:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/08/04 03:56:42 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/27 16:34:09 | 00,000,031 | ---- | C] () -- C:\WINDOWS\oupdate.INI
[2004/07/25 22:32:36 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/07/12 17:38:44 | 00,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2004/07/12 17:38:15 | 00,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2004/05/15 21:33:31 | 00,001,100 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2004/04/27 17:49:59 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2003/11/30 14:39:16 | 00,000,222 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2003/09/26 20:07:47 | 00,001,222 | ---- | C] () -- C:\WINDOWS\System32\usrfil.dll
[2003/06/11 18:32:46 | 00,001,842 | ---- | C] () -- C:\WINDOWS\System32\csnews.dll
[2003/03/01 08:08:20 | 00,000,348 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/12/10 13:13:32 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\GSnap.dll
[2002/12/10 13:13:32 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\atlcontrol.dll
[2002/12/10 13:13:32 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UninstGMT.dll
[2002/12/10 13:12:24 | 00,000,494 | ---- | C] () -- C:\WINDOWS\demo.INI
[2002/12/10 01:36:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\gbttk.dll
[2002/11/11 19:45:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\NetStat32.dll
[2002/09/25 21:48:36 | 00,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2002/09/25 21:48:36 | 00,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2002/08/15 07:32:26 | 00,022,618 | ---- | C] () -- C:\WINDOWS\System32\perfil.dll
[2002/08/15 07:32:26 | 00,017,672 | ---- | C] () -- C:\WINDOWS\System32\nvgamfil.dll
[2002/08/15 07:32:26 | 00,016,802 | ---- | C] () -- C:\WINDOWS\System32\popfil.dll
[2002/08/15 07:32:26 | 00,014,712 | ---- | C] () -- C:\WINDOWS\System32\tafil.dll
[2002/08/15 07:32:26 | 00,012,730 | ---- | C] () -- C:\WINDOWS\System32\psyfil.dll
[2002/08/15 07:32:26 | 00,012,266 | ---- | C] () -- C:\WINDOWS\System32\sporfil.dll
[2002/08/15 07:32:26 | 00,009,634 | ---- | C] () -- C:\WINDOWS\System32\pkmon.dll
[2002/08/15 07:32:26 | 00,006,830 | ---- | C] () -- C:\WINDOWS\System32\swfil.dll
[2002/08/15 07:32:26 | 00,006,050 | ---- | C] () -- C:\WINDOWS\System32\wrestfil.dll
[2002/08/15 07:32:26 | 00,002,246 | ---- | C] () -- C:\WINDOWS\System32\wzfil.dll
[2002/08/15 07:32:26 | 00,001,656 | ---- | C] () -- C:\WINDOWS\System32\tapfil.dll
[2002/08/15 07:32:26 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\mp3fil.dll
[2002/08/15 07:32:26 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\spmfil.dll
[2002/08/15 07:32:24 | 00,013,154 | ---- | C] () -- C:\WINDOWS\System32\finfil.dll
[2002/08/15 07:32:24 | 00,012,422 | ---- | C] () -- C:\WINDOWS\System32\entfil.dll
[2002/08/15 07:32:24 | 00,011,338 | ---- | C] () -- C:\WINDOWS\System32\fmfil.dll
[2002/08/15 07:32:24 | 00,009,796 | ---- | C] () -- C:\WINDOWS\System32\gnfil.dll
[2002/08/15 07:32:24 | 00,008,652 | ---- | C] () -- C:\WINDOWS\System32\jbfil.dll
[2002/08/15 07:32:24 | 00,007,778 | ---- | C] () -- C:\WINDOWS\System32\movfil.dll
[2002/08/15 07:32:24 | 00,007,642 | ---- | C] () -- C:\WINDOWS\System32\Auctfil.dll
[2002/08/15 07:32:24 | 00,001,816 | ---- | C] () -- C:\WINDOWS\System32\fshrfil.dll
[2002/08/13 23:28:02 | 00,094,996 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2002/08/13 23:28:02 | 00,013,034 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2002/08/13 23:28:02 | 00,010,862 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2002/08/13 23:28:02 | 00,005,880 | ---- | C] () -- C:\WINDOWS\System32\wfileu.drv
[2002/08/13 23:28:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2002/08/13 23:28:02 | 00,004,826 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2002/08/13 23:28:02 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2002/08/13 23:28:02 | 00,003,818 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2002/08/13 23:28:02 | 00,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2002/08/13 23:28:02 | 00,003,360 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2002/08/13 23:28:02 | 00,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2002/08/13 23:28:02 | 00,001,468 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2002/08/13 23:28:02 | 00,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2002/06/04 23:55:32 | 00,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2002/04/28 14:54:12 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2002/03/23 11:39:16 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2002/03/23 10:08:10 | 00,076,659 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/03/23 10:08:08 | 00,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2002/03/23 10:08:08 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2002/03/23 10:08:08 | 00,001,467 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/23 10:08:08 | 00,000,924 | ---- | C] () -- C:\WINDOWS\fauve.ini
[2002/03/23 10:08:08 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2002/03/23 10:08:08 | 00,000,677 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/03/23 10:08:08 | 00,000,509 | ---- | C] () -- C:\WINDOWS\FS.INI
[2002/03/23 10:08:08 | 00,000,470 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2002/03/23 10:08:08 | 00,000,459 | ---- | C] () -- C:\WINDOWS\YACHT-Z.INI
[2002/03/23 10:08:08 | 00,000,277 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/23 10:08:08 | 00,000,277 | ---- | C] () -- C:\WINDOWS\AATOOLS.INI
[2002/03/23 10:08:08 | 00,000,233 | ---- | C] () -- C:\WINDOWS\NETSCAPE.INI
[2002/03/23 10:08:08 | 00,000,226 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2002/03/23 10:08:08 | 00,000,221 | ---- | C] () -- C:\WINDOWS\emsoft.ini
[2002/03/23 10:08:08 | 00,000,199 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2002/03/23 10:08:08 | 00,000,192 | ---- | C] () -- C:\WINDOWS\mb.ini
[2002/03/23 10:08:08 | 00,000,152 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2002/03/23 10:08:08 | 00,000,149 | ---- | C] () -- C:\WINDOWS\XDCS_DO2.INI
[2002/03/23 10:08:08 | 00,000,144 | ---- | C] () -- C:\WINDOWS\INDEO.INI
[2002/03/23 10:08:08 | 00,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2002/03/23 10:08:08 | 00,000,122 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/03/23 10:08:08 | 00,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2002/03/23 10:08:08 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/03/23 10:08:08 | 00,000,095 | ---- | C] () -- C:\WINDOWS\icewin.INI
[2002/03/23 10:08:08 | 00,000,089 | ---- | C] () -- C:\WINDOWS\KingsC.ini
[2002/03/23 10:08:08 | 00,000,080 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2002/03/23 10:08:08 | 00,000,072 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2002/03/23 10:08:08 | 00,000,050 | ---- | C] () -- C:\WINDOWS\winfile.ini
[2002/03/23 10:08:08 | 00,000,042 | ---- | C] () -- C:\WINDOWS\CRISPY.INI
[2002/03/23 10:08:08 | 00,000,031 | ---- | C] () -- C:\WINDOWS\MSCHOMP.INI
[2002/03/23 10:08:08 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2002/03/23 10:08:08 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SYSCHECK.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RESMNGR.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCFRIEND.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hjbrowse.ini
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2002/03/23 10:08:06 | 00,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2002/03/23 10:08:06 | 00,008,405 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2002/03/23 10:08:06 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2002/03/23 10:08:06 | 00,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2002/03/23 10:08:06 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2002/03/23 10:08:06 | 00,000,180 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2002/03/23 10:08:06 | 00,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2002/03/23 10:08:06 | 00,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2002/03/23 10:08:06 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2002/03/23 10:08:06 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2002/03/23 09:51:34 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2002/03/23 09:51:32 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2001/12/27 23:55:26 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2001/12/27 23:55:26 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2001/12/17 07:22:30 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2001/12/17 07:22:28 | 00,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2001/08/26 15:08:16 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2001/08/23 12:00:04 | 00,003,166 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 12:00:04 | 00,000,638 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/05/06 23:59:46 | 00,149,504 | ---- | C] () -- C:\WINDOWS\unwise32.dll
[2001/01/29 00:43:42 | 00,161,792 | ---- | C] () -- C:\WINDOWS\System32\nfsspi.dll
[2001/01/29 00:00:58 | 00,002,048 | ---- | C] () -- C:\WINDOWS\MNMGM32.DLL
[2000/06/22 14:34:24 | 00,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2000/06/22 14:33:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\HcdDll32.dll
[2000/06/22 14:33:36 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\HWDll.dll
[2000/06/20 13:11:02 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\cdtool.dll
[2000/05/13 16:59:44 | 00,054,266 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2000/05/13 10:27:11 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2000/05/13 01:08:06 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\LTANN62N.DLL
[2000/05/13 01:08:06 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\LTIMG62N.DLL
[2000/05/13 01:08:06 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\Lftif62n.dll
[2000/05/13 01:08:06 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil62n.dll
[2000/05/13 01:08:06 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\LTWND62N.DLL
[2000/05/13 01:08:06 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2000/05/13 01:08:06 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\tvcntl32.dll
[2000/05/13 01:08:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\Lfpsd62n.dll
[2000/05/13 01:08:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lfwmf62n.dll
[2000/05/13 01:08:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lftga62n.dll
[2000/05/13 01:08:06 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwpg62n.dll
[2000/05/13 01:08:06 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfras62n.dll
[2000/05/13 01:08:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\Lfwfx62n.dll
[2000/05/13 01:08:05 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\Lffax62n.dll
[2000/05/13 01:08:05 | 00,158,720 | ---- | C] () -- C:\WINDOWS\System32\Lfcmp62n.dll
[2000/05/13 01:08:05 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng62n.dll
[2000/05/13 01:08:05 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\Lflma62n.dll
[2000/05/13 01:08:05 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\Lfica62n.dll
[2000/05/13 01:08:05 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lfpcx62n.dll
[2000/05/13 01:08:05 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lflmb62n.dll
[2000/05/13 01:08:05 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfeps62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfpct62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfgif62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfbmp62n.dll
[2000/05/13 01:08:05 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\Lfimg62n.dll
[2000/05/13 01:08:05 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfmsp62n.dll
[2000/05/13 01:08:05 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfmac62n.dll
[2000/05/13 01:08:05 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfcal62n.dll
[2000/05/13 01:08:05 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\Lfpcd62n.dll
[2000/05/13 01:08:00 | 00,162,816 | ---- | C] () -- C:\WINDOWS\System32\ccmpeg.dll
[1999/09/20 10:05:32 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/03/18 02:57:02 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\ThmUninst.dll
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 00,129,080 | ---- | C] () -- C:\WINDOWS\Logow.sys.bak
[1980/01/01 00:00:00 | 00,129,078 | ---- | C] () -- C:\WINDOWS\Logos.sys.bak
[1980/01/01 00:00:00 | 00,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/05/16 08:20:16 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe
[2009/05/16 08:16:56 | 00,421,976 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/16 08:16:56 | 00,343,762 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/16 08:16:56 | 00,069,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/16 08:14:38 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/16 08:14:10 | 00,012,208 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/16 08:14:10 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\David Wilson\Local Settings\desktop.ini
[2009/05/16 08:12:46 | 00,016,384 | -H-- | M] () -- C:\logicinf.bin
[2009/05/16 08:12:44 | 00,001,024 | -H-- | M] () -- C:\diskfile1
[2009/05/16 08:12:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/16 08:12:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/16 08:12:28 | 16,101,45792 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/16 08:09:34 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/16 08:06:42 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/16 08:06:42 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/16 08:05:20 | 03,579,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/16 08:02:34 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/16 07:53:46 | 00,222,368 | ---- | M] () -- C:\ntldr
[2009/05/15 06:29:02 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
[2009/05/14 23:12:32 | 00,000,638 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/14 22:38:54 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\Spybot - Search & Destroy.lnk
[2009/05/14 22:24:26 | 02,988,491 | R--- | M] () -- C:\Documents and Settings\David Wilson\Desktop\ComboFix.exe
[2009/05/14 17:50:10 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/08 11:01:14 | 00,000,000 | --S- | M] () -- C:\WINDOWS\System32\148114617.dat
[2009/05/07 23:33:16 | 16,100,76160 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/05/07 22:28:26 | 01,080,054 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\Aquarium 1.bmp
[2009/05/07 22:24:14 | 01,080,056 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\bach.bmp
[2009/05/06 18:41:06 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\dds.scr
[2009/05/06 00:11:00 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 00:10:58 | 00,003,021 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/06 00:03:42 | 00,147,100 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/05 23:52:10 | 00,003,166 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/05 22:16:22 | 00,390,777 | ---- | M] () -- C:\WINDOWS\csfilts.cab
[2009/05/05 22:11:12 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\gibbebx.dat
[2009/05/05 21:54:18 | 00,000,039 | ---- | M] () -- C:\WINDOWS\liccyval.dat
[2009/05/05 21:53:02 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\dllgidoor.dat
[2009/04/28 19:05:04 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\gmer.exe
[2009/04/22 19:05:44 | 00,001,222 | ---- | M] () -- C:\WINDOWS\System32\usrfil.dll
[2009/04/22 19:04:10 | 00,005,880 | ---- | M] () -- C:\WINDOWS\System32\wfileu.drv
[2009/04/22 18:53:38 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/19 18:29:52 | 00,360,021 | ---- | M] () -- C:\something.scr
[2009/04/18 21:23:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/18 14:49:18 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/18 14:49:08 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\NTREGOPT.lnk
[2009/04/18 14:49:06 | 00,000,504 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\ERUNT.lnk
[2009/04/18 10:10:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/17 21:04:12 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/17 19:53:44 | 00,000,066 | ---- | M] () -- C:\WINDOWS\wininit.ini
< End of report >

proskoma · May 16, 2009

Extras.Txt

OTListIt Extras logfile created on: 5/16/2009 8:21:00 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\David Wilson\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 65.64% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.82 Gb Total Space | 30.66 Gb Free Space | 27.92% Space Free | Partition Type: FAT32
Drive D: | 8.09 Gb Total Space | 6.72 Gb Free Space | 83.06% Space Free | Partition Type: FAT32
Drive E: | 55.88 Gb Total Space | 30.61 Gb Free Space | 54.77% Space Free | Partition Type: FAT32
Drive F: | 39.21 Gb Total Space | 25.54 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVEHOME
Current User Name: David Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- E:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*

isabled

xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\WINDOWS\Cyb2k.exe:*:Enabled:CYBERsitter Control Panel
[2006/12/10 17:06:56 | 03,364,168 | ---- | M] (Headlight Software, Inc.) -- E:\Program Files\GetRight\getright.exe:*:Enabled:GetRight® www.getright.com
[2000/06/27 16:09:58 | 02,695,213 | ---- | M] (Microsoft Corporation) -- E:\Age of Empires II\Age2_X1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion
[2000/11/20 18:53:28 | 06,483,968 | ---- | M] (Macromedia, Inc.) -- E:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe:*:Enabled

reamweaver
[2006/12/02 09:21:20 | 02,672,640 | ---- | M] (Digital Information Network) -- C:\Program Files\Common Files\Doppler 10 Pinpoint Alert\TrueWeather.exe:*:Enabled:TrueWeather
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\PVSLibraryAppService.exe:*:Enabled:Beyond TV Library Service
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServer.exe:*:Enabled:Beyond TV Web Server
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\PVSConfigService.exe:*:Enabled:Beyond TV Settings Service
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape
[2004/08/04 03:56:52 | 00,815,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console
File not found -- E:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service
File not found -- C:\Program Files\Grisoft\AVG Free\avgw.exe:*:Enabled:AVG Free Edition for Windows
File not found -- C:\Program Files\Grisoft\AVG Free\avgvv.exe:*:Enabled:AVG Free Virus Vault
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service
[2001/10/12 20:36:42 | 04,102,275 | ---- | M] () -- E:\Program Files\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth
[2005/03/11 14:40:32 | 00,291,792 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32
[2006/12/13 17:48:32 | 00,079,360 | ---- | M] (Opera Software) -- F:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
[2003/01/13 03:50:18 | 00,122,880 | R--- | M] (Electronic Arts) -- C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*

isabled

atchgrabber
File not found -- E:\Program Files\Real\RealOne Player\realplay.exe:*

isabled:RealOne Player
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*

isabled:Yahoo! FT Server
[2004/08/06 15:33:46 | 02,502,656 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*

isabled:Yahoo! Messenger
File not found -- C:\Program Files\SnapStream Media\Beyond TV 3\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard
[2007/04/02 12:23:34 | 00,035,160 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service
[2007/04/02 12:20:58 | 00,057,344 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service
[2007/04/02 12:20:54 | 00,065,536 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service
[2007/04/02 12:15:56 | 00,065,536 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine
[2007/04/02 12:16:36 | 00,139,264 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader
[2007/04/02 12:13:38 | 00,086,016 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service
[2007/04/02 12:20:42 | 00,204,800 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service
[2007/04/02 12:22:42 | 00,180,224 | ---- | M] (SnapStream Media, Inc.) -- C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape
[2007/04/02 12:23:34 | 07,761,224 | ---- | M] (SnapStream Media, Inc.) -- C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard
[2007/04/02 12:21:18 | 00,031,232 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy
File not found -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07B02BD4-E799-4945-B240-166CA9A9BE2D}" = Multimedia Card Reader
"{0C3B9465-E882-11D3-BF71-00C04FA0D6AE}" = NovaBACKUP
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{179C8887-E768-4FF6-9008-1F665AD9F6FC}" = TPP Storage Class Driver
"{17F44736-17BF-4ACE-910E-A743C5D55129}" = Sonic CinePlayer MPEG Combo Pack
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18DF995F-2ACC-47E4-A33B-A703F4D39E92}" = CuteFTP 5.0 XP
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26C849AB-1865-412D-B87D-B18BC5CB6C60}" = OpenMG Secure Module 3.4.01
"{28638102-02DB-43C5-9358-7596ED0FCBC2}" = Ten Thumbs Typing Tutor
"{312DFE8A-7B3A-41D4-AB00-52ACDB05ABE2}" = Ten Thumbs 4.3
"{31851B85-C98E-44DE-8750-9843BCD63963}" = Adobe After Effects 5.5
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{372FB8CA-E690-4FB2-B2DB-649768691561}" = NovaBACKUP
"{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}" = Beyond TV DVD Burning Foundation
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10.0.3
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4C93C363-414E-11D4-9756-00C04F8EEB39}" = Macromedia Flash 5
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.41 .1
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5D312C74-93CA-4B79-BEBB-95D3982379E1}" = VBA (3821h)
"{5D582D33-EB35-4D77-B7AF-403322D947E6}" = Opera 9.10
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A750221-B84D-419D-B11C-5F597FDBA826}" = Movavi Video Converter 6
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{71AE4702-5C47-43BB-BDD6-21C84D086B82}" = Tweaki...for Power Users
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}" = NEC-Mitsubishi NaViSet
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{87F93AA6-C062-40AC-970F-DEE3628548D9}" = CYBERsitter 10
"{89818D7D-C128-4DC2-8DC8-326DC904969C}" = Roxio Easy Media Creator 7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Roxio Burn Engine
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}" = Myst IV - Revelation
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{97E38F11-0FBE-4BC2-9EE1-5B1421C76F27}" = Adobe GoLive 6.0
"{9CD51F8E-A936-46D2-93BA-140D3F08BDD6}" = Eudora
"{A0B295C3-FD3C-11D4-A811-0090279106C3}" = WordPerfect Office 2002
"{A36BE275-BD22-406C-8D2D-ED99F9E6C0B4}" = IKEA HomePlanner Kitchen
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3E3EAEC-A20E-48EE-B161-A43B552D5465}" = Personal Color Viewer 2.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}" = Norton Ghost
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}" = Visual Studio 2005 Redist Package
"{E86496D9-5009-4FFF-AABD-6E62CDFAC7B7}" = Beyond TV DVD Burning Foundation
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EB091860-8C2B-4E49-A543-666373C39E6F}" = microKORG SoundEditor
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"123 Free Solitaire" = 123 Free Solitaire
"1Click DVD to Divx Avi 2.12_is1" = 1Click DVD to Divx Avi 2.12
"AccuChef" = AccuChef
"Active Disk" = Active Disk
"Actual Checkers 2000 R_is1" = Actual Checkers 2000 R
"Adaptec EZ-SCSI Standard Edition 5.0" = Adaptec EZ-SCSI Standard Edition 5.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe Type Manager Deluxe 4.1" = Adobe Type Manager Deluxe 4.1
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires 2.0" = Microsoft Age of Empires II
"AniRez" = AniRez
"ATI Display Driver" = ATI Display Driver
"ATI Multimedia Center" = ATI Multimedia Center
"audcle" = Plus! MP3 Audio Converter LE
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"avast!" = avast! Antivirus
"AWSPS 4.02" = AWSPS 4.02
"Beyond TV" = SnapStream Beyond TV 4.6.1
"Chessmaster 8000" = Chessmaster 8000
"Cover Art Downloader_is1" = Cover Art Downloader v1.2
"c--program files-readmagic" = REALmagic Hollywood Plus
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Desktop Architect" = Desktop Architect
"Dialog Box Assistant_is1" = Dialog Box Assistant 1.01
"Director 8 Shockwave Studio" = Director 8 Shockwave Studio
"DirectVobSub" = DirectVobSub (remove only)
"Doppler 10 Pinpoint Alert" = Doppler 10 Pinpoint Alert
"DR-92 Manager" = DR-92 Manager
"Elecard MPEG Player 5.3.80624" = Elecard MPEG Player
"Enable S3 for USB Device" = Enable S3 for USB Device
"ERUNT_is1" = ERUNT 1.1j
"FastTrak RAID controller utility" = FastTrak RAID controller utility
"Firefly Mini" = SnapStream Firefly Mini 1.0.2
"FontLook" = FontLook
"GetRight" = GetRight
"GoldLeo DVD Ripper_is1" = GoldLeo DVD Ripper 2.2
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hauppauge WinTV-PVR 150 Drivers" = Hauppauge WinTV-PVR 150 Drivers
"HijackThis" = HijackThis 2.0.2
"hp deskjet 840c series" = hp deskjet 840c series (Remove only)
"hp deskjet 840c series_Driver" = hp deskjet 840c series
"HTMLPad 2004 Pro_is1" = HTMLPad 2004 Pro v5.0
"HyperCD" = HyperCD
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{07B02BD4-E799-4945-B240-166CA9A9BE2D}" = Multimedia Card Reader
"InstallShield_{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}" = NEC-Mitsubishi NaViSet
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Iomega App Services" = Iomega App Services
"IomegaWare" = IomegaWare
"iSofter DVD Ripper Platinum_is1" = iSofter DVD Ripper Platinum 3.0.2007.228
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Macromedia FreeHand 9" = Macromedia FreeHand 9
"Macromedia Generator 2" = Macromedia Generator 2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Cleaner Pro402a" = Media Cleaner Pro
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft Interactive CD Sampler" = Microsoft Interactive CD Sampler
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Money2008b" = Microsoft Money Plus
"Mozilla Firefox (2.0.0.8)" = Mozilla Firefox (2.0.0.8)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Entertainment Download Troubleshooter" = MSN Entertainment Download Troubleshooter
"MSN Music Assistant" = MSN Music Assistant
"Musicnotes Player_is1" = Musicnotes Player V1.23.1 and Viewer
"MVApplication1" = SureThing CD Labeler 4 SE
"MySQL Connector/ODBC 3.51" = MySQL Connector/ODBC 3.51
"nanoPEG-Editor 2.2 Hauppauge Edition_is1" = nanoPEG-Editor 2.2 Hauppauge Edition
"NetAccountability" = NetAccountability
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix3.4-04-14-17-01" = OpenMG Limited Patch 3.4-04-16-16-01
"PicasaNet" = Hello (remove only)
"PolderbitSRecorder" = PolderbitS Sound Recorder and Editor
"QTam Bitmap to Icon_is1" = QTam Bitmap to Icon 3.5
"RDStudio5" = Ray Dream Studio v5.0
"RealAlt_is1" = Real Alternative 1.52 Lite
"REALmagic Hollywood Plus" = REALmagic Hollywood Plus
"RealVNC_is1" = VNC Free Edition 4.1.1
"Red Alert" = Red Alert Windows 95
"Red Alert 2" = Command & Conquer Red Alert 2
"SCRABBLE" = SCRABBLE
"Shockwave" = Shockwave
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"SimCity 3000" = SimCity 3000
"Sound Blaster PCI128" = Sound Blaster PCI128
"SuperDVD Player_is1" = SuperDVD Player V4.0
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TrayDay" = TrayDay
"USB 2.0 Host Controller Driver" = USB 2.0 Host Controller Driver
"wa2wmp" = Windows Media Player Skin Importer
"WavePad" = WavePad Uninstall
"wdtmgmt" = Microsoft Word 97 Time Mgmt Wizard Pack (Remove only)
"WhatsMyDNS" = Solid Oak Software WhatsMyDNS 1.8.2.23
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WOLAPI" = Westwood Shared Internet Components
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wtcc II" = Wtcc II
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/15/2009 7:03:09 AM | Computer Name = DAVEHOME | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 5/15/2009 7:03:09 AM | Computer Name = DAVEHOME | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 5/15/2009 7:03:59 AM | Computer Name = DAVEHOME | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 5/15/2009 7:03:59 AM | Computer Name = DAVEHOME | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 5/15/2009 7:04:02 AM | Computer Name = DAVEHOME | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 5/15/2009 7:04:02 AM | Computer Name = DAVEHOME | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 5/15/2009 7:07:59 AM | Computer Name = DAVEHOME | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 5/15/2009 7:07:59 AM | Computer Name = DAVEHOME | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

[ Application Events ]
Error - 5/15/2009 7:12:47 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:47 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:47 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:49 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:49 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:49 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:49 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:49 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:49 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

Error - 5/15/2009 7:12:58 AM | Computer Name = DAVEHOME | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 5/16/2009 8:06:18 AM | Computer Name = DAVEHOME | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/16/2009 8:06:28 AM | Computer Name = DAVEHOME | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 5/16/2009 8:06:28 AM | Computer Name = DAVEHOME | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 5/16/2009 8:06:28 AM | Computer Name = DAVEHOME | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%1359

Error - 5/16/2009 8:06:34 AM | Computer Name = DAVEHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error - 5/16/2009 8:12:51 AM | Computer Name = DAVEHOME | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/16/2009 8:12:57 AM | Computer Name = DAVEHOME | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 5/16/2009 8:12:57 AM | Computer Name = DAVEHOME | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 5/16/2009 8:12:57 AM | Computer Name = DAVEHOME | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%1359

Error - 5/16/2009 8:13:04 AM | Computer Name = DAVEHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

< End of report >

Blade81 · May 16, 2009

Hi

Uninstall Firefox 2.0.0.8 since 2.x.x.x series is not supported anymore. If you still want to use Firefox then you may get the latest version here later.

Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall also CYBERsitter.

Reboot and create new OTListIt.txt log. Has the issue status changed after IE7 uninstallation?

proskoma · May 18, 2009

uninstalling IE7 made no alteration to the problems - cybersitter was uninstalled a few weeks ago - any references to it in logs are bits it left behind

Should we not be working on figuring out what exactly is launching the instance of the iexplore.exe process which appears at each launch of windows?

I still have a directory c:\Program Files\Internet Explorer even after the uninstall. I tried renaming the iexplore.exe application in that directory to another name and a few seconds later iexplore.exe appeared again in that same directory.

Windows continues to start with one instance of iexplore.exe which then multiplies with each navigation double-click my computer and the various hard drives.

This link describes part of my problem - any thots on the solution it suggests:

http://dly.free.fr/site/spip.php?article2

Followed your advise - uninstalled and then installed newest versions of Firefox and Acrobat Reader. New OT List follows.

proskoma · May 18, 2009

OTListIt.TXT PT 1 - 5.17.09

OTListIt logfile created on: 5/17/2009 10:55:55 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\David Wilson\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 66.08% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.82 Gb Total Space | 30.65 Gb Free Space | 27.91% Space Free | Partition Type: FAT32
Drive D: | 8.09 Gb Total Space | 6.72 Gb Free Space | 83.06% Space Free | Partition Type: FAT32
Drive E: | 55.88 Gb Total Space | 30.61 Gb Free Space | 54.77% Space Free | Partition Type: FAT32
Drive F: | 39.21 Gb Total Space | 25.50 Gb Free Space | 65.05% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVEHOME
Current User Name: David Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/06/17 16:16:32 | 00,176,128 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
PRC - [2000/11/15 18:53:04 | 00,237,568 | ---- | M] (Promise Technology Inc.) -- C:\Program Files\Promise\FastTrak\FtrakSvc.exe
PRC - [2003/12/17 15:51:44 | 00,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
PRC - [2002/01/14 07:49:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2009/05/05 22:38:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/02/22 16:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/17 16:56:16 | 00,207,936 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
PRC - [2007/02/14 01:32:36 | 00,159,811 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/06/17 16:23:48 | 00,093,248 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
PRC - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2006/11/20 03:42:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2002/01/24 16:10:40 | 00,126,976 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/06/13 06:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/04 03:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/04/13 19:45:30 | 00,290,905 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.EXE
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2002/08/20 10:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2009/05/05 22:38:38 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/05 16:08:46 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2004/04/13 20:47:56 | 00,335,979 | ---- | M] (2Wire Inc.) -- C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
PRC - [2002/10/22 06:50:00 | 00,204,800 | ---- | M] (MJMSoft Design Limited) -- C:\Program Files\TrayDay\TrayDay.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/04 03:56:58 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2004/08/04 03:56:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/16 08:20:16 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2000/11/30 14:30:40 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/06/17 16:16:36 | 00,098,304 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe -- (Backup Scheduler [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2000/11/15 18:53:04 | 00,237,568 | ---- | M] (Promise Technology Inc.) -- C:\Program Files\Promise\FastTrak\FtrakSvc.exe -- (FastTrakSvc [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
SRV - [2003/12/17 15:51:44 | 00,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService [Auto | Running])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found -- -- (idsvcSPTISRV [Auto | Stopped])
SRV - File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])
SRV - [2002/01/14 07:49:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Auto | Running])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/04 03:56:42 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iprip.dll -- (Iprip [Auto | Running])
SRV - [2009/05/05 22:38:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/02/22 16:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/06/17 16:56:16 | 00,207,936 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe -- (NsService [Auto | Running])
SRV - [2007/02/14 01:32:36 | 00,159,811 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/01/30 15:19:20 | 00,065,625 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2008/06/17 16:23:48 | 00,093,248 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe -- (Real time Backup Loader [Auto | Running])
SRV - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2006/11/20 03:42:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2004/01/30 15:16:06 | 00,065,622 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2008/07/15 17:38:32 | 00,394,608 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2002/01/24 16:10:40 | 00,126,976 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_ [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 02:00:04 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\4mmdat.sys -- (4mmdat [On_Demand | Running])
DRV - [2009/02/05 16:05:12 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2004/08/04 02:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2000/06/27 14:39:16 | 00,022,994 | ---- | M] (AMD Corporation) -- C:\WINDOWS\System32\DRIVERS\amdagp10.sys -- (amdagp10 [Boot | Running])
DRV - [2002/08/29 00:59:12 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\System32\DRIVERS\AN983.sys -- (AN983 [On_Demand | Running])
DRV - [2007/02/06 15:01:48 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [System | Running])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:24 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2001/08/17 12:48:52 | 00,281,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys -- (ati2mpaa [On_Demand | Stopped])
DRV - [2001/09/26 23:32:38 | 00,285,088 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys -- (ati2mtaa [On_Demand | Stopped])
DRV - [2004/08/04 01:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys -- (atinrvxx [On_Demand | Stopped])
DRV - [2001/08/17 12:49:12 | 00,049,920 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atirtcap.sys -- (ATIVRVXX [On_Demand | Stopped])
DRV - [2006/05/04 02:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped])
DRV - [2006/05/04 02:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped])
DRV - [2004/04/13 15:37:56 | 00,285,824 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2002/07/19 08:10:20 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup [System | Running])
DRV - [2008/06/17 16:16:46 | 00,155,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk [System | Running])
DRV - [2008/06/17 16:16:46 | 00,077,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap [Boot | Running])
DRV - [2003/03/30 12:19:20 | 00,006,494 | ---- | M] (Mitsubishi Electric , NEC-Mitsubishi Electric Visual Systems) -- C:\WINDOWS\System32\DRIVERS\Moni2c.sys -- (DDCCI [On_Demand | Stopped])
DRV - [2004/04/15 22:57:26 | 00,140,416 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
DRV - [2004/04/13 15:37:30 | 00,023,680 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2002/06/03 11:18:32 | 00,040,832 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371 [On_Demand | Running])
DRV - [2002/05/23 11:28:56 | 00,070,656 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\fasttrak.sys -- (fasttrak [Boot | Running])
DRV - [2004/08/04 02:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/12/17 15:41:38 | 00,005,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys -- (GhPciScan [System | Running])
DRV - [2007/02/06 13:27:04 | 00,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2004/09/22 09:01:20 | 00,814,464 | R--- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys -- (hcwPVRP2 [On_Demand | Stopped])
DRV - [2002/01/14 07:49:38 | 00,033,602 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk [Boot | Running])
DRV - [2001/09/19 06:11:00 | 00,050,432 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys -- (l8042pr2 [On_Demand | Stopped])
DRV - [2001/09/19 06:11:00 | 00,022,064 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys -- (LHidFlt2 [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,037,822 | ---- | M] (Logitech) -- C:\WINDOWS\system32\drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,005,840 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2 [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,067,440 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2004/04/13 19:20:08 | 00,015,781 | R--- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2004/04/13 15:29:22 | 00,023,680 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2004/08/04 01:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys -- (MVDCODEC [Auto | Stopped])
DRV - [2007/02/14 01:32:32 | 03,983,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/04/16 14:21:30 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/04/13 15:23:58 | 00,117,248 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
DRV - [2008/05/22 18:22:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/10/07 16:42:14 | 00,038,468 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Stopped])
DRV - [2004/04/15 22:53:40 | 00,198,528 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2004/05/16 20:46:18 | 00,390,752 | R--- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\wlanCIG.sys -- (wlanCIG [On_Demand | Running])
DRV - [2004/03/01 14:57:04 | 00,010,368 | ---- | M] (Streamzap, Inc.) -- C:\WINDOWS\system32\drivers\zremote.sys -- (zremote [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.yahoo.com/index.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/index.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/05 22:38:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2005/04/27 22:53:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2005/04/27 22:53:26 | 00,000,000 | ---D | M]

[2009/05/17 22:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Wilson\Application Data\mozilla\Extensions
[2009/05/17 22:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Wilson\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2005/04/30 10:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Wilson\Application Data\mozilla\Firefox\Profiles\5nzx41m4.default\extensions
[2005/04/27 22:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2005/04/27 22:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/05 22:38:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 02:01:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 02:01:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 11:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 14:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 11:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 05:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 15:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 00:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 14:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 11:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {81CA3009-6200-4A6D-93C6-F1E9A6821C7F} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY (Conexant Systems, Inc.)
O4 - HKLM..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" (Safer Networking Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004..\Run: [LDM] \Program\BackWeb-8876480.exe File not found
O4 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe (2Wire Inc.)
O4 - Startup: C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe (MJMSoft Design Limited)
O4 - Startup: C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O8 - Extra context menu item: Download with GetRight - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Open with GetRight Browser - Reg Error: Value error. File not found
O9 - Extra Button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - File not found
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - File not found
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxmsdec.CAB (Reg Error: Key error.)
O16 - DPF: {00000160-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://gulllake.gospelcom.net/unsecure/other_media/views/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} http://www.live365.com/players/p365vip.cab (Live365PlayerVIP Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab (Microsoft.WinRep)
O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx (PWReset Control)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab (Install Class)
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} http://entimg.msn.com/client/msnediag3518.cab (MsneDiag Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab (YbUploadFavsCtl Class)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} http://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.8121527778 (Reg Error: Key error.)
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab (Autodesk DWF Viewer Control)
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab (WebResponseAttachments Control)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab (Live365Player Class)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate.microsoft.com/R848/V31Controls/x86/w98/en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (iTunesDetector Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3518.cab (MsnMusicAx Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Checkers http://download.games.yahoo.com/games/clients/y/kt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chess http://download.yahoo.com/games/clients/y/cr1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Hearts http://download.yahoo.com/games/clients/y/hr1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.yahoo.com/games/clients/y/por9_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\gibbebx.dll ()
O24 - Desktop Components:0 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/23 09:33:06 | 00,000,099 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2001/11/04 15:42:42 | 00,000,095 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2001/11/05 23:02:34 | 00,000,095 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell - "" = AutoRun
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2002/03/23 10:06:56 | 00,000,000 | ---D | M]

proskoma · May 18, 2009

OTListIt.TXT PT 2 - 5.17.09

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/05/17 22:44:40 | 00,001,514 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/17 22:43:07 | 00,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/16 08:20:17 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe
[2009/05/16 08:09:32 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/16 08:05:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/13 07:50:42 | 00,000,000 | -HSD | C] -- C:\FOUND.043
[2009/05/08 11:01:12 | 00,000,000 | --S- | C] () -- C:\WINDOWS\System32\148114617.dat
[2009/05/07 23:33:17 | 16,101,45792 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/07 22:28:26 | 01,080,054 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\Aquarium 1.bmp
[2009/05/07 22:24:10 | 01,080,056 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\bach.bmp
[2009/05/07 22:11:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Money Plus
[2009/05/06 18:41:05 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\dds.scr
[2009/05/06 00:10:58 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 00:10:57 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/06 00:10:57 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/06 00:10:57 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/06 00:10:57 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/06 00:10:57 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/06 00:10:57 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/06 00:10:57 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/06 00:10:57 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/06 00:10:41 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/06 00:10:41 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/06 00:10:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/06 00:03:40 | 00,147,100 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/05 22:11:10 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\gibbebx.dat
[2009/05/05 22:10:14 | 00,001,024 | -H-- | C] () -- C:\diskfile1
[2009/05/05 22:10:13 | 00,016,384 | -H-- | C] () -- C:\logicinf.bin
[2009/05/05 21:53:01 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\dllgidoor.dat
[2009/04/28 19:05:04 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\gmer.exe
[2009/04/23 20:39:11 | 02,988,491 | R--- | C] () -- C:\Documents and Settings\David Wilson\Desktop\ComboFix.exe
[2009/04/22 18:53:37 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/22 18:53:35 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/22 18:53:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/22 18:52:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/22 18:52:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/22 18:52:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/22 18:52:40 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/22 18:52:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/22 18:52:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/22 18:52:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/22 18:52:40 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/22 18:52:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/20 19:43:08 | 00,000,000 | ---D | C] -- C:\rsit
[2009/04/19 18:34:48 | 00,360,021 | ---- | C] () -- C:\something.scr
[2009/04/18 14:49:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/18 14:49:17 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/18 14:49:07 | 00,000,523 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\NTREGOPT.lnk
[2009/04/18 14:49:05 | 00,000,504 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\ERUNT.lnk
[2009/04/18 14:49:00 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/18 10:10:52 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/18 10:09:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/18 00:21:42 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\Spybot - Search & Destroy.lnk
[2009/04/18 00:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/18 00:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/17 19:53:43 | 00,000,066 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/20 18:15:42 | 03,421,371 | ---- | C] () -- C:\WINDOWS\System32\gibbebx.dll
[2008/12/20 18:15:42 | 03,048,796 | ---- | C] () -- C:\WINDOWS\System32\dllgidoor.dll
[2008/10/11 13:52:43 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2008/10/11 13:52:43 | 00,077,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys
[2008/10/04 12:00:34 | 00,139,430 | ---- | C] () -- C:\WINDOWS\System32\urifil.dll
[2008/10/04 12:00:31 | 00,039,360 | ---- | C] () -- C:\WINDOWS\System32\bugreport.dll
[2008/05/22 18:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 18:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 18:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/08 09:37:39 | 00,000,782 | ---- | C] () -- C:\WINDOWS\System32\snetbonly.dll
[2007/10/21 19:14:25 | 00,334,174 | ---- | C] () -- C:\WINDOWS\sqlite3.dll
[2007/08/18 08:33:06 | 00,390,752 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\wlanCIG.sys
[2007/08/12 18:04:09 | 00,158,856 | ---- | C] () -- C:\WINDOWS\System32\pxyfil.dll
[2007/07/25 15:24:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/14 01:32:38 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/02/14 01:32:38 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/02/14 01:32:36 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/02/14 01:32:36 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/02/14 01:32:36 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/02/14 01:32:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/14 01:32:32 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/03 12:23:24 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/26 16:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/22 00:36:14 | 00,000,252 | ---- | C] () -- C:\WINDOWS\System32\SNet.dll
[2006/02/05 19:01:10 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/07/10 19:34:23 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/22 15:22:22 | 00,000,281 | ---- | C] () -- C:\WINDOWS\irremote.ini
[2005/05/22 15:21:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2005/05/22 15:21:24 | 00,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2005/05/22 14:48:36 | 00,002,586 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005/01/26 17:07:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/01/15 12:23:28 | 00,000,479 | ---- | C] () -- C:\WINDOWS\RAIDeUtility.ini
[2004/12/20 10:59:02 | 00,000,119 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2004/10/10 19:32:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/08/04 03:56:42 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/27 16:34:09 | 00,000,031 | ---- | C] () -- C:\WINDOWS\oupdate.INI
[2004/07/25 22:32:36 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/07/12 17:38:44 | 00,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2004/07/12 17:38:15 | 00,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2004/05/15 21:33:31 | 00,001,100 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2004/04/27 17:49:59 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2003/11/30 14:39:16 | 00,000,222 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2003/09/26 20:07:47 | 00,001,222 | ---- | C] () -- C:\WINDOWS\System32\usrfil.dll
[2003/06/11 18:32:46 | 00,001,842 | ---- | C] () -- C:\WINDOWS\System32\csnews.dll
[2003/03/01 08:08:20 | 00,000,348 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/12/10 13:13:32 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\GSnap.dll
[2002/12/10 13:13:32 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\atlcontrol.dll
[2002/12/10 13:13:32 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UninstGMT.dll
[2002/12/10 13:12:24 | 00,000,494 | ---- | C] () -- C:\WINDOWS\demo.INI
[2002/12/10 01:36:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\gbttk.dll
[2002/11/11 19:45:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\NetStat32.dll
[2002/09/25 21:48:36 | 00,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2002/09/25 21:48:36 | 00,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2002/08/15 07:32:26 | 00,022,618 | ---- | C] () -- C:\WINDOWS\System32\perfil.dll
[2002/08/15 07:32:26 | 00,017,672 | ---- | C] () -- C:\WINDOWS\System32\nvgamfil.dll
[2002/08/15 07:32:26 | 00,016,802 | ---- | C] () -- C:\WINDOWS\System32\popfil.dll
[2002/08/15 07:32:26 | 00,014,712 | ---- | C] () -- C:\WINDOWS\System32\tafil.dll
[2002/08/15 07:32:26 | 00,012,730 | ---- | C] () -- C:\WINDOWS\System32\psyfil.dll
[2002/08/15 07:32:26 | 00,012,266 | ---- | C] () -- C:\WINDOWS\System32\sporfil.dll
[2002/08/15 07:32:26 | 00,009,634 | ---- | C] () -- C:\WINDOWS\System32\pkmon.dll
[2002/08/15 07:32:26 | 00,006,830 | ---- | C] () -- C:\WINDOWS\System32\swfil.dll
[2002/08/15 07:32:26 | 00,006,050 | ---- | C] () -- C:\WINDOWS\System32\wrestfil.dll
[2002/08/15 07:32:26 | 00,002,246 | ---- | C] () -- C:\WINDOWS\System32\wzfil.dll
[2002/08/15 07:32:26 | 00,001,656 | ---- | C] () -- C:\WINDOWS\System32\tapfil.dll
[2002/08/15 07:32:26 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\mp3fil.dll
[2002/08/15 07:32:26 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\spmfil.dll
[2002/08/15 07:32:24 | 00,013,154 | ---- | C] () -- C:\WINDOWS\System32\finfil.dll
[2002/08/15 07:32:24 | 00,012,422 | ---- | C] () -- C:\WINDOWS\System32\entfil.dll
[2002/08/15 07:32:24 | 00,011,338 | ---- | C] () -- C:\WINDOWS\System32\fmfil.dll
[2002/08/15 07:32:24 | 00,009,796 | ---- | C] () -- C:\WINDOWS\System32\gnfil.dll
[2002/08/15 07:32:24 | 00,008,652 | ---- | C] () -- C:\WINDOWS\System32\jbfil.dll
[2002/08/15 07:32:24 | 00,007,778 | ---- | C] () -- C:\WINDOWS\System32\movfil.dll
[2002/08/15 07:32:24 | 00,007,642 | ---- | C] () -- C:\WINDOWS\System32\Auctfil.dll
[2002/08/15 07:32:24 | 00,001,816 | ---- | C] () -- C:\WINDOWS\System32\fshrfil.dll
[2002/08/13 23:28:02 | 00,094,996 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2002/08/13 23:28:02 | 00,013,034 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2002/08/13 23:28:02 | 00,010,862 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2002/08/13 23:28:02 | 00,005,880 | ---- | C] () -- C:\WINDOWS\System32\wfileu.drv
[2002/08/13 23:28:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2002/08/13 23:28:02 | 00,004,826 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2002/08/13 23:28:02 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2002/08/13 23:28:02 | 00,003,818 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2002/08/13 23:28:02 | 00,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2002/08/13 23:28:02 | 00,003,360 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2002/08/13 23:28:02 | 00,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2002/08/13 23:28:02 | 00,001,468 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2002/08/13 23:28:02 | 00,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2002/06/04 23:55:32 | 00,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2002/04/28 14:54:12 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2002/03/23 11:39:16 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2002/03/23 10:08:10 | 00,076,659 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/03/23 10:08:08 | 00,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2002/03/23 10:08:08 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2002/03/23 10:08:08 | 00,001,467 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/23 10:08:08 | 00,000,924 | ---- | C] () -- C:\WINDOWS\fauve.ini
[2002/03/23 10:08:08 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2002/03/23 10:08:08 | 00,000,677 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/03/23 10:08:08 | 00,000,509 | ---- | C] () -- C:\WINDOWS\FS.INI
[2002/03/23 10:08:08 | 00,000,470 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2002/03/23 10:08:08 | 00,000,459 | ---- | C] () -- C:\WINDOWS\YACHT-Z.INI
[2002/03/23 10:08:08 | 00,000,277 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/23 10:08:08 | 00,000,277 | ---- | C] () -- C:\WINDOWS\AATOOLS.INI
[2002/03/23 10:08:08 | 00,000,233 | ---- | C] () -- C:\WINDOWS\NETSCAPE.INI
[2002/03/23 10:08:08 | 00,000,226 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2002/03/23 10:08:08 | 00,000,221 | ---- | C] () -- C:\WINDOWS\emsoft.ini
[2002/03/23 10:08:08 | 00,000,199 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2002/03/23 10:08:08 | 00,000,192 | ---- | C] () -- C:\WINDOWS\mb.ini
[2002/03/23 10:08:08 | 00,000,152 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2002/03/23 10:08:08 | 00,000,149 | ---- | C] () -- C:\WINDOWS\XDCS_DO2.INI
[2002/03/23 10:08:08 | 00,000,144 | ---- | C] () -- C:\WINDOWS\INDEO.INI
[2002/03/23 10:08:08 | 00,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2002/03/23 10:08:08 | 00,000,122 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/03/23 10:08:08 | 00,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2002/03/23 10:08:08 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/03/23 10:08:08 | 00,000,095 | ---- | C] () -- C:\WINDOWS\icewin.INI
[2002/03/23 10:08:08 | 00,000,089 | ---- | C] () -- C:\WINDOWS\KingsC.ini
[2002/03/23 10:08:08 | 00,000,080 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2002/03/23 10:08:08 | 00,000,072 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2002/03/23 10:08:08 | 00,000,050 | ---- | C] () -- C:\WINDOWS\winfile.ini
[2002/03/23 10:08:08 | 00,000,042 | ---- | C] () -- C:\WINDOWS\CRISPY.INI
[2002/03/23 10:08:08 | 00,000,031 | ---- | C] () -- C:\WINDOWS\MSCHOMP.INI
[2002/03/23 10:08:08 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2002/03/23 10:08:08 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SYSCHECK.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RESMNGR.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCFRIEND.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hjbrowse.ini
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2002/03/23 10:08:06 | 00,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2002/03/23 10:08:06 | 00,008,405 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2002/03/23 10:08:06 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2002/03/23 10:08:06 | 00,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2002/03/23 10:08:06 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2002/03/23 10:08:06 | 00,000,180 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2002/03/23 10:08:06 | 00,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2002/03/23 10:08:06 | 00,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2002/03/23 10:08:06 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2002/03/23 10:08:06 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2002/03/23 09:51:34 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2002/03/23 09:51:32 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2001/12/27 23:55:26 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2001/12/27 23:55:26 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2001/12/17 07:22:30 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2001/12/17 07:22:28 | 00,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2001/08/26 15:08:16 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2001/08/23 12:00:04 | 00,003,166 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 12:00:04 | 00,000,638 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/05/06 23:59:46 | 00,149,504 | ---- | C] () -- C:\WINDOWS\unwise32.dll
[2001/01/29 00:43:42 | 00,161,792 | ---- | C] () -- C:\WINDOWS\System32\nfsspi.dll
[2001/01/29 00:00:58 | 00,002,048 | ---- | C] () -- C:\WINDOWS\MNMGM32.DLL
[2000/06/22 14:34:24 | 00,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2000/06/22 14:33:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\HcdDll32.dll
[2000/06/22 14:33:36 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\HWDll.dll
[2000/06/20 13:11:02 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\cdtool.dll
[2000/05/13 16:59:44 | 00,054,266 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2000/05/13 10:27:11 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2000/05/13 01:08:06 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\LTANN62N.DLL
[2000/05/13 01:08:06 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\LTIMG62N.DLL
[2000/05/13 01:08:06 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\Lftif62n.dll
[2000/05/13 01:08:06 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil62n.dll
[2000/05/13 01:08:06 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\LTWND62N.DLL
[2000/05/13 01:08:06 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2000/05/13 01:08:06 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\tvcntl32.dll
[2000/05/13 01:08:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\Lfpsd62n.dll
[2000/05/13 01:08:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lfwmf62n.dll
[2000/05/13 01:08:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lftga62n.dll
[2000/05/13 01:08:06 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwpg62n.dll
[2000/05/13 01:08:06 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfras62n.dll
[2000/05/13 01:08:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\Lfwfx62n.dll
[2000/05/13 01:08:05 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\Lffax62n.dll
[2000/05/13 01:08:05 | 00,158,720 | ---- | C] () -- C:\WINDOWS\System32\Lfcmp62n.dll
[2000/05/13 01:08:05 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng62n.dll
[2000/05/13 01:08:05 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\Lflma62n.dll
[2000/05/13 01:08:05 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\Lfica62n.dll
[2000/05/13 01:08:05 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lfpcx62n.dll
[2000/05/13 01:08:05 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lflmb62n.dll
[2000/05/13 01:08:05 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfeps62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfpct62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfgif62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfbmp62n.dll
[2000/05/13 01:08:05 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\Lfimg62n.dll
[2000/05/13 01:08:05 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfmsp62n.dll
[2000/05/13 01:08:05 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfmac62n.dll
[2000/05/13 01:08:05 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfcal62n.dll
[2000/05/13 01:08:05 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\Lfpcd62n.dll
[2000/05/13 01:08:00 | 00,162,816 | ---- | C] () -- C:\WINDOWS\System32\ccmpeg.dll
[1999/09/20 10:05:32 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/03/18 02:57:02 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\ThmUninst.dll
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 00,129,080 | ---- | C] () -- C:\WINDOWS\Logow.sys.bak
[1980/01/01 00:00:00 | 00,129,078 | ---- | C] () -- C:\WINDOWS\Logos.sys.bak
[1980/01/01 00:00:00 | 00,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/05/17 22:54:58 | 00,421,976 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 22:54:58 | 00,343,762 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 22:54:58 | 00,069,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 22:51:56 | 00,003,166 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/17 22:51:56 | 00,000,638 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/17 22:51:56 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/17 22:51:22 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/17 22:51:06 | 00,012,208 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 22:51:04 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\David Wilson\Local Settings\desktop.ini
[2009/05/17 22:50:54 | 00,016,384 | -H-- | M] () -- C:\logicinf.bin
[2009/05/17 22:50:54 | 00,001,024 | -H-- | M] () -- C:\diskfile1
[2009/05/17 22:50:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 22:50:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 22:50:34 | 16,101,45792 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/17 22:50:34 | 03,579,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/17 22:44:42 | 00,001,514 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/17 22:43:08 | 00,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/17 22:29:02 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
[2009/05/17 21:58:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/16 08:20:16 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe
[2009/05/16 08:09:34 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/16 08:06:42 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/16 08:06:42 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/16 07:53:46 | 00,222,368 | ---- | M] () -- C:\ntldr
[2009/05/14 22:38:54 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\Spybot - Search & Destroy.lnk
[2009/05/14 22:24:26 | 02,988,491 | R--- | M] () -- C:\Documents and Settings\David Wilson\Desktop\ComboFix.exe
[2009/05/14 17:50:10 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/08 11:01:14 | 00,000,000 | --S- | M] () -- C:\WINDOWS\System32\148114617.dat
[2009/05/07 23:33:16 | 16,100,76160 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/05/07 22:28:26 | 01,080,054 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\Aquarium 1.bmp
[2009/05/07 22:24:14 | 01,080,056 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\bach.bmp
[2009/05/06 18:41:06 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\dds.scr
[2009/05/06 00:11:00 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 00:10:58 | 00,003,021 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/06 00:03:42 | 00,147,100 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/05 22:16:22 | 00,390,777 | ---- | M] () -- C:\WINDOWS\csfilts.cab
[2009/05/05 22:11:12 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\gibbebx.dat
[2009/05/05 21:54:18 | 00,000,039 | ---- | M] () -- C:\WINDOWS\liccyval.dat
[2009/05/05 21:53:02 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\dllgidoor.dat
[2009/04/28 19:05:04 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\gmer.exe
[2009/04/22 19:05:44 | 00,001,222 | ---- | M] () -- C:\WINDOWS\System32\usrfil.dll
[2009/04/22 19:04:10 | 00,005,880 | ---- | M] () -- C:\WINDOWS\System32\wfileu.drv
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/19 18:29:52 | 00,360,021 | ---- | M] () -- C:\something.scr
[2009/04/18 21:23:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/18 14:49:18 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/18 14:49:08 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\NTREGOPT.lnk
[2009/04/18 14:49:06 | 00,000,504 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\ERUNT.lnk
[2009/04/18 10:10:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
< End of report >

proskoma · May 18, 2009

One more note: as an experiment I tried using the command line interface to delete the iexplore.exe files. I deleted iedw.exe & iexplore.exe after force quitting the iexplore.exe process in the task manager. Seconds later the instance of IEXPLORE.exe was back in the task manager processes and both .exe files were back in the c:\Program Files\Internet Explorer directory.

Blade81 · May 18, 2009

Hi

First of all, c:\Program Files\Internet Explorer folder is legit folder for IE.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cust...ch/search.html
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} http://www.cybersitter.com/recovery/...swordReset.ocx (PWReset Control)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\gibbebx.dll ()

:Files
C:\WINDOWS\System32\148114617.dat
C:\WINDOWS\System32\gibbebx.dat
C:\WINDOWS\System32\dllgidoor.dat
C:\WINDOWS\System32\gibbebx.dll
C:\WINDOWS\System32\dllgidoor.dll
C:\WINDOWS\System32\urifil.dll
C:\WINDOWS\System32\bugreport.dll
C:\WINDOWS\System32\snetbonly.dll
C:\WINDOWS\System32\pxyfil.dll
C:\WINDOWS\System32\hcwXDS.dll
C:\WINDOWS\csfilts.cab
C:\WINDOWS\liccyval.dat
C:\WINDOWS\System32\usrfil.dll
C:\WINDOWS\System32\wfileu.drv
:Commands
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log

To generate a HijackThis Startup list:

1. Open HijackThis by double-clicking the desktop shortcut or HijackThis.exe
2. Click on Open the Misc Tools Section
3. Make sure that both boxes to the right of
Generate StartupList Log
are checked:

* List also minor sections (Full)
* List empty sections (Complete)

4. Click Generate StartupListLog
5. Click Yes at the prompt.
6. A Notepad window will open with the contents of the HijackThis Startup list displayed

Let Malwarebytes' Anti-Malware update itself and then run a full scan with it. Post back its report among other reports listed above.

proskoma · May 19, 2009

OTListIt2 Log generated as Result of Run Fix

========== OTLISTIT ==========
Process explorer.exe killed successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Starting removal of ActiveX control {5197842F-0557-48AE-9552-7594F7C98F04}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5197842F-0557-48AE-9552-7594F7C98F04}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5197842F-0557-48AE-9552-7594F7C98F04}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5197842F-0557-48AE-9552-7594F7C98F04}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5197842F-0557-48AE-9552-7594F7C98F04}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5197842F-0557-48AE-9552-7594F7C98F04}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gibbebx.dll
C:\WINDOWS\system32\gibbebx.dll NOT unregistered.
C:\WINDOWS\system32\gibbebx.dll moved successfully.
========== FILES ==========
C:\WINDOWS\System32\148114617.dat moved successfully.
C:\WINDOWS\System32\gibbebx.dat moved successfully.
C:\WINDOWS\System32\dllgidoor.dat moved successfully.
File\Folder C:\WINDOWS\System32\gibbebx.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dllgidoor.dll
C:\WINDOWS\System32\dllgidoor.dll NOT unregistered.
C:\WINDOWS\System32\dllgidoor.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\urifil.dll
C:\WINDOWS\System32\urifil.dll NOT unregistered.
C:\WINDOWS\System32\urifil.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\bugreport.dll
C:\WINDOWS\System32\bugreport.dll NOT unregistered.
C:\WINDOWS\System32\bugreport.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\snetbonly.dll
C:\WINDOWS\System32\snetbonly.dll NOT unregistered.
C:\WINDOWS\System32\snetbonly.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\pxyfil.dll
C:\WINDOWS\System32\pxyfil.dll NOT unregistered.
C:\WINDOWS\System32\pxyfil.dll moved successfully.
C:\WINDOWS\System32\hcwXDS.dll unregistered successfully.
C:\WINDOWS\System32\hcwXDS.dll moved successfully.
C:\WINDOWS\csfilts.cab moved successfully.
C:\WINDOWS\liccyval.dat moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\usrfil.dll
C:\WINDOWS\System32\usrfil.dll NOT unregistered.
C:\WINDOWS\System32\usrfil.dll moved successfully.
C:\WINDOWS\System32\wfileu.drv moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\David Wilson\Local Settings\Temp\~DF9977.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Wilson\Local Settings\Temp\~DF9997.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\regkern.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrt63sec.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_514.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_20c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_758.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05192009_075752

Files moved on Reboot...
File C:\Documents and Settings\David Wilson\Local Settings\Temp\~DF9977.tmp not found!
File C:\Documents and Settings\David Wilson\Local Settings\Temp\~DF9997.tmp not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File move failed. C:\WINDOWS\temp\regkern.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\wrt63sec.log scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_514.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_20c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_758.dat not found!

Registry entries deleted on Reboot...

proskoma · May 19, 2009

Log Generated By OTListIT2 - Run Fix

========== OTLISTIT ==========
Process explorer.exe killed successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Starting removal of ActiveX control {5197842F-0557-48AE-9552-7594F7C98F04}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5197842F-0557-48AE-9552-7594F7C98F04}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5197842F-0557-48AE-9552-7594F7C98F04}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5197842F-0557-48AE-9552-7594F7C98F04}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5197842F-0557-48AE-9552-7594F7C98F04}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5197842F-0557-48AE-9552-7594F7C98F04}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gibbebx.dll
C:\WINDOWS\system32\gibbebx.dll NOT unregistered.
C:\WINDOWS\system32\gibbebx.dll moved successfully.
========== FILES ==========
C:\WINDOWS\System32\148114617.dat moved successfully.
C:\WINDOWS\System32\gibbebx.dat moved successfully.
C:\WINDOWS\System32\dllgidoor.dat moved successfully.
File\Folder C:\WINDOWS\System32\gibbebx.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dllgidoor.dll
C:\WINDOWS\System32\dllgidoor.dll NOT unregistered.
C:\WINDOWS\System32\dllgidoor.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\urifil.dll
C:\WINDOWS\System32\urifil.dll NOT unregistered.
C:\WINDOWS\System32\urifil.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\bugreport.dll
C:\WINDOWS\System32\bugreport.dll NOT unregistered.
C:\WINDOWS\System32\bugreport.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\snetbonly.dll
C:\WINDOWS\System32\snetbonly.dll NOT unregistered.
C:\WINDOWS\System32\snetbonly.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\pxyfil.dll
C:\WINDOWS\System32\pxyfil.dll NOT unregistered.
C:\WINDOWS\System32\pxyfil.dll moved successfully.
C:\WINDOWS\System32\hcwXDS.dll unregistered successfully.
C:\WINDOWS\System32\hcwXDS.dll moved successfully.
C:\WINDOWS\csfilts.cab moved successfully.
C:\WINDOWS\liccyval.dat moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\usrfil.dll
C:\WINDOWS\System32\usrfil.dll NOT unregistered.
C:\WINDOWS\System32\usrfil.dll moved successfully.
C:\WINDOWS\System32\wfileu.drv moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\David Wilson\Local Settings\Temp\~DF9977.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Wilson\Local Settings\Temp\~DF9997.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\regkern.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrt63sec.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_514.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_20c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_758.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05192009_075752

Files moved on Reboot...
File C:\Documents and Settings\David Wilson\Local Settings\Temp\~DF9977.tmp not found!
File C:\Documents and Settings\David Wilson\Local Settings\Temp\~DF9997.tmp not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File move failed. C:\WINDOWS\temp\regkern.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\wrt63sec.log scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_514.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_20c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_758.dat not found!

Registry entries deleted on Reboot...

proskoma · May 19, 2009

OTListIt.TXT PT 1 - 5.19.09

OTListIt logfile created on: 5/19/2009 8:03:55 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\David Wilson\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 68.07% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.82 Gb Total Space | 30.61 Gb Free Space | 27.87% Space Free | Partition Type: FAT32
Drive D: | 8.09 Gb Total Space | 6.72 Gb Free Space | 83.06% Space Free | Partition Type: FAT32
Drive E: | 55.88 Gb Total Space | 30.61 Gb Free Space | 54.78% Space Free | Partition Type: FAT32
Drive F: | 39.21 Gb Total Space | 25.50 Gb Free Space | 65.05% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVEHOME
Current User Name: David Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/06/13 06:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2000/11/15 18:53:04 | 00,237,568 | ---- | M] (Promise Technology Inc.) -- C:\Program Files\Promise\FastTrak\FtrakSvc.exe
PRC - [2008/06/17 16:16:32 | 00,176,128 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
PRC - [2003/12/17 15:51:44 | 00,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
PRC - [2002/01/14 07:49:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2009/05/05 22:38:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/02/22 16:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/17 16:56:16 | 00,207,936 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
PRC - [2007/02/14 01:32:36 | 00,159,811 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/06/17 16:23:48 | 00,093,248 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
PRC - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2006/11/20 03:42:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2002/01/24 16:10:40 | 00,126,976 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
PRC - [2004/04/13 19:45:30 | 00,290,905 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.EXE
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2002/08/20 10:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2009/05/05 22:38:38 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/05 16:08:46 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2004/08/04 03:56:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2004/04/13 20:47:56 | 00,335,979 | ---- | M] (2Wire Inc.) -- C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
PRC - [2002/10/22 06:50:00 | 00,204,800 | ---- | M] (MJMSoft Design Limited) -- C:\Program Files\TrayDay\TrayDay.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/24 02:00:58 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/16 08:20:16 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2000/11/30 14:30:40 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/06/17 16:16:36 | 00,098,304 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe -- (Backup Scheduler [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2000/11/15 18:53:04 | 00,237,568 | ---- | M] (Promise Technology Inc.) -- C:\Program Files\Promise\FastTrak\FtrakSvc.exe -- (FastTrakSvc [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
SRV - [2003/12/17 15:51:44 | 00,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService [Auto | Running])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found -- -- (idsvcSPTISRV [Auto | Stopped])
SRV - File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])
SRV - [2002/01/14 07:49:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Auto | Running])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/04 03:56:42 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iprip.dll -- (Iprip [Auto | Running])
SRV - [2009/05/05 22:38:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/02/22 16:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/06/17 16:56:16 | 00,207,936 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe -- (NsService [Auto | Running])
SRV - [2007/02/14 01:32:36 | 00,159,811 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/01/30 15:19:20 | 00,065,625 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2008/06/17 16:23:48 | 00,093,248 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe -- (Real time Backup Loader [Auto | Running])
SRV - [2001/08/23 12:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2006/11/20 03:42:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2004/01/30 15:16:06 | 00,065,622 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2008/07/15 17:38:32 | 00,394,608 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2002/01/24 16:10:40 | 00,126,976 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_ [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 02:00:04 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\4mmdat.sys -- (4mmdat [On_Demand | Running])
DRV - [2009/02/05 16:05:12 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2004/08/04 02:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2000/06/27 14:39:16 | 00,022,994 | ---- | M] (AMD Corporation) -- C:\WINDOWS\System32\DRIVERS\amdagp10.sys -- (amdagp10 [Boot | Running])
DRV - [2002/08/29 00:59:12 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\System32\DRIVERS\AN983.sys -- (AN983 [On_Demand | Running])
DRV - [2007/02/06 15:01:48 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [System | Running])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:24 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2001/08/17 12:48:52 | 00,281,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys -- (ati2mpaa [On_Demand | Stopped])
DRV - [2001/09/26 23:32:38 | 00,285,088 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys -- (ati2mtaa [On_Demand | Stopped])
DRV - [2004/08/04 01:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys -- (atinrvxx [On_Demand | Stopped])
DRV - [2001/08/17 12:49:12 | 00,049,920 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atirtcap.sys -- (ATIVRVXX [On_Demand | Stopped])
DRV - [2006/05/04 02:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped])
DRV - [2006/05/04 02:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped])
DRV - [2004/04/13 15:37:56 | 00,285,824 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2002/07/19 08:10:20 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup [System | Running])
DRV - [2008/06/17 16:16:46 | 00,155,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk [System | Running])
DRV - [2008/06/17 16:16:46 | 00,077,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap [Boot | Running])
DRV - [2003/03/30 12:19:20 | 00,006,494 | ---- | M] (Mitsubishi Electric , NEC-Mitsubishi Electric Visual Systems) -- C:\WINDOWS\System32\DRIVERS\Moni2c.sys -- (DDCCI [On_Demand | Stopped])
DRV - [2004/04/15 22:57:26 | 00,140,416 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
DRV - [2004/04/13 15:37:30 | 00,023,680 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2002/06/03 11:18:32 | 00,040,832 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371 [On_Demand | Running])
DRV - [2002/05/23 11:28:56 | 00,070,656 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\fasttrak.sys -- (fasttrak [Boot | Running])
DRV - [2004/08/04 02:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/12/17 15:41:38 | 00,005,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys -- (GhPciScan [System | Running])
DRV - [2007/02/06 13:27:04 | 00,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2004/09/22 09:01:20 | 00,814,464 | R--- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys -- (hcwPVRP2 [On_Demand | Stopped])
DRV - [2002/01/14 07:49:38 | 00,033,602 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk [Boot | Running])
DRV - [2001/09/19 06:11:00 | 00,050,432 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys -- (l8042pr2 [On_Demand | Stopped])
DRV - [2001/09/19 06:11:00 | 00,022,064 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys -- (LHidFlt2 [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,037,822 | ---- | M] (Logitech) -- C:\WINDOWS\system32\drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,005,840 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2 [On_Demand | Running])
DRV - [2001/09/19 06:11:00 | 00,067,440 | ---- | M] (Logitech) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2004/04/13 19:20:08 | 00,015,781 | R--- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2004/04/13 15:29:22 | 00,023,680 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2004/08/04 01:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys -- (MVDCODEC [Auto | Stopped])
DRV - [2007/02/14 01:32:32 | 03,983,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/04/16 14:21:30 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/04/13 15:23:58 | 00,117,248 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
DRV - [2008/05/22 18:22:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/10/07 16:42:14 | 00,038,468 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Stopped])
DRV - [2004/04/15 22:53:40 | 00,198,528 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2004/05/16 20:46:18 | 00,390,752 | R--- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\wlanCIG.sys -- (wlanCIG [On_Demand | Running])
DRV - [2004/03/01 14:57:04 | 00,010,368 | ---- | M] (Streamzap, Inc.) -- C:\WINDOWS\system32\drivers\zremote.sys -- (zremote [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.yahoo.com/index.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/index.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ams-server*

IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/05 22:38:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2005/04/27 22:53:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2005/04/27 22:53:26 | 00,000,000 | ---D | M]

[2009/05/17 22:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Wilson\Application Data\mozilla\Extensions
[2009/05/17 22:44:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Wilson\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2005/04/30 10:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Wilson\Application Data\mozilla\Firefox\Profiles\5nzx41m4.default\extensions
[2005/04/27 22:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2005/04/27 22:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/05/05 22:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/05 22:38:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 02:01:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 02:01:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 11:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 14:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 11:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 05:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 15:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 00:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 14:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 11:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {81CA3009-6200-4A6D-93C6-F1E9A6821C7F} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY (Conexant Systems, Inc.)
O4 - HKLM..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" (Safer Networking Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004..\Run: [LDM] \Program\BackWeb-8876480.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe (2Wire Inc.)
O4 - Startup: C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe (MJMSoft Design Limited)
O4 - Startup: C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O8 - Extra context menu item: Download with GetRight - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Open with GetRight Browser - Reg Error: Value error. File not found
O9 - Extra Button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - File not found
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - File not found
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-1580436667-1708537768-1004\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxmsdec.CAB (Reg Error: Key error.)
O16 - DPF: {00000160-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://gulllake.gospelcom.net/unsecure/other_media/views/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} http://www.live365.com/players/p365vip.cab (Live365PlayerVIP Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab (Microsoft.WinRep)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab (Install Class)
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} http://entimg.msn.com/client/msnediag3518.cab (MsneDiag Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab (YbUploadFavsCtl Class)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} http://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.8121527778 (Reg Error: Key error.)
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab (Autodesk DWF Viewer Control)
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab (WebResponseAttachments Control)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab (Live365Player Class)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate.microsoft.com/R848/V31Controls/x86/w98/en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (iTunesDetector Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3518.cab (MsnMusicAx Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Checkers http://download.games.yahoo.com/games/clients/y/kt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chess http://download.yahoo.com/games/clients/y/cr1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Hearts http://download.yahoo.com/games/clients/y/hr1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.yahoo.com/games/clients/y/por9_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\andpripas.dll ()
O24 - Desktop Components:0 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/23 09:33:06 | 00,000,099 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2001/11/04 15:42:42 | 00,000,095 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2001/11/05 23:02:34 | 00,000,095 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell - "" = AutoRun
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2002/03/23 10:06:56 | 00,000,000 | ---D | M]

proskoma · May 19, 2009

OTListIt.TXT PT 2 - 5.19.09

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/05/19 07:58:19 | 00,002,709 | ---- | C] () -- C:\WINDOWS\System32\andpripas.dat
[2009/05/19 07:57:52 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/17 22:44:40 | 00,001,514 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/17 22:43:07 | 00,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/16 08:20:17 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe
[2009/05/16 08:09:32 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/16 08:05:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/13 07:50:42 | 00,000,000 | -HSD | C] -- C:\FOUND.043
[2009/05/07 23:33:17 | 16,101,45792 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/07 22:28:26 | 01,080,054 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\Aquarium 1.bmp
[2009/05/07 22:24:10 | 01,080,056 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\bach.bmp
[2009/05/07 22:11:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Money Plus
[2009/05/06 18:41:05 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\dds.scr
[2009/05/06 00:10:58 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 00:10:57 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/06 00:10:57 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/06 00:10:57 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/06 00:10:57 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/06 00:10:57 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/06 00:10:57 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/06 00:10:57 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/06 00:10:57 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/06 00:10:41 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/06 00:10:41 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/06 00:10:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/06 00:03:40 | 00,147,100 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/05 22:10:14 | 00,001,024 | -H-- | C] () -- C:\diskfile1
[2009/05/05 22:10:13 | 00,016,384 | -H-- | C] () -- C:\logicinf.bin
[2009/04/28 19:05:04 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\David Wilson\Desktop\gmer.exe
[2009/04/23 20:39:11 | 02,988,491 | R--- | C] () -- C:\Documents and Settings\David Wilson\Desktop\ComboFix.exe
[2009/04/22 18:53:37 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/22 18:53:35 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/22 18:53:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/22 18:52:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/22 18:52:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/22 18:52:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/22 18:52:40 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/22 18:52:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/22 18:52:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/22 18:52:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/22 18:52:40 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/22 18:52:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/20 19:43:08 | 00,000,000 | ---D | C] -- C:\rsit
[2009/04/19 18:34:48 | 00,360,021 | ---- | C] () -- C:\something.scr
[2009/04/17 19:53:43 | 00,000,066 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/11 13:52:43 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2008/10/11 13:52:43 | 00,077,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys
[2008/05/22 18:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 18:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 18:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/21 19:14:25 | 00,334,174 | ---- | C] () -- C:\WINDOWS\sqlite3.dll
[2007/08/18 08:33:06 | 00,390,752 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\wlanCIG.sys
[2007/07/25 15:24:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/14 01:32:38 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/02/14 01:32:38 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/02/14 01:32:36 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/02/14 01:32:36 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/02/14 01:32:36 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/02/14 01:32:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/14 01:32:32 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/03 12:23:24 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/06/23 07:02:52 | 05,087,560 | ---- | C] () -- C:\WINDOWS\System32\andpripas.dll
[2006/02/26 16:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/22 00:36:14 | 00,000,252 | ---- | C] () -- C:\WINDOWS\System32\SNet.dll
[2005/07/10 19:34:23 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/22 15:22:22 | 00,000,281 | ---- | C] () -- C:\WINDOWS\irremote.ini
[2005/05/22 15:21:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2005/05/22 15:21:24 | 00,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2005/05/22 14:48:36 | 00,002,586 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005/01/26 17:07:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/01/15 12:23:28 | 00,000,479 | ---- | C] () -- C:\WINDOWS\RAIDeUtility.ini
[2004/12/20 10:59:02 | 00,000,119 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2004/10/10 19:32:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/08/04 03:56:42 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/27 16:34:09 | 00,000,031 | ---- | C] () -- C:\WINDOWS\oupdate.INI
[2004/07/25 22:32:36 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/07/12 17:38:44 | 00,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2004/07/12 17:38:15 | 00,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2004/05/15 21:33:31 | 00,001,100 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2004/04/27 17:49:59 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2003/11/30 14:39:16 | 00,000,222 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2003/06/11 18:32:46 | 00,001,842 | ---- | C] () -- C:\WINDOWS\System32\csnews.dll
[2003/03/01 08:08:20 | 00,000,348 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/12/10 13:13:32 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\GSnap.dll
[2002/12/10 13:13:32 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\atlcontrol.dll
[2002/12/10 13:13:32 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UninstGMT.dll
[2002/12/10 13:12:24 | 00,000,494 | ---- | C] () -- C:\WINDOWS\demo.INI
[2002/12/10 01:36:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\gbttk.dll
[2002/11/11 19:45:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\NetStat32.dll
[2002/09/25 21:48:36 | 00,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2002/09/25 21:48:36 | 00,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2002/08/15 07:32:26 | 00,022,618 | ---- | C] () -- C:\WINDOWS\System32\perfil.dll
[2002/08/15 07:32:26 | 00,017,672 | ---- | C] () -- C:\WINDOWS\System32\nvgamfil.dll
[2002/08/15 07:32:26 | 00,016,802 | ---- | C] () -- C:\WINDOWS\System32\popfil.dll
[2002/08/15 07:32:26 | 00,014,712 | ---- | C] () -- C:\WINDOWS\System32\tafil.dll
[2002/08/15 07:32:26 | 00,012,730 | ---- | C] () -- C:\WINDOWS\System32\psyfil.dll
[2002/08/15 07:32:26 | 00,012,266 | ---- | C] () -- C:\WINDOWS\System32\sporfil.dll
[2002/08/15 07:32:26 | 00,009,634 | ---- | C] () -- C:\WINDOWS\System32\pkmon.dll
[2002/08/15 07:32:26 | 00,006,830 | ---- | C] () -- C:\WINDOWS\System32\swfil.dll
[2002/08/15 07:32:26 | 00,006,050 | ---- | C] () -- C:\WINDOWS\System32\wrestfil.dll
[2002/08/15 07:32:26 | 00,002,246 | ---- | C] () -- C:\WINDOWS\System32\wzfil.dll
[2002/08/15 07:32:26 | 00,001,656 | ---- | C] () -- C:\WINDOWS\System32\tapfil.dll
[2002/08/15 07:32:26 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\mp3fil.dll
[2002/08/15 07:32:26 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\spmfil.dll
[2002/08/15 07:32:24 | 00,013,154 | ---- | C] () -- C:\WINDOWS\System32\finfil.dll
[2002/08/15 07:32:24 | 00,012,422 | ---- | C] () -- C:\WINDOWS\System32\entfil.dll
[2002/08/15 07:32:24 | 00,011,338 | ---- | C] () -- C:\WINDOWS\System32\fmfil.dll
[2002/08/15 07:32:24 | 00,009,796 | ---- | C] () -- C:\WINDOWS\System32\gnfil.dll
[2002/08/15 07:32:24 | 00,008,652 | ---- | C] () -- C:\WINDOWS\System32\jbfil.dll
[2002/08/15 07:32:24 | 00,007,778 | ---- | C] () -- C:\WINDOWS\System32\movfil.dll
[2002/08/15 07:32:24 | 00,007,642 | ---- | C] () -- C:\WINDOWS\System32\Auctfil.dll
[2002/08/15 07:32:24 | 00,001,816 | ---- | C] () -- C:\WINDOWS\System32\fshrfil.dll
[2002/08/13 23:28:02 | 00,094,996 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2002/08/13 23:28:02 | 00,013,034 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2002/08/13 23:28:02 | 00,010,862 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2002/08/13 23:28:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2002/08/13 23:28:02 | 00,004,826 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2002/08/13 23:28:02 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2002/08/13 23:28:02 | 00,003,818 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2002/08/13 23:28:02 | 00,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2002/08/13 23:28:02 | 00,003,360 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2002/08/13 23:28:02 | 00,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2002/08/13 23:28:02 | 00,001,468 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2002/08/13 23:28:02 | 00,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2002/06/04 23:55:32 | 00,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2002/04/28 14:54:12 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2002/03/23 11:39:16 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2002/03/23 10:08:10 | 00,076,659 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/03/23 10:08:08 | 00,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2002/03/23 10:08:08 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2002/03/23 10:08:08 | 00,001,467 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/23 10:08:08 | 00,000,924 | ---- | C] () -- C:\WINDOWS\fauve.ini
[2002/03/23 10:08:08 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2002/03/23 10:08:08 | 00,000,677 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/03/23 10:08:08 | 00,000,509 | ---- | C] () -- C:\WINDOWS\FS.INI
[2002/03/23 10:08:08 | 00,000,470 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2002/03/23 10:08:08 | 00,000,459 | ---- | C] () -- C:\WINDOWS\YACHT-Z.INI
[2002/03/23 10:08:08 | 00,000,277 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/23 10:08:08 | 00,000,277 | ---- | C] () -- C:\WINDOWS\AATOOLS.INI
[2002/03/23 10:08:08 | 00,000,233 | ---- | C] () -- C:\WINDOWS\NETSCAPE.INI
[2002/03/23 10:08:08 | 00,000,226 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2002/03/23 10:08:08 | 00,000,221 | ---- | C] () -- C:\WINDOWS\emsoft.ini
[2002/03/23 10:08:08 | 00,000,199 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2002/03/23 10:08:08 | 00,000,192 | ---- | C] () -- C:\WINDOWS\mb.ini
[2002/03/23 10:08:08 | 00,000,152 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2002/03/23 10:08:08 | 00,000,149 | ---- | C] () -- C:\WINDOWS\XDCS_DO2.INI
[2002/03/23 10:08:08 | 00,000,144 | ---- | C] () -- C:\WINDOWS\INDEO.INI
[2002/03/23 10:08:08 | 00,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2002/03/23 10:08:08 | 00,000,122 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/03/23 10:08:08 | 00,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2002/03/23 10:08:08 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/03/23 10:08:08 | 00,000,095 | ---- | C] () -- C:\WINDOWS\icewin.INI
[2002/03/23 10:08:08 | 00,000,089 | ---- | C] () -- C:\WINDOWS\KingsC.ini
[2002/03/23 10:08:08 | 00,000,080 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2002/03/23 10:08:08 | 00,000,072 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2002/03/23 10:08:08 | 00,000,050 | ---- | C] () -- C:\WINDOWS\winfile.ini
[2002/03/23 10:08:08 | 00,000,042 | ---- | C] () -- C:\WINDOWS\CRISPY.INI
[2002/03/23 10:08:08 | 00,000,031 | ---- | C] () -- C:\WINDOWS\MSCHOMP.INI
[2002/03/23 10:08:08 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2002/03/23 10:08:08 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SYSCHECK.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RESMNGR.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCFRIEND.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hjbrowse.ini
[2002/03/23 10:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2002/03/23 10:08:06 | 00,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2002/03/23 10:08:06 | 00,008,405 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2002/03/23 10:08:06 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2002/03/23 10:08:06 | 00,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2002/03/23 10:08:06 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2002/03/23 10:08:06 | 00,000,180 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2002/03/23 10:08:06 | 00,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2002/03/23 10:08:06 | 00,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2002/03/23 10:08:06 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2002/03/23 10:08:06 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2002/03/23 09:51:34 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2002/03/23 09:51:32 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2001/12/27 23:55:26 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2001/12/27 23:55:26 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2001/12/17 07:22:30 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2001/12/17 07:22:28 | 00,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2001/08/26 15:08:16 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2001/08/23 12:00:04 | 00,003,166 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 12:00:04 | 00,000,638 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/05/06 23:59:46 | 00,149,504 | ---- | C] () -- C:\WINDOWS\unwise32.dll
[2001/01/29 00:43:42 | 00,161,792 | ---- | C] () -- C:\WINDOWS\System32\nfsspi.dll
[2001/01/29 00:00:58 | 00,002,048 | ---- | C] () -- C:\WINDOWS\MNMGM32.DLL
[2000/06/22 14:34:24 | 00,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2000/06/22 14:33:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\HcdDll32.dll
[2000/06/22 14:33:36 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\HWDll.dll
[2000/06/20 13:11:02 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\cdtool.dll
[2000/05/13 16:59:44 | 00,054,266 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2000/05/13 10:27:11 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2000/05/13 01:08:06 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\LTANN62N.DLL
[2000/05/13 01:08:06 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\LTIMG62N.DLL
[2000/05/13 01:08:06 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\Lftif62n.dll
[2000/05/13 01:08:06 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil62n.dll
[2000/05/13 01:08:06 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\LTWND62N.DLL
[2000/05/13 01:08:06 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2000/05/13 01:08:06 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\tvcntl32.dll
[2000/05/13 01:08:06 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\Lfpsd62n.dll
[2000/05/13 01:08:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lfwmf62n.dll
[2000/05/13 01:08:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lftga62n.dll
[2000/05/13 01:08:06 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwpg62n.dll
[2000/05/13 01:08:06 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfras62n.dll
[2000/05/13 01:08:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\Lfwfx62n.dll
[2000/05/13 01:08:05 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\Lffax62n.dll
[2000/05/13 01:08:05 | 00,158,720 | ---- | C] () -- C:\WINDOWS\System32\Lfcmp62n.dll
[2000/05/13 01:08:05 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng62n.dll
[2000/05/13 01:08:05 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\Lflma62n.dll
[2000/05/13 01:08:05 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\Lfica62n.dll
[2000/05/13 01:08:05 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lfpcx62n.dll
[2000/05/13 01:08:05 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lflmb62n.dll
[2000/05/13 01:08:05 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfeps62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfpct62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfgif62n.dll
[2000/05/13 01:08:05 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfbmp62n.dll
[2000/05/13 01:08:05 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\Lfimg62n.dll
[2000/05/13 01:08:05 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfmsp62n.dll
[2000/05/13 01:08:05 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfmac62n.dll
[2000/05/13 01:08:05 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfcal62n.dll
[2000/05/13 01:08:05 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\Lfpcd62n.dll
[2000/05/13 01:08:00 | 00,162,816 | ---- | C] () -- C:\WINDOWS\System32\ccmpeg.dll
[1999/09/20 10:05:32 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/03/18 02:57:02 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\ThmUninst.dll
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 00,129,080 | ---- | C] () -- C:\WINDOWS\Logow.sys.bak
[1980/01/01 00:00:00 | 00,129,078 | ---- | C] () -- C:\WINDOWS\Logos.sys.bak
[1980/01/01 00:00:00 | 00,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/05/19 08:04:50 | 00,421,976 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/19 08:04:50 | 00,343,762 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/19 08:04:50 | 00,069,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/19 08:00:54 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/19 08:00:46 | 00,016,384 | -H-- | M] () -- C:\logicinf.bin
[2009/05/19 08:00:46 | 00,001,024 | -H-- | M] () -- C:\diskfile1
[2009/05/19 08:00:40 | 00,012,208 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/19 08:00:38 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\David Wilson\Local Settings\desktop.ini
[2009/05/19 08:00:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/19 08:00:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/19 08:00:26 | 16,101,45792 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/19 07:59:02 | 00,002,709 | ---- | M] () -- C:\WINDOWS\System32\andpripas.dat
[2009/05/19 07:56:08 | 00,003,166 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/19 07:56:08 | 00,000,638 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/19 07:56:08 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/17 23:29:02 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
[2009/05/17 22:50:34 | 03,579,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/17 22:44:42 | 00,001,514 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/17 22:43:08 | 00,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/17 21:58:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/16 08:20:16 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Wilson\Desktop\OTListIt2.exe
[2009/05/16 08:09:34 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/16 08:06:42 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/16 08:06:42 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/16 07:53:46 | 00,222,368 | ---- | M] () -- C:\ntldr
[2009/05/14 22:38:54 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\Spybot - Search & Destroy.lnk
[2009/05/14 22:24:26 | 02,988,491 | R--- | M] () -- C:\Documents and Settings\David Wilson\Desktop\ComboFix.exe
[2009/05/14 17:50:10 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/07 23:33:16 | 16,100,76160 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/05/07 22:28:26 | 01,080,054 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\Aquarium 1.bmp
[2009/05/07 22:24:14 | 01,080,056 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\bach.bmp
[2009/05/06 18:41:06 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\dds.scr
[2009/05/06 00:11:00 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 00:10:58 | 00,003,021 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/06 00:03:42 | 00,147,100 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/28 19:05:04 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\David Wilson\Desktop\gmer.exe
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/19 18:29:52 | 00,360,021 | ---- | M] () -- C:\something.scr
< End of report >

proskoma · May 19, 2009

HJ Startup List

StartupList report, 5/19/2009, 8:11:56 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Unable to get Internet Explorer version!
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Promise\FastTrak\FtrakSvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\TrayDay\TrayDay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup]
TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe
ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PRISMSVR.EXE = "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
nwiz = nwiz.exe /install
ezShieldProtector for Px = C:\WINDOWS\system32\ezSP_Px.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SpybotSnD = "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
MSConfig = C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
LDM = \Program\BackWeb-8876480.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - E:\Program Files\GetRight\xx2gr.dll - {31FF080D-12A3-439A-A2EF-4BA95A3148E8}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Uninstall Expiration Reminder.job
AppleSoftwareUpdate.job
Ad-Aware Update (Weekly).job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Yahoo! Checkers]
CODEBASE = http://download.games.yahoo.com/games/clients/y/kt0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Checkers.osd

[Yahoo! Chess]
CODEBASE = http://download.yahoo.com/games/clients/y/cr1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Chess.osd

[Yahoo! Hearts]
CODEBASE = http://download.yahoo.com/games/clients/y/hr1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Hearts.osd

[Yahoo! Pool 2]
CODEBASE = http://download.yahoo.com/games/clients/y/por9_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd

[{00000075-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/voxmsdec.CAB

[{00000160-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab

[Support.com Configuration Class]
InProcServer32 = C:\Program Files\Common Files\supportsoft\bin\tgctlcm.dll
CODEBASE = http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[QuickTime Object]
InProcServer32 = E:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Facebook Photo Uploader 5 Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
CODEBASE = http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
CODEBASE = http://gulllake.gospelcom.net/unsecure/other_media/views/ipixx.cab

[Musicnotes Viewer]
InProcServer32 = C:\Program Files\Musicnotes\Player\Mnviewer.dll
CODEBASE = http://www.musicnotes.com/download/mnviewer.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\YAHOO!\COMMON\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\common\yinsthelper.dll

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Live365PlayerVIP Class]
InProcServer32 = C:\WINDOWS\SYSTEM32\p365vip.dll
CODEBASE = http://www.live365.com/players/p365vip.cab

[Snapfish Activia]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
CODEBASE = http://www2.snapfish.com/SnapfishActivia.cab

[Microsoft.WinRep]
InProcServer32 = C:\WINDOWS\System32\Winrep.dll
CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

[Install Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pinstall.dll
CODEBASE = http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab

[MsneDiag Class]
InProcServer32 = C:\Progra~1\MsnMusic\diag\4226180\msnediag.ocx
CODEBASE = http://entimg.msn.com/client/msnediag3518.cab

[Verizon Wireless Media Upload]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\VerizonWirelessUploadControl.dll
CODEBASE = http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

[YbUploadFavsCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\YbConvFav030408.dll
CODEBASE = http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab

[TLIEFlashObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll
CODEBASE = http://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB

[{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}]

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38079.8121527778

[Autodesk DWF Viewer Control]
InProcServer32 = C:\Program Files\Common Files\Autodesk Shared\dwf common\AdView.dll
CODEBASE = http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab

[WebResponseAttachments Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX
CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

[F-Secure Online Scanner 3.3]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll
CODEBASE = http://support.f-secure.com/ols/fscax.cab

[Java Plug-in 1.4.0]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

[Java Plug-in 1.4.2_06]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_13.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

[Live365Player Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Play365.dll
CODEBASE = http://www.live365.com/players/play365.cab

[{CEBC955E-58AF-11D2-A30A-00A0C903492B}]
CODEBASE = http://windowsupdate.microsoft.com/R848/V31Controls/x86/w98/en/actsetup.cab

[get_atlcom Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gp.ocx
CODEBASE = http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[iTunesDetector Class]
InProcServer32 = C:\Program Files\iTunes\ITDetector.ocx
CODEBASE = http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

[MsnMusicAx Class]
InProcServer32 = C:\Progra~1\MsnMusic\4226251\msnmusax.ocx
CODEBASE = http://entimg.msn.com/client/msnmusax3518.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

4mmdat: System32\DRIVERS\4mmdat.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
aic78xx: System32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD AGP Bus Filter Driver: System32\DRIVERS\amdagp.sys (system)
AMD IG AGP Bus Filter: System32\DRIVERS\amdagp10.sys (system)
AMDPCI: \??\C:\DOCUME~1\DAVIDW~1\LOCALS~1\Temp\AMDPCI.sys (manual start)
ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: System32\DRIVERS\AN983.sys (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
aswFsBlk: system32\DRIVERS\aswFsBlk.sys (autostart)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ati2mpaa: System32\DRIVERS\ati2mpaa.sys (manual start)
ati2mtaa: System32\DRIVERS\ati2mtaa.sys (manual start)
ATI WDM Rage Theater Video: System32\DRIVERS\atinrvxx.sys (manual start)
ATI Rage Theatre Video (ATIRTCAP): System32\DRIVERS\atirtcap.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Backup Scheduler: C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\DAVIDW~1\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DDC/CI monitor: System32\DRIVERS\Moni2c.sys (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DVDRC: System32\drivers\DVDRC.sys (system)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
fasttrak: system32\DRIVERS\fasttrak.sys (system)
Promise FastTrak Log Service: "C:\Program Files\Promise\FastTrak\FtrakSvc.exe" (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR ASPI Filter Driver: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
getPlus(R) Helper: C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (manual start)
GhostStartService: C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (autostart)
GhostPciScanner: \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Hauppauge WinTV PVR PCI II ([23|25|26]xxx): system32\DRIVERS\hcwPP2.sys (manual start)
Hauppauge WinTV PVR PCI II (Encoder): system32\DRIVERS\hcwPVRP2.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
Windows CardSpace idsvcSPTISRV: C:\WINDOWS\system32\unicodem.exe srv (autostart)
CD-Burning Filter Driver: system32\drivers\Imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\Imapi.exe (manual start)
Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)
Iomega Activity Disk2: "" (disabled)
Iomega App Services: "C:\PROGRA~1\Iomega\System32\AppServices.exe" (autostart)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042Pr2.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.sys (manual start)
Logitech USB Receiver device driver: system32\drivers\LHidUsb.Sys (manual start)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
Logitech Keyboard Class Filter Driver: System32\DRIVERS\LKbdFlt2.sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.sys (manual start)
TCP/IP Print Server: %SystemRoot%\System32\tcpsvcs.exe (manual start)
AEGIS Protocol (IEEE 802.1x) v2.3.1.9: system32\DRIVERS\mdc8021x.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATI WDM Specialized MVD Codec: System32\DRIVERS\atinmdxx.sys (autostart)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NovaStor NovaBACKUP Backup/Copy Engine: "C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe" (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
PACSPTISVR: C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Real time Backup Loader: "C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe" (autostart)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: System32\DRIVERS\sbp2port.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Simple TCP/IP Services: %SystemRoot%\System32\tcpsvcs.exe (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (manual start)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Alcor Micro Corp Reader: \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys (manual start)
SupportSoft RemoteAssist: C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E6B3FA06-8180-459F-8EDE-0A021C372798} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: System32\DRIVERS\ultra.sys (system)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
2Wire 802.11g Driver: system32\DRIVERS\wlanCIG.sys (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
zremote: system32\drivers\zremote.sys (manual start)
Iomega Active Disk: "C:\Program Files\Iomega\AutoDisk\ADService.exe" (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\andpripas.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 45,866 bytes
Report generated in 0.203 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

proskoma · May 19, 2009

Will post Malwarebytes' log this evening.

proskoma · May 19, 2009

Took less time than I thot...

Malwarebytes' Anti-Malware 1.36
Database version: 2150
Windows 5.1.2600 Service Pack 2

5/19/2009 8:56:20 AM
mbam-log-2009-05-19 (08-56-20).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 224433
Time elapsed: 33 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blade81 · May 19, 2009

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Please upload these files:
C:\WINDOWS\system32\andpripas.dll
C:\WINDOWS\System32\andpripas.dat
C:\WINDOWS\win.ini
C:\WINDOWS\system.ini

to this website.

Kindly include a link to this topic in the message. Let me know when that's been done.

proskoma · May 20, 2009

Files have been uploaded. Used Guest account, included

http://forums.spybot.info/showthread.php?t=47863&page=6

as the "link to topic where file was requested."

Blade81 · May 20, 2009

Thanks for the files. Let's continue the hunting.

Upload following two files to Virustotal and post back the results or links to the results:
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll

Internet Redirect - iexplorer - shutting down select programs - help?

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member

New member

New member

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus