Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bsod Stop:0x0000007e Error, Applications Freezing, Computer Is Slow


  • This topic is locked This topic is locked
7 replies to this topic

#1 beachbum999

beachbum999

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 03 October 2008 - 05:14 PM

My computer has been slow for months now. Getting slower. A week or so ago, it started locking up. Applications (Outlook, Excel, etc.) would freeze. Ctrl Alt Del did not work. Had to power off numerous times. Then, upon bootup, I got a Blue Screen giving the following error:

*** STOP: 0x0000007e

I booted into safe mode, ran my Ccleaner, AVG antivirus, Spybot, and Adaware. Did not find anything.

Same error.

Booted into safe mode again - did system restore to earlier date when things were more stable.

Same error.

After numerous reboots, it finally booted up. Though, it took a very long time.

Attached is my Hijack This log. I would appreciate any advice you may have!!! Thanks!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:00 PM, on 10/03/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ViceVersa Pro 2\VVLAUNCHER\VVLAUNCHER.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VVLauncher 2] "C:\Program Files\ViceVersa Pro 2\VVLAUNCHER\VVLAUNCHER.EXE"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190673698687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190673652921
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Premier - Contractor Edition\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11274 bytes

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:04 PM

Posted 13 October 2008 - 04:41 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 beachbum999

beachbum999
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 14 October 2008 - 08:51 AM

Yes. I do still need help. THANK YOU!!

Here are the reports you requested.



OTViewIt logfile created on: 10/13/2008 5:50:49 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.37 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 60.01% Memory free
1.77 Gb Paging File | 1.32 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): C:\pagefile.sys 552 1104;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.60 Gb Total Space | 58.06 Gb Free Space | 40.15% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.20% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 32.60 Gb Total Space | 14.96 Gb Free Space | 45.87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 189.91 Gb Total Space | 24.08 Gb Free Space | 12.68% Space Free | Partition Type: NTFS

Computer Name: EMACHINE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/09/30 15:24:08 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/02/27 07:24:12 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/09/30 15:24:14 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2006/07/07 18:14:38 | 00,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2006/11/21 20:09:02 | 00,842,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[2008/10/01 09:24:43 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2008/09/24 16:05:34 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/05/09 19:02:56 | 01,230,056 | ---- | M] (TGRMN Software) -- C:\Program Files\ViceVersa Pro 2\VVLauncher\VVLauncher.exe
[2008/08/15 14:46:26 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[2007/06/28 00:44:04 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/13 17:17:37 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/01/26 10:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/09/30 15:24:08 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/02/06 11:18:44 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/02/27 07:24:12 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
[2007/05/24 08:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
File not found -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services ==========

[2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2006/05/16 10:54:22 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2006/01/15 08:48:08 | 01,477,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2008/09/30 15:24:42 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/30 15:24:39 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/04/13 13:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/04/13 13:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2008/04/13 13:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/13 06:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/13 13:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 12:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Running])
[2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2001/08/17 13:46:40 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394 [On_Demand | Stopped])
[2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/03/16 19:50:36 | 00,221,440 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped])
[2005/03/16 19:51:16 | 01,033,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Stopped])
[2008/09/24 17:32:18 | 04,818,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2002/07/08 15:18:46 | 00,014,720 | R--- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1 [On_Demand | Stopped])
[2004/03/16 22:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/12/14 00:39:28 | 00,040,832 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev [On_Demand | Stopped])
[2006/12/13 17:52:50 | 00,020,992 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])
[2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2001/08/17 15:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic [On_Demand | Stopped])
[2007/08/15 08:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\system32\drivers\n558.sys -- (n558 [On_Demand | Stopped])
[2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2006/11/08 02:02:34 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2008/04/13 13:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2004/08/04 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2006/01/18 05:41:00 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2008/04/13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2008/10/01 09:22:38 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2005/03/16 19:50:32 | 00,705,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
[2005/10/17 18:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\CNNSI]
""=search.sportsillustrated.cnn.com/pages/search.jsp?query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Dictionary]
""=dictionary.reference.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Google]
""=google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups]
""=groups-beta.google.com/groups?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages]
""=images.google.com/images?hl=en&lr=&q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews]
""=news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\KB]
""=support.microsoft.com/search/default.aspx?query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\KBDLL]
""=support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Movies]
""=fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\MSN]
""=search.msn.com/results.asp?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus]
""=thesaurus.reference.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Weather]
""=weather.com/weather/local/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Yahoo]
""=search.yahoo.com/search?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
"Search Page"=http://www.google.com
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
"Search Page"=http://www.google.com
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\CNNSI]
""=search.sportsillustrated.cnn.com/pages/search.jsp?query=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Dictionary]
""=dictionary.reference.com/search?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Google]
""=google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups]
""=groups-beta.google.com/groups?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages]
""=images.google.com/images?hl=en&lr=&q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews]
""=news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\KB]
""=support.microsoft.com/search/default.aspx?query=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\KBDLL]
""=support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Movies]
""=fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\MSN]
""=search.msn.com/results.asp?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus]
""=thesaurus.reference.com/search?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Weather]
""=weather.com/weather/local/%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Yahoo]
""=search.yahoo.com/search?p=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{2F85D76C-0569-466F-A488-493E6BD0E955} (HKLM) -- C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{724d43a9-0d85-11d4-9908-00400523e39a} (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{724d43a0-0d85-11d4-9908-00400523e39a}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"VVLauncher 2"="C:\Program Files\ViceVersa Pro 2\VVLAUNCHER\VVLAUNCHER.EXE" (TGRMN Software)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
"Power2GoExpress"=NA File not found
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
"Power2GoExpress"=NA File not found
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"VVLauncher 2"="C:\Program Files\ViceVersa Pro 2\VVLAUNCHER\VVLAUNCHER.EXE" (TGRMN Software)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
"NoSaveSettings"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Customize Menu: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Fill Forms: File not found
RoboForm Toolbar: File not found
Save Forms: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Customize Menu: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Fill Forms: File not found
RoboForm Toolbar: File not found
Save Forms: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Button: Fill Forms -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Menu: Fill Forms -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Button: Save -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Menu: Save Forms -- File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: Button: RoboForm -- File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: Menu: RoboForm Toolbar -- File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Save] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Save] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Save] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Save] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
netteller.com\cm: https in My Computer
netteller.com\www: https in My Computer
41 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
netteller.com\cm: https in My Computer
netteller.com\www: https in My Computer
41 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=67633 -- Office Genuine Advantage Validation Tool
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/su/ocx/15015/CTSUEng.cab -- Creative Software AutoUpdate
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1190673698687 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1190673652921 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su/ocx/15023/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{3F3CB1E7-A8E3-49A8-9DEA-607277667B59} (Servers: | Description: )
{3F7846FA-50A1-48E9-94F9-A8F891C968E4} (Servers: | Description: )
{5E994510-06F4-4535-9593-2C168CB53FD2} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{C7FBD9FF-1022-475C-A78D-0298AD8C5AE7} (Servers: | Description: 1394 Net Adapter)
{D259BEB0-4514-44B2-AC0D-275FC5C8A040} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/09/30 15:24:49 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WRNotifier: "DllName" = WRLogonNTF.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/26 13:04:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1d21751-e4f0-11da-b623-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1d21751-e4f0-11da-b623-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1d21751-e4f0-11da-b623-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/13 17:39:38 | 00,001,392 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20081013_173937.reg
[2008/10/13 17:17:31 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/10 10:51:40 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/10/07 16:20:43 | 00,026,854 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20081007_162042.reg
[2008/10/07 15:25:54 | 00,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GroupMail 5.lnk
[2008/10/07 15:25:53 | 00,159,744 | ---- | C] (Desaware, Inc.) -- C:\WINDOWS\System32\dwStg.dll
[2008/10/07 15:25:52 | 00,929,792 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMHTMLEditor.ocx
[2008/10/07 15:25:52 | 00,614,400 | ---- | C] (WinMain Software (http://www.winmain.com)) -- C:\WINDOWS\System32\cmax40.dll
[2008/10/07 15:25:52 | 00,471,040 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7.ocx
[2008/10/07 15:25:52 | 00,425,984 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2008/10/07 15:25:52 | 00,349,224 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGThreed40.ocx
[2008/10/07 15:25:52 | 00,127,488 | ---- | C] (Teebo Software Solutions) -- C:\WINDOWS\System32\tssTaskPane1a.ocx
[2008/10/07 15:25:52 | 00,061,440 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\ThinkFTPCMSUpload.ocx
[2008/10/07 15:25:52 | 00,053,248 | ---- | C] (WorkSaver Software) -- C:\WINDOWS\System32\TinyDB6.ocx
[2008/10/07 15:25:51 | 01,668,096 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2008/10/07 15:25:51 | 01,208,320 | ---- | C] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2008/10/07 15:25:51 | 00,396,288 | ---- | C] () -- C:\WINDOWS\System32\o2DirSpyX.ocx
[2008/10/07 15:25:50 | 00,962,560 | ---- | C] (Connected Software, Inc.) -- C:\WINDOWS\System32\MagicCtl.dll
[2008/10/07 15:25:50 | 00,492,768 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGToolBars50.ocx
[2008/10/07 15:25:50 | 00,299,008 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGTabs40.ocx
[2008/10/07 15:25:50 | 00,194,248 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGScroll40.ocx
[2008/10/07 15:25:50 | 00,181,960 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGSplitter40.ocx
[2008/10/07 15:25:49 | 01,011,712 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\chilkatxml.dll
[2008/10/07 15:25:49 | 00,364,544 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\ANPOP.dll
[2008/10/07 15:25:49 | 00,315,400 | ---- | C] (VBGold Software) -- C:\WINDOWS\System32\sprinter.ocx
[2008/10/07 15:25:49 | 00,311,296 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\AOSMTPEX.dll
[2008/10/07 15:25:49 | 00,290,816 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\AOSMTP.dll
[2008/10/07 15:25:49 | 00,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\WINDOWS\System32\wspell.ocx
[2008/10/07 15:25:49 | 00,081,920 | ---- | C] (ADMINSYSTEM) -- C:\WINDOWS\System32\ANSSLPLUS.dll
[2008/10/07 15:25:48 | 00,517,368 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmgrpman.dll
[2008/10/07 15:25:48 | 00,487,424 | ---- | C] (Sequiter Software Inc.) -- C:\WINDOWS\System32\infCB.dll
[2008/10/07 15:25:48 | 00,304,376 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMAccMan.dll
[2008/10/07 15:25:48 | 00,263,416 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMailer.dll
[2008/10/07 15:25:48 | 00,208,896 | ---- | C] (infacta Ltd.) -- C:\WINDOWS\System32\infGMUI.ocx
[2008/10/07 15:25:48 | 00,173,304 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\infgdbcb.dll
[2008/10/07 15:25:48 | 00,095,480 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMSigMan.dll
[2008/10/07 15:25:48 | 00,095,480 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmnamfld.dll
[2008/10/07 15:25:48 | 00,075,000 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMesCom.dll
[2008/10/07 15:25:48 | 00,050,424 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMPaths.dll
[2008/10/07 15:25:46 | 00,683,801 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\unins000.exe
[2008/10/07 15:25:46 | 00,009,707 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\unins000.dat
[2008/10/07 15:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\GroupMail 5
[2008/10/07 15:25:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Infacta
[2008/10/07 10:18:43 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/07 09:28:07 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/07 09:27:33 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/07 09:27:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/07 09:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/10/07 09:15:39 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/10/06 19:40:55 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/06 19:40:55 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/01 20:25:51 | 00,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss
[2008/10/01 20:25:18 | 01,684,736 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2008/10/01 17:27:55 | 00,284,122 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20081001_172753.reg
[2008/09/30 19:47:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/30 16:31:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/30 16:19:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/30 16:19:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/30 15:59:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/30 15:38:37 | 14,610,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/09/30 15:38:37 | 00,173,900 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/09/30 15:34:04 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/09/30 15:33:52 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/09/30 15:33:35 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/30 15:33:34 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/09/30 15:33:22 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/09/30 15:33:22 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/09/30 15:33:13 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/09/30 15:33:12 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/09/30 15:33:12 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/09/30 15:33:11 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/09/30 15:33:11 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/09/30 15:33:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/09/30 15:33:11 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/09/30 15:33:09 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/09/30 15:33:09 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/09/30 15:32:29 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/09/30 15:32:29 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/09/30 15:32:29 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/09/30 15:24:49 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/30 15:24:49 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/09/30 15:24:42 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/30 15:24:39 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/30 15:24:34 | 28,732,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/09/30 15:24:34 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/30 15:24:34 | 00,307,238 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/30 15:24:34 | 00,068,419 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/30 15:24:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/09/30 15:24:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
[2008/09/30 15:24:08 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/09/30 15:19:31 | 00,128,210 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20080930_151929.reg
[2008/09/30 13:29:48 | 00,137,286 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20080930_132947.reg
[2008/09/30 13:27:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2008/09/30 13:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/09/30 13:13:42 | 14,738,26816 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/30 11:41:51 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2008/09/29 10:30:33 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/29 10:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/29 10:11:26 | 00,004,658 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20080929_101123.reg
[2008/09/28 16:25:38 | 00,133,378 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20080928_162535.reg
[2008/09/27 16:09:47 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/27 16:09:40 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/27 15:46:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/27 15:46:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/27 15:40:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/27 15:26:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/17 04:48:57 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/17 04:48:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/17 04:48:47 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/17 04:48:47 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/17 04:48:41 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/17 04:48:36 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/17 04:48:35 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/17 04:48:28 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/17 04:48:27 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/17 04:48:27 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/17 04:48:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/17 04:48:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/17 04:48:00 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/17 04:47:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/17 04:47:54 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/17 04:47:49 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/17 04:47:49 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/17 04:47:48 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/17 04:47:47 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/17 04:47:46 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/17 04:47:46 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/17 04:47:46 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/17 04:47:44 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/17 04:47:41 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/17 04:47:29 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/17 04:47:27 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/17 04:47:27 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/17 04:47:27 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/17 04:47:25 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/17 04:47:25 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/17 04:47:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/17 04:47:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/17 04:47:22 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/17 04:47:22 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/17 04:47:03 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/17 04:47:03 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/17 04:47:03 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/17 04:47:03 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/17 04:46:45 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/17 04:46:37 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/17 04:46:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/17 04:46:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/17 04:46:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/17 04:46:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/17 04:46:23 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/17 04:46:20 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/17 04:46:19 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/17 04:46:18 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/17 04:46:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/17 04:46:13 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/17 04:46:13 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/17 04:46:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/17 04:46:12 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/17 04:46:12 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/17 04:46:12 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/17 04:46:11 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/17 04:46:11 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/17 04:46:08 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/17 04:46:08 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/17 04:46:08 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/17 04:46:08 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/17 04:46:08 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/17 04:46:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/17 04:46:08 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/17 04:46:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/17 04:46:06 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/17 04:46:06 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/17 04:46:03 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/17 04:46:02 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/17 04:45:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/17 04:45:56 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/17 04:45:55 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/17 04:45:47 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/13 17:52:02 | 14,614,560 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/13 17:44:56 | 28,732,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/13 17:43:26 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/13 17:43:13 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/13 17:41:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/13 17:41:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/13 17:41:25 | 14,738,26816 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/13 17:40:21 | 00,173,900 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/13 17:40:07 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2008/10/13 17:39:53 | 10,705,686 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/13 17:39:40 | 00,001,392 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20081013_173937.reg
[2008/10/13 17:17:37 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/13 12:30:35 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/13 12:00:01 | 00,000,480 | ---- | M] () -- C:\WINDOWS\tasks\_viceversapr2_task_Daily Backup.job
[2008/10/09 18:20:24 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/08 16:45:41 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chad's Glucose Log.xls
[2008/10/07 16:20:45 | 00,026,854 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20081007_162042.reg
[2008/10/07 15:26:23 | 00,009,707 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\unins000.dat
[2008/10/07 15:25:54 | 00,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GroupMail 5.lnk
[2008/10/07 15:24:57 | 00,683,801 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\unins000.exe
[2008/10/07 09:08:41 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/06 19:40:55 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/06 19:40:55 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/05 09:32:31 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/02 11:05:36 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2008/10/01 17:27:57 | 00,284,122 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20081001_172753.reg
[2008/10/01 09:22:38 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/30 16:52:20 | 00,427,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/30 16:52:20 | 00,072,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/30 16:52:17 | 00,509,032 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/30 16:32:47 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/30 16:28:15 | 00,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/30 15:36:27 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/30 15:24:49 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/30 15:24:49 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/09/30 15:24:42 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/30 15:24:39 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/30 15:24:34 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/30 15:19:33 | 00,128,210 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20080930_151929.reg
[2008/09/30 13:29:51 | 00,137,286 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20080930_132947.reg
[2008/09/29 10:30:33 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/29 10:11:28 | 00,004,658 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20080929_101123.reg
[2008/09/28 16:25:41 | 00,133,378 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20080928_162535.reg
[2008/09/27 15:34:15 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/20 18:53:37 | 00,021,899 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2008/09/20 18:49:08 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2008/09/18 21:29:02 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
< End of report >


OTViewIt Extras logfile created on: 10/13/2008 5:50:49 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.37 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 60.01% Memory free
1.77 Gb Paging File | 1.32 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): C:\pagefile.sys 552 1104;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.60 Gb Total Space | 58.06 Gb Free Space | 40.15% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.20% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 32.60 Gb Total Space | 14.96 Gb Free Space | 45.87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 189.91 Gb Total Space | 24.08 Gb Free Space | 12.68% Space Free | Partition Type: NTFS

Computer Name: EMACHINE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4
File not found -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk
[2006/09/13 11:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks Premier - Contractor Edition\QBDBMgrN.exe:*:Disabled:QuickBooks 2008 Data Manager
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2008/09/30 15:24:13 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/27 08:00:16 | 00,070,944 | ---- | M] (TODO: <Company name>) C:\Program Files\Intuit\QuickBooks Premier - Contractor Edition\HelpAsyncPluggableProtocol.dll (intu-help-qb1:{9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} (HKLM) [Intuit Help System Async Pluggable Protocol (v1) for QuickBooks])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/30 15:24:33 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}"=Microsoft IntelliPoint 6.1
"{107254A0-0ADF-11D4-9397-00D0B7020B38}"=
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}"=Canon MF Toolbox 4.9.1.1.mf01
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}"=Recovery Software Suite eMachines
"{16D9439B-DF3D-43D1-A727-4B335300D07A}"=OverDrive Media Console
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3F873E63-1CA5-4bdb-A8C7-D97012496DE3}"=Canon MF6500 Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go 4.0
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}"=Digital Media Reader
"{5A3F6A80-7913-475E-8B96-477A952CFA43}"=SupportSoft Assisted Service
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}"=Presto! PageManager 6.03
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}"=Microsoft Office Converter Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{72FC0445-FE6D-4E12-815B-3A8C5E3704DA}_is1"=GroupMail :: Free Edition
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}"=OmniPage SE
"{85309D89-7BE9-4094-BB17-24999C6118FC}"=ArcSoft PhotoStudio 5.5
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8ECB8220-F422-4BEB-9596-97033C533702}"=QuickBooks Pro 2008
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A8BB9906-E618-406A-B161-7383AFF46C39}"=EasyRecovery Professional
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{CA9A3609-3ECC-4574-8824-A8161A71A603}"=Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}"=Microsoft IntelliType Pro 6.01
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F5A88B76-56B9-4D4E-96DC-D7FCA4FBBD51}"=TulsaView
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AI RoboForm"=AI RoboForm (All Users)
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"CCleaner"=CCleaner (remove only)
"Cleaner 5 EZ"=Cleaner 5 EZ
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=Soft Data Fax Modem with SmartCP
"Direct MP3 Joiner_is1"=Direct MP3 Joiner 2.3
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"Free Internet Window Washer"=Free Internet Window Washer
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}"=Digital Media Reader
"LiveUpdate"=LiveUpdate
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MP Navigator 2.0"=Canon MP Navigator 2.0
"Neuro-Programmer 2 Professional_is1"=Neuro-Programmer Professional 2.4.1
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PDF-XChange 3_is1"=PDF-XChange 3
"Picasa2"=Picasa 2
"RealPlayer 6.0"=RealPlayer Basic
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"SpywareBlaster_is1"=SpywareBlaster v3.5.1
"Tenant File_is1"=Tenant File 5.6
"The RealData Calculator - Free Edition1"=The RealData Calculator - Free Edition
"Unlocker"=Unlocker 1.8.5
"ViceVersa Pro 2_is1"=ViceVersa Pro 2 (Build 2014)
"ViewpointMediaPlayer"=Viewpoint Media Player
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live Safety Scanner"=Windows Live Safety Scanner
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"ZoneAlarm"=ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/23/2008 4:51:04 PM | Computer Name = EMACHINE | Source = QuickBooks | ID = 4
Description =

Error - 09/23/2008 4:51:04 PM | Computer Name = EMACHINE | Source = QuickBooks | ID = 4
Description =

Error - 09/23/2008 4:51:04 PM | Computer Name = EMACHINE | Source = QuickBooks | ID = 4
Description =

Error - 09/26/2008 6:15:48 PM | Computer Name = EMACHINE | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.11, faulting module
ad-aware.exe, version 7.1.0.11, fault address 0x0009659a.

Error - 09/29/2008 4:40:36 PM | Computer Name = EMACHINE | Source = QuickBooks | ID = 4
Description =

Error - 09/29/2008 4:40:36 PM | Computer Name = EMACHINE | Source = QuickBooks | ID = 4
Description =

Error - 09/29/2008 4:40:36 PM | Computer Name = EMACHINE | Source = QuickBooks | ID = 4
Description =

Error - 09/30/2008 5:34:41 PM | Computer Name = EMACHINE | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 6782, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 09/30/2008 5:34:41 PM | Computer Name = EMACHINE | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 09/30/2008 5:34:45 PM | Computer Name = EMACHINE | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 6782, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 10/01/2008 7:32:55 PM | Computer Name = EMACHINE | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{D259BEB0-4514-44B2-AC0D-275FC5C8A040}. The
backup browser is stopping.

Error - 10/01/2008 9:29:15 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/06/2008 8:28:52 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/07/2008 11:19:50 AM | Computer Name = EMACHINE | Source = DCOM | ID = 10010
Description = The server {16D99191-6280-4B33-A2F5-04805A0FC582} did not register
with DCOM within the required timeout.

Error - 10/07/2008 11:23:41 AM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/07/2008 6:21:12 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/07/2008 6:39:04 PM | Computer Name = EMACHINE | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{D259BEB0-4514-44B2-AC0D-275FC5C8A040}. The
backup browser is stopping.

Error - 10/13/2008 6:42:33 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/13/2008 6:43:10 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/13/2008 6:43:10 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >


KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 13, 2008 22:40:56
Records in database: 1309548


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\
L:\

Scan statistics
Files scanned 254026
Threat name 2
Infected objects 1
Suspicious objects 2
Duration of the scan 07:11:07

File name Threat name Threats count
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{DC1EA0F1-AE2B-4B18-B150-A276056F31D7}\Microsoft\Outlook Express\Old Mail (10-04 thru 10-05).dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

L:\Backup 8-17-06\Email Backup\Old Mail (10-04 thru 10-05).dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:04 PM

Posted 14 October 2008 - 03:15 PM

Hello, beachbum999.
I don't think this is a malware problem. and therefore not something I'll be able to fix all that well.

Have you tested yoru RAM? Failing ram the most common cause of 7E. If it was a malware issue, it would not be intermittent like this. I suspect failing hardware :thumbsup:

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    D:\i386\Apps\App17981\comps\toolbar\toolbr.exe
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • OTMoveIt3's Log
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 beachbum999

beachbum999
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 15 October 2008 - 11:21 AM

Here they are:

OTViewIt logfile created on: 10/13/2008 5:50:49 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1.37 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 60.01% Memory free
1.77 Gb Paging File | 1.32 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): C:\pagefile.sys 552 1104;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.60 Gb Total Space | 58.06 Gb Free Space | 40.15% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.20% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 32.60 Gb Total Space | 14.96 Gb Free Space | 45.87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 189.91 Gb Total Space | 24.08 Gb Free Space | 12.68% Space Free | Partition Type: NTFS

Computer Name: EMACHINE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/09/30 15:24:08 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/02/27 07:24:12 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/09/30 15:24:14 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2006/07/07 18:14:38 | 00,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2006/11/21 20:09:02 | 00,842,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[2008/10/01 09:24:43 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2008/09/24 16:05:34 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/05/09 19:02:56 | 01,230,056 | ---- | M] (TGRMN Software) -- C:\Program Files\ViceVersa Pro 2\VVLauncher\VVLauncher.exe
[2008/08/15 14:46:26 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[2007/06/28 00:44:04 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/13 17:17:37 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/01/15 08:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/01/26 10:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/09/30 15:24:08 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/02/06 11:18:44 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/02/27 07:24:12 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
[2007/05/24 08:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
File not found -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services ==========

[2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2006/05/16 10:54:22 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2006/01/15 08:48:08 | 01,477,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2008/09/30 15:24:42 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/30 15:24:39 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/04/13 13:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/04/13 13:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2008/04/13 13:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/13 06:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/13 13:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 12:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Running])
[2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2001/08/17 13:46:40 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394 [On_Demand | Stopped])
[2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/03/16 19:50:36 | 00,221,440 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped])
[2005/03/16 19:51:16 | 01,033,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Stopped])
[2008/09/24 17:32:18 | 04,818,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2002/07/08 15:18:46 | 00,014,720 | R--- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1 [On_Demand | Stopped])
[2004/03/16 22:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/12/14 00:39:28 | 00,040,832 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev [On_Demand | Stopped])
[2006/12/13 17:52:50 | 00,020,992 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])
[2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2001/08/17 15:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic [On_Demand | Stopped])
[2007/08/15 08:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\system32\drivers\n558.sys -- (n558 [On_Demand | Stopped])
[2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2006/11/08 02:02:34 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2008/04/13 13:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2004/08/04 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2006/01/18 05:41:00 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2008/04/13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2008/10/01 09:22:38 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2005/03/16 19:50:32 | 00,705,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
[2005/10/17 18:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\CNNSI]
""=search.sportsillustrated.cnn.com/pages/search.jsp?query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Dictionary]
""=dictionary.reference.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Google]
""=google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups]
""=groups-beta.google.com/groups?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages]
""=images.google.com/images?hl=en&lr=&q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews]
""=news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\KB]
""=support.microsoft.com/search/default.aspx?query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\KBDLL]
""=support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Movies]
""=fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\MSN]
""=search.msn.com/results.asp?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus]
""=thesaurus.reference.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Weather]
""=weather.com/weather/local/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Yahoo]
""=search.yahoo.com/search?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
"Search Page"=http://www.google.com
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
"Search Page"=http://www.google.com
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\CNNSI]
""=search.sportsillustrated.cnn.com/pages/search.jsp?query=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Dictionary]
""=dictionary.reference.com/search?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Google]
""=google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups]
""=groups-beta.google.com/groups?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages]
""=images.google.com/images?hl=en&lr=&q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews]
""=news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\KB]
""=support.microsoft.com/search/default.aspx?query=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\KBDLL]
""=support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Movies]
""=fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\MSN]
""=search.msn.com/results.asp?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus]
""=thesaurus.reference.com/search?q=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Weather]
""=weather.com/weather/local/%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\SearchURL\Yahoo]
""=search.yahoo.com/search?p=%s

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{2F85D76C-0569-466F-A488-493E6BD0E955} (HKLM) -- C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{724d43a9-0d85-11d4-9908-00400523e39a} (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{724d43a0-0d85-11d4-9908-00400523e39a}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"VVLauncher 2"="C:\Program Files\ViceVersa Pro 2\VVLAUNCHER\VVLAUNCHER.EXE" (TGRMN Software)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
"Power2GoExpress"=NA File not found
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
"Power2GoExpress"=NA File not found
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"VVLauncher 2"="C:\Program Files\ViceVersa Pro 2\VVLAUNCHER\VVLAUNCHER.EXE" (TGRMN Software)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
"NoSaveSettings"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Customize Menu: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Fill Forms: File not found
RoboForm Toolbar: File not found
Save Forms: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Customize Menu: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 12:26:36 | 00,200,704 | ---- | M] ()
Fill Forms: File not found
RoboForm Toolbar: File not found
Save Forms: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Button: Fill Forms -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Menu: Fill Forms -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Button: Save -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Menu: Save Forms -- File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: Button: RoboForm -- File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: Menu: RoboForm Toolbar -- File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Save] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Save] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Save] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Save] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [RoboForm] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
netteller.com\cm: https in My Computer
netteller.com\www: https in My Computer
41 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1901576168-3263959634-2465442520-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
netteller.com\cm: https in My Computer
netteller.com\www: https in My Computer
41 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=67633 -- Office Genuine Advantage Validation Tool
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/su/ocx/15015/CTSUEng.cab -- Creative Software AutoUpdate
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1190673698687 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1190673652921 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su/ocx/15023/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{3F3CB1E7-A8E3-49A8-9DEA-607277667B59} (Servers: | Description: )
{3F7846FA-50A1-48E9-94F9-A8F891C968E4} (Servers: | Description: )
{5E994510-06F4-4535-9593-2C168CB53FD2} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{C7FBD9FF-1022-475C-A78D-0298AD8C5AE7} (Servers: | Description: 1394 Net Adapter)
{D259BEB0-4514-44B2-AC0D-275FC5C8A040} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/09/30 15:24:49 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WRNotifier: "DllName" = WRLogonNTF.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/26 13:04:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1d21751-e4f0-11da-b623-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1d21751-e4f0-11da-b623-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1d21751-e4f0-11da-b623-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/13 17:39:38 | 00,001,392 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20081013_173937.reg
[2008/10/13 17:17:31 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/10 10:51:40 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/10/07 16:20:43 | 00,026,854 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20081007_162042.reg
[2008/10/07 15:25:54 | 00,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GroupMail 5.lnk
[2008/10/07 15:25:53 | 00,159,744 | ---- | C] (Desaware, Inc.) -- C:\WINDOWS\System32\dwStg.dll
[2008/10/07 15:25:52 | 00,929,792 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMHTMLEditor.ocx
[2008/10/07 15:25:52 | 00,614,400 | ---- | C] (WinMain Software (http://www.winmain.com)) -- C:\WINDOWS\System32\cmax40.dll
[2008/10/07 15:25:52 | 00,471,040 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7.ocx
[2008/10/07 15:25:52 | 00,425,984 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2008/10/07 15:25:52 | 00,349,224 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGThreed40.ocx
[2008/10/07 15:25:52 | 00,127,488 | ---- | C] (Teebo Software Solutions) -- C:\WINDOWS\System32\tssTaskPane1a.ocx
[2008/10/07 15:25:52 | 00,061,440 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\ThinkFTPCMSUpload.ocx
[2008/10/07 15:25:52 | 00,053,248 | ---- | C] (WorkSaver Software) -- C:\WINDOWS\System32\TinyDB6.ocx
[2008/10/07 15:25:51 | 01,668,096 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2008/10/07 15:25:51 | 01,208,320 | ---- | C] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2008/10/07 15:25:51 | 00,396,288 | ---- | C] () -- C:\WINDOWS\System32\o2DirSpyX.ocx
[2008/10/07 15:25:50 | 00,962,560 | ---- | C] (Connected Software, Inc.) -- C:\WINDOWS\System32\MagicCtl.dll
[2008/10/07 15:25:50 | 00,492,768 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGToolBars50.ocx
[2008/10/07 15:25:50 | 00,299,008 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGTabs40.ocx
[2008/10/07 15:25:50 | 00,194,248 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGScroll40.ocx
[2008/10/07 15:25:50 | 00,181,960 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGSplitter40.ocx
[2008/10/07 15:25:49 | 01,011,712 | ---- | C] (Chilkat Software, Inc.) -- C:\WINDOWS\System32\chilkatxml.dll
[2008/10/07 15:25:49 | 00,364,544 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\ANPOP.dll
[2008/10/07 15:25:49 | 00,315,400 | ---- | C] (VBGold Software) -- C:\WINDOWS\System32\sprinter.ocx
[2008/10/07 15:25:49 | 00,311,296 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\AOSMTPEX.dll
[2008/10/07 15:25:49 | 00,290,816 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\AOSMTP.dll
[2008/10/07 15:25:49 | 00,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\WINDOWS\System32\wspell.ocx
[2008/10/07 15:25:49 | 00,081,920 | ---- | C] (ADMINSYSTEM) -- C:\WINDOWS\System32\ANSSLPLUS.dll
[2008/10/07 15:25:48 | 00,517,368 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmgrpman.dll
[2008/10/07 15:25:48 | 00,487,424 | ---- | C] (Sequiter Software Inc.) -- C:\WINDOWS\System32\infCB.dll
[2008/10/07 15:25:48 | 00,304,376 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMAccMan.dll
[2008/10/07 15:25:48 | 00,263,416 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMailer.dll
[2008/10/07 15:25:48 | 00,208,896 | ---- | C] (infacta Ltd.) -- C:\WINDOWS\System32\infGMUI.ocx
[2008/10/07 15:25:48 | 00,173,304 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\infgdbcb.dll
[2008/10/07 15:25:48 | 00,095,480 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMSigMan.dll
[2008/10/07 15:25:48 | 00,095,480 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmnamfld.dll
[2008/10/07 15:25:48 | 00,075,000 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMesCom.dll
[2008/10/07 15:25:48 | 00,050,424 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMPaths.dll
[2008/10/07 15:25:46 | 00,683,801 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\unins000.exe
[2008/10/07 15:25:46 | 00,009,707 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\unins000.dat
[2008/10/07 15:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\GroupMail 5
[2008/10/07 15:25:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Infacta
[2008/10/07 10:18:43 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/07 09:28:07 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/07 09:27:33 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/07 09:27:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/07 09:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/10/07 09:15:39 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/10/06 19:40:55 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/06 19:40:55 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/01 20:25:51 | 00,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss
[2008/10/01 20:25:18 | 01,684,736 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2008/10/01 17:27:55 | 00,284,122 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20081001_172753.reg
[2008/09/30 19:47:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/30 16:31:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/30 16:19:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/30 16:19:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/30 15:59:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/30 15:38:37 | 14,610,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/09/30 15:38:37 | 00,173,900 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/09/30 15:34:04 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/09/30 15:33:52 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/09/30 15:33:35 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/30 15:33:34 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/09/30 15:33:22 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/09/30 15:33:22 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/09/30 15:33:13 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/09/30 15:33:12 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/09/30 15:33:12 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/09/30 15:33:11 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/09/30 15:33:11 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/09/30 15:33:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/09/30 15:33:11 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/09/30 15:33:09 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/09/30 15:33:09 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/09/30 15:32:29 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/09/30 15:32:29 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/09/30 15:32:29 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/09/30 15:24:49 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/30 15:24:49 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/09/30 15:24:42 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/30 15:24:39 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/30 15:24:34 | 28,732,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/09/30 15:24:34 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/30 15:24:34 | 00,307,238 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/30 15:24:34 | 00,068,419 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/30 15:24:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/09/30 15:24:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
[2008/09/30 15:24:08 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/09/30 15:19:31 | 00,128,210 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20080930_151929.reg
[2008/09/30 13:29:48 | 00,137,286 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20080930_132947.reg
[2008/09/30 13:27:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2008/09/30 13:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/09/30 13:13:42 | 14,738,26816 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/30 11:41:51 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2008/09/29 10:30:33 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/29 10:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/29 10:11:26 | 00,004,658 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20080929_101123.reg
[2008/09/28 16:25:38 | 00,133,378 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20080928_162535.reg
[2008/09/27 16:09:47 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/27 16:09:40 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/27 15:46:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/27 15:46:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/27 15:40:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/27 15:26:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/17 04:48:57 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/17 04:48:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/17 04:48:47 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/17 04:48:47 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/17 04:48:41 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/17 04:48:36 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/17 04:48:35 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/17 04:48:28 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/17 04:48:27 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/17 04:48:27 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/17 04:48:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/17 04:48:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/17 04:48:00 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/17 04:47:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/17 04:47:54 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/17 04:47:49 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/17 04:47:49 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/17 04:47:48 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/17 04:47:47 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/17 04:47:46 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/17 04:47:46 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/17 04:47:46 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/17 04:47:44 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/17 04:47:41 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/17 04:47:29 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/17 04:47:27 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/17 04:47:27 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/17 04:47:27 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/17 04:47:25 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/17 04:47:25 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/17 04:47:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/17 04:47:25 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/17 04:47:22 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/17 04:47:22 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/17 04:47:03 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/17 04:47:03 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/17 04:47:03 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/17 04:47:03 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/17 04:46:45 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/17 04:46:37 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/17 04:46:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/17 04:46:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/17 04:46:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/17 04:46:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/17 04:46:23 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/17 04:46:20 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/17 04:46:19 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/17 04:46:18 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/17 04:46:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/17 04:46:13 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/17 04:46:13 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/17 04:46:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/17 04:46:12 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/17 04:46:12 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/17 04:46:12 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/17 04:46:11 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/17 04:46:11 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/17 04:46:08 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/17 04:46:08 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/17 04:46:08 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/17 04:46:08 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/17 04:46:08 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/17 04:46:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/17 04:46:08 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/17 04:46:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/17 04:46:06 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/17 04:46:06 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/17 04:46:03 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/17 04:46:02 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/17 04:45:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/17 04:45:56 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/17 04:45:55 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/17 04:45:47 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/13 17:52:02 | 14,614,560 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/13 17:44:56 | 28,732,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/13 17:43:26 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/13 17:43:13 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/13 17:41:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/13 17:41:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/13 17:41:25 | 14,738,26816 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/13 17:40:21 | 00,173,900 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/13 17:40:07 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2008/10/13 17:39:53 | 10,705,686 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/13 17:39:40 | 00,001,392 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20081013_173937.reg
[2008/10/13 17:17:37 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/13 12:30:35 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/13 12:00:01 | 00,000,480 | ---- | M] () -- C:\WINDOWS\tasks\_viceversapr2_task_Daily Backup.job
[2008/10/09 18:20:24 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/08 16:45:41 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chad's Glucose Log.xls
[2008/10/07 16:20:45 | 00,026,854 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20081007_162042.reg
[2008/10/07 15:26:23 | 00,009,707 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\unins000.dat
[2008/10/07 15:25:54 | 00,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GroupMail 5.lnk
[2008/10/07 15:24:57 | 00,683,801 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\unins000.exe
[2008/10/07 09:08:41 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/06 19:40:55 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/06 19:40:55 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/05 09:32:31 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/02 11:05:36 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2008/10/01 17:27:57 | 00,284,122 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20081001_172753.reg
[2008/10/01 09:22:38 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/30 16:52:20 | 00,427,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/30 16:52:20 | 00,072,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/30 16:52:17 | 00,509,032 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/30 16:32:47 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/30 16:28:15 | 00,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/30 15:36:27 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/30 15:24:49 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/30 15:24:49 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/09/30 15:24:42 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/30 15:24:39 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/30 15:24:34 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/30 15:19:33 | 00,128,210 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20080930_151929.reg
[2008/09/30 13:29:51 | 00,137,286 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20080930_132947.reg
[2008/09/29 10:30:33 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/29 10:11:28 | 00,004,658 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20080929_101123.reg
[2008/09/28 16:25:41 | 00,133,378 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20080928_162535.reg
[2008/09/27 15:34:15 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/20 18:53:37 | 00,021,899 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2008/09/20 18:49:08 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2008/09/18 21:29:02 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
< End of report >

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2008-10-15 11:16:15
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C44 12 Bytes [ 10, D5, C5, B0, 70, 38, C6, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 245C 80501C84 8 Bytes [ 20, 9F, C5, B0, E0, 56, C6, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501E8C 8 Bytes [ 50, 62, C6, B0, B0, 5C, C6, ... ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B0C6EC20] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B0C6EC20] vsdatant.sys

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41362CB-AC97-5903-E08C-9A7B39261CDB}@oacjdneopldbhmbhagniaegfnoocjl 0x64 0x61 0x70 0x6F ...
Reg \Registry\USER\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41362CB-AC97-5903-E08C-9A7B39261CDB}@oaoloikbngccchcgaadkicpodkpcge 0x6A 0x61 0x70 0x6F ...
Reg \Registry\USER\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41362CB-AC97-5903-E08C-9A7B39261CDB}@nailjlcmppappondpniiomnbhbac 0x69 0x61 0x6C 0x70 ...
Reg \Registry\USER\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41362CB-AC97-5903-E08C-9A7B39261CDB}@eagldlnjag 0x6C 0x61 0x66 0x67 ...
Reg \Registry\USER\S-1-5-21-1901576168-3263959634-2465442520-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41362CB-AC97-5903-E08C-9A7B39261CDB}@cafjbh 0x64 0x62 0x6C 0x6D ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F87C192A
ADS C:\Documents and Settings\Owner\Favorites\Foreclosure Sites\HomeVestors - Tulsa - We Buy Ugly Houses - Ugly Homes for Home Investors.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Foreclosure Sites\Properties Owned by Countrywide - REO Homes.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Foreclosure Sites\Tulsa County Sheriff's Website.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Google Maps - Multiple Locations\gmaps.kaeding.name Map results.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\NYC\Central Park Map.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\NYC\Google Image Result for http--static.zooomr.com-images-4154996_71ce72596c.jpg.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Pharmacies\Buy Wellbutrin Xl online in 150mg; cheap drug prices and information.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Pharmacies\Jandrugs.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Pharmacies\Nom dePlume's Guide to Medicine for Mental Health.url:favicon
ADS ...

---- EOF - GMER 1.0.12 ----

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:04 PM

Posted 15 October 2008 - 07:55 PM

Hello.

That all looks clean... 7E is almost never caused by a software problem.

You should remove these outdated Javas from Add/Remove programs:
J2SE Runtime Environment 5.0 Update 6
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5

I would start a topic in the Windows XP forum here:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

They know a lot more about hardware diagnosis :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 beachbum999

beachbum999
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 16 October 2008 - 08:59 AM

OK. Thanks Billy. I appreciate your help!

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:04 PM

Posted 16 October 2008 - 02:21 PM

Hello, beachbum999.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users