Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

50 some infections


  • This topic is locked This topic is locked
16 replies to this topic

#1 NosDoze

NosDoze

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 14 December 2008 - 07:53 PM

It all started by not being able to log into my computer at all... I finally logged into the last known good setting. When I did get in I ran AVScan and found a couple viruses, then Search and Destroy, which I still don't understand really.. I read a lot of entries on these pages and downloaded Malwarebytes lastnight and ran it this morning, it found 50 some infected items. Last night I also had a redirect popup to some "virus scan program site" JS/agent 1366 or something, I think AVscan deleted it, cause I haven't had it today... Anyway here are the logs from hijack,AVscan, and mbam:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:41 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C73BF21-7739-4191-B3B9-1AFCF341BB05} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADW~1.02\Ussshreg.exe /r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15105/CTPID.cab
O20 - AppInit_DLLs: hhynva.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8289 bytes


NEXT SCAN:


Avira AntiVir Personal
Report file date: Sunday, December 14, 2008 16:00

Scanning for 1085187 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DAVID

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/26/2008 19:16:37
AVSCAN.DLL : 8.1.4.0 40705 Bytes 7/17/2008 23:20:16
LUKE.DLL : 8.1.4.5 164097 Bytes 7/17/2008 23:20:16
LUKERES.DLL : 8.1.4.0 12033 Bytes 7/17/2008 23:20:16
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 23:29:37
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 12/7/2008 19:17:15
ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 12/7/2008 19:17:16
ANTIVIR3.VDF : 7.1.0.229 137728 Bytes 12/12/2008 19:16:55
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/15/2008 23:25:04
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/12/2008 19:17:00
AESCN.DLL : 8.1.1.5 123251 Bytes 11/8/2008 15:28:59
AERDL.DLL : 8.1.1.3 438645 Bytes 11/7/2008 01:08:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/12/2008 15:28:12
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 19:16:59
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/12/2008 19:16:58
AEHELP.DLL : 8.1.2.0 119159 Bytes 11/19/2008 15:28:18
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 19:16:56
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/15/2008 23:24:55
AECORE.DLL : 8.1.5.2 172405 Bytes 11/29/2008 19:16:02
AEBB.DLL : 8.1.0.3 53618 Bytes 10/15/2008 23:24:53
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/17/2008 23:20:16
AVPREF.DLL : 8.0.2.0 38657 Bytes 7/17/2008 23:20:16
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 23:19:18
AVREG.DLL : 8.0.0.1 33537 Bytes 7/17/2008 23:20:16
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 7/17/2008 23:20:16
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 7/17/2008 23:20:16
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/17/2008 23:20:14
RCTEXT.DLL : 8.0.52.0 86273 Bytes 7/17/2008 23:20:14

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, December 14, 2008 16:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ALCFDRTM.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'SaiMfd.exe' - '1' Module(s) have been scanned
Scan process 'ProfilerU.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'razerofa.exe' - '1' Module(s) have been scanned
Scan process 'SaiVolume.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'VerizonServicepoint.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'razerhid.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '64' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{5DB9C8F4-D9BE-4F7A-BA83-344365C6ECFF}\RP490\A0119800.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '497682d4.qua'!
C:\System Volume Information\_restore{5DB9C8F4-D9BE-4F7A-BA83-344365C6ECFF}\RP490\A0119801.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '497682db.qua'!
C:\System Volume Information\_restore{5DB9C8F4-D9BE-4F7A-BA83-344365C6ECFF}\RP490\A0119802.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '497682de.qua'!


End of the scan: Sunday, December 14, 2008 17:11
Used time: 1:10:39 Hour(s)

The scan has been done completely.

12742 Scanning directories
526261 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
526257 Files not concerned
3131 Archives were scanned
1 Warnings
3 Notes



LAST SCAN:



Malwarebytes' Anti-Malware 1.31
Database version: 1499
Windows 5.1.2600 Service Pack 3

12/14/2008 1:17:24 PM
mbam-log-2008-12-14 (13-17-24).txt

Scan type: Quick Scan
Objects scanned: 103315
Time elapsed: 55 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 32
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ssqPfCSj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqOHYpM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hhynva.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c73bf21-7739-4191-b3b9-1afcf341bb05} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c73bf21-7739-4191-b3b9-1afcf341bb05} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqohypm (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1fcedeba-c7e7-48b1-8123-6a640d0c7926} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1fcedeba-c7e7-48b1-8123-6a640d0c7926} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e310180-23d2-4795-8d7a-1b0aed6109fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e310180-23d2-4795-8d7a-1b0aed6109fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c73bf21-7739-4191-b3b9-1afcf341bb05} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iercpt.iercptbho (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iercpt.iercptbho.1 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59c345ba-3d5e-44e3-9d10-d3848af15d73} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a6fbd2e4-1c7e-4eab-80dd-01de2645566a} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{3a9377a6-be7f-485d-908c-d44114691389} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\iercpt.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ssqpfcsj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqpfcsj -> Delete on reboot.

Folders Infected:
C:\Program Files\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Local Settings\Application Data\qip (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ssqPfCSj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jSCfPqss.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jSCfPqss.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqOHYpM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ulfycinn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnicyflu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhynva.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsxqjmhm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\~.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\G52VKLMN\KB908482[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SEC\schedule.dat (Rogue.SecureExpertCleaner

Kaspersky Scan:

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 20:58:20
Records in database: 1461208
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Dave\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 66794
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:59:32


File name / Threat name / Threats count
C:\WINDOWS\system32\tuvSIYOH.dll Infected: Trojan-Downloader.Win32.Agent.aubk 1

The selected area was scanned.

Edited by NosDoze, 14 December 2008 - 09:13 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:31 AM

Posted 23 December 2008 - 09:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 NosDoze

NosDoze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 23 December 2008 - 11:10 PM

Ok I will follow ur instructions... Since this post I was also infected with the Spyware guard 2008, which is driving me CRAZY!! :thumbsup:

By the way THANK YOU very much for the reply... You all are a god sent for the help you provide...

Edited by NosDoze, 24 December 2008 - 12:50 AM.


#4 NosDoze

NosDoze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 23 December 2008 - 11:40 PM

DDS results...

DDS (Version 1.1.0) - NTFSx86
Run by Dave at 23:29:48.55 on Tue 12/23/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1379 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\Dave\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [razer] c:\program files\razer\copperhead\razerhid.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [ussshreg] c:\progra~1\uleadw~1.02\Ussshreg.exe /r
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Jbeqikodadodexad] rundll32.exe "c:\windows\Gsotodaqoxo.dll",e
mRun: [Wponorucat] rundll32.exe "c:\windows\olalizego.dll",e
mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
AppInit_DLLs: hhynva.dll
SSODL: ieModule - {E8545AB7-7825-43B7-BC35-03BCAE9A7C1F} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ieModule.dll
SSODL: InternetConnection - {97F3FF6A-BA61-431C-81E8-9BE0E2E1B659} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\uvxmoxoxbq.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-14 11840]
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2007-8-9 13696]
R1 BS_I2cIo;BS_I2cIo;\??\c:\windows\system32\drivers\BS_I2cIo.sys [2007-8-10 8192]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-6-14 68865]
R3 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-6-14 151297]
R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-6-14 52032]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2008-8-28 104960]
R3 SaiK0CEA;SaiK0CEA;c:\windows\system32\drivers\SaiK0CEA.sys [2008-12-12 104960]
R3 SaiU0CEA;SaiU0CEA;c:\windows\system32\drivers\SaiU0CEA.sys [2008-12-12 28544]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-4 33752]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2007-8-10 19020]

=============== Created Last 30 ================

2008-12-23 20:46 <DIR> --d----- c:\program files\Spyware Guard 2008
2008-12-23 18:25 134,144 a------- c:\windows\olalizego.dll
2008-12-23 17:32 33,280 a------- c:\windows\system32\crypts.dll
2008-12-23 17:21 40,960 a------- c:\windows\Gsotodaqoxo.dll
2008-12-23 06:21 29,701 a------- c:\docume~1\alluse~1\applic~1\svhost.exe
2008-12-14 03:39 <DIR> --d----- c:\docume~1\dave\applic~1\Malwarebytes
2008-12-14 03:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-14 03:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 03:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-14 03:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 22:54 52,480 ac------ c:\windows\system32\dllcache\i8042prt.sys
2008-12-13 22:54 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2008-12-12 14:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Saitek
2008-12-12 13:42 4,886 a----r-- c:\windows\system32\SaiD0CEA.pr0
2008-12-12 13:29 28,544 a------- c:\windows\system32\drivers\SaiU0CEA.sys
2008-12-12 13:29 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
2008-12-12 13:29 65,536 a------- c:\windows\system32\Saio0CEA.dll
2008-12-12 13:29 1,232,896 a------- c:\windows\system32\SaiM0CEA.exe
2008-12-12 13:29 25,600 a------- c:\windows\system32\SaiM0CEA_11.dll
2008-12-12 13:29 25,600 a------- c:\windows\system32\SaiM0CEA_10.dll
2008-12-12 13:29 25,600 a------- c:\windows\system32\SaiM0CEA_0C.dll
2008-12-12 13:29 25,600 a------- c:\windows\system32\SaiM0CEA_0A.dll
2008-12-12 13:29 25,600 a------- c:\windows\system32\SaiM0CEA_09.dll
2008-12-12 13:29 25,600 a------- c:\windows\system32\SaiM0CEA_07.dll
2008-12-12 13:29 25,600 a------- c:\windows\system32\SaiM0CEA_0402.dll
2008-12-12 13:29 104,960 a------- c:\windows\system32\drivers\SaiK0CEA.sys
2008-12-06 10:56 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-03 12:15 <DIR> --d----- c:\program files\Curse
2008-11-27 18:09 1,001,712 a------- C:\100_1553.jpg

==================== Find3M ====================

2008-12-23 21:01 1,003,957 a------- c:\windows\sysexplorer.exe
2008-12-23 21:01 134,149 a------- c:\windows\reged.exe
2008-12-23 21:01 51,197 a------- c:\windows\spoolsystem.exe
2008-12-23 21:01 50,620 a------- c:\windows\sys.com
2008-12-23 21:01 47,872 a------- c:\windows\syscert.exe
2008-12-23 21:01 18,941 a------- c:\windows\vmreg.dll
2008-12-23 06:21 384,000 a------- c:\windows\system32\winscenter.exe
2008-12-23 06:21 2,704 a------- c:\windows\system32\TDSSlxwp.dll
2008-12-23 06:21 31,232 a------- c:\windows\system32\TDSSriqp.dll
2008-12-23 06:21 35,840 a------- c:\windows\system32\TDSSofxh.dll
2008-12-23 06:21 29,696 a------- c:\windows\system32\TDSSbrsr.dll
2008-12-23 06:21 60,416 a------- c:\windows\system32\drivers\TDSSmqlt.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-14 19:46 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-10-08 19:47 42,320 a------- c:\windows\system32\xfcodec.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-04-30 17:59 22,328 a------- c:\docume~1\dave\applic~1\PnkBstrK.sys
2008-03-02 00:25 5,750 ac------ c:\program files\install.log
2007-08-18 13:53 774,144 a------- c:\program files\RngInterstitial.dll

============= FINISH: 23:30:17.18 ===============


All I have is WinRaR and It would not let me upload the Attach.rar file....

#5 NosDoze

NosDoze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 23 December 2008 - 11:49 PM

Board wouldn't let me attach the Zipped file of the DDS Attach... Let me know and I will post it.

Edited by NosDoze, 23 December 2008 - 11:53 PM.


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 24 December 2008 - 12:14 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.

Board wouldn't let me attach the Zipped file of the DDS Attach... Let me know and I will post it.

No problem run the scanner below. Please Post both logs.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 NosDoze

NosDoze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 24 December 2008 - 04:34 PM

Here is Oldtimer:

By the way thank you very much for the help....

OTViewIt logfile created on: 12/24/2008 4:29:48 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.93 Gb Free Space | 44.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/23 18:25:16 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
[2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2006/11/14 16:21:28 | 16,270,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2005/10/31 09:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/10/08 15:27:48 | 00,155,648 | ---- | M] () -- C:\Program Files\Razer\Copperhead\razerhid.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/17 18:20:16 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/01/18 16:37:38 | 00,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
[2008/04/04 11:34:42 | 00,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
[2008/04/04 11:35:20 | 00,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2005/07/22 14:02:46 | 00,159,744 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Copperhead\razerofa.exe
[2008/08/18 17:41:00 | 01,832,272 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/08/09 22:01:02 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2008/10/23 18:25:13 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/12/03 19:59:02 | 01,265,296 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/24 16:29:24 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/23 18:25:16 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/23 18:25:13 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [On_Demand | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Running])
[2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
[2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[2006/07/01 21:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2006/11/01 13:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
[2004/08/03 21:31:20 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983 [On_Demand | Running])
[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/06/15 00:27:32 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/11/26 14:16:37 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [System | Running])
[2006/04/13 13:33:28 | 00,008,192 | ---- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo [System | Running])
[2005/01/10 05:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 12:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/15 13:34:40 | 04,225,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/09/28 13:30:57 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
[2007/09/28 13:30:49 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2007/12/05 00:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/21 04:24:28 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/09/11 05:45:36 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/09/11 05:45:38 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/09/11 05:45:26 | 00,110,592 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP [System | Running])
[2007/04/19 11:09:42 | 00,194,048 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI [On_Demand | Running])
[2007/04/19 11:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem [On_Demand | Stopped])
[2007/04/19 11:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort [On_Demand | Stopped])
[2005/01/10 05:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2005/07/07 03:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/29 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/08/12 09:11:10 | 00,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow [On_Demand | Stopped])
[2008/02/18 09:21:33 | 00,104,960 | R--- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiK0728.sys -- (SaiK0728 [On_Demand | Running])
[2008/04/04 17:21:16 | 00,104,960 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiK0CEA.sys -- (SaiK0CEA [On_Demand | Running])
[2008/04/04 17:21:42 | 00,014,080 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini [On_Demand | Running])
[2008/04/04 17:21:42 | 00,035,456 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus [On_Demand | Running])
[2008/04/04 17:21:18 | 00,028,544 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiU0CEA.sys -- (SaiU0CEA [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2005/08/14 13:25:02 | 00,003,548 | ---- | M] () -- C:\Program Files\BIOSTAR\T-Utility BIOS Live Update\WinFlash.sys -- (WINFLASH [On_Demand | Stopped])
[2006/02/28 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265422 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9196 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5C73BF21-7739-4191-B3B9-1AFCF341BB05} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"P17Helper"=Rundll32 P17.dll,P17Helper ()
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"razer"=C:\Program Files\Razer\Copperhead\razerhid.exe ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
"SaiVolume"=C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UpdReg"=C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
"ussshreg"=C:\PROGRA~1\ULEADW~1.02\Ussshreg.exe /r ()
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe File not found
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN (Verizon)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[2004/12/14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
amaena.com: * in Trusted sites
avsystemcare.com: * in Trusted sites
onerateld.com: * in Trusted sites
safetydownload.com: * in Trusted sites
trustedantivirus.com: * in Trusted sites
virusremover2008.com: * in Trusted sites
virusschlacht.com: * in Trusted sites
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testAc...OnlineGames.cab -- Disney Online Games ActiveX Control
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.systemrequirementslab.com/sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su2...15105/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{0F86D39C-DCA0-41C9-91BC-86E55B78EE5B} (Servers: | Description: )
{17944847-F5BB-4E30-9403-C183CE4D4969} (Servers: | Description: NVIDIA nForce Networking Controller)
{24AE78D9-75AA-4F6F-B423-C47C5EB8F6C9} (Servers: | Description: Linksys NC100 Fast Ethernet Adapter)
{66FCE40D-1ED1-4C27-B3B5-5D992EEF5544} (Servers: | Description: Westell USB Network Interface)
{724EB4D3-FD0C-4BD9-A3D5-8F6EB433E53C} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=hhynva.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/08/09 21:48:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\*.tmp files]
[2008/12/24 16:29:22 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2008/12/23 23:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\WinZip
[2008/12/23 23:45:58 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 23:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/12/23 23:44:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B7.TMP
[2008/12/23 23:33:34 | 00,002,741 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Attach.rar
[2008/12/23 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\{87C4601D-5E35-4694-9D27-B7E614C758B5}
[2008/12/23 06:21:12 | 00,000,441 | ---- | C] () -- C:\WINDOWS\System32\TDSSosvd.dat
[2008/12/19 01:03:03 | 00,005,732 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\NAMBLA_CustomTextures.zip
[2008/12/14 03:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2008/12/14 03:39:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 03:39:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 03:39:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 03:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 03:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/13 22:55:01 | 00,000,292 | ---- | C] () -- C:\WINDOWS\tasks\dymjoodh.job
[2008/12/13 22:54:17 | 00,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/12/13 22:54:17 | 00,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2008/12/12 14:43:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2008/12/12 13:42:33 | 00,004,886 | R--- | C] () -- C:\WINDOWS\System32\SaiD0CEA.pr0
[2008/12/12 13:29:27 | 00,028,544 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiU0CEA.sys
[2008/12/12 13:29:18 | 00,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Saitek Cyborg Mouse.lnk
[2008/12/12 13:29:17 | 00,065,536 | ---- | C] (Saitek) -- C:\WINDOWS\System32\Saio0CEA.dll
[2008/12/12 13:29:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
[2008/12/12 13:29:15 | 01,232,896 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA.exe
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_11.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_10.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0C.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0A.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_09.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_07.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0402.dll
[2008/12/12 13:29:13 | 00,104,960 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiK0CEA.sys
[2008/12/04 20:21:17 | 00,001,884 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Star Wars Galaxies.lnk
[2008/12/04 01:07:23 | 00,060,705 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Squared-2.8.1.zip
[2008/12/03 12:15:26 | 00,001,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2008/12/03 12:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\CurseClient
[2008/12/03 12:15:18 | 00,000,000 | ---D | C] -- C:\Program Files\Curse
[2008/12/03 01:39:24 | 01,545,129 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Equilibriums UI.zip
[2008/12/03 01:28:26 | 00,023,508 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\CleanUnitFrames-1.0.15.zip
[2008/11/27 18:26:10 | 00,992,140 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1554.jpg
[2008/11/27 18:26:06 | 01,001,712 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1553.jpg
[2008/11/27 18:26:01 | 00,995,148 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1552.jpg
[2008/11/27 18:25:56 | 00,997,636 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1551.jpg
[2008/11/27 18:25:49 | 01,008,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1550.jpg
[2008/11/27 18:25:43 | 01,003,216 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1548.jpg
[2008/11/27 18:25:39 | 00,999,924 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1547.jpg
[2008/11/27 18:25:35 | 01,023,924 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1546.jpg
[2008/11/27 18:25:31 | 01,024,952 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1545.jpg
[2008/11/27 18:25:25 | 01,023,464 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1544.jpg
[2008/11/27 18:25:20 | 01,007,860 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1543.jpg
[2008/11/27 18:25:17 | 00,999,280 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1542.jpg
[2008/11/27 18:25:12 | 01,013,244 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1541.jpg
[2008/11/27 18:25:05 | 01,031,020 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1540.jpg
[2008/11/27 18:25:00 | 01,000,764 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1539.jpg
[2008/11/27 18:24:56 | 01,017,240 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1538.jpg
[2008/11/27 18:24:52 | 00,989,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1537.jpg
[2008/11/27 18:24:48 | 01,000,440 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1536.jpg
[2008/11/27 18:24:39 | 01,010,524 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1535.jpg
[2008/11/27 18:24:35 | 01,010,656 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1534.jpg
[2008/11/27 18:24:30 | 00,989,872 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1532.jpg
[2008/11/27 18:24:25 | 00,996,492 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1531.jpg
[2008/11/27 18:24:21 | 00,989,744 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1530.jpg
[2008/11/27 18:24:18 | 01,006,296 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1529.jpg
[2008/11/27 18:24:14 | 00,994,420 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1528.jpg
[2008/11/27 18:24:10 | 01,014,600 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1527.jpg
[2008/11/27 18:24:06 | 00,997,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1526.jpg
[2008/11/27 18:24:02 | 00,994,952 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1525.jpg
[2008/11/27 18:23:57 | 01,015,836 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1524.jpg
[2008/11/27 18:23:46 | 00,992,568 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1523.jpg
[2008/11/27 18:23:41 | 00,991,824 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1522.jpg
[2008/11/27 18:23:38 | 00,994,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1521.jpg
[2008/11/27 18:23:34 | 01,011,312 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1520.jpg
[2008/11/27 18:23:29 | 00,995,172 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1519.jpg
[2008/11/27 18:23:24 | 01,006,100 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1518.jpg
[2008/11/27 18:23:20 | 01,006,852 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1517.jpg
[2008/11/27 18:23:15 | 01,015,116 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1516.jpg
[2008/11/27 18:23:09 | 01,012,716 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1515.jpg
[2008/11/27 18:23:01 | 01,004,580 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1514.jpg
[2008/11/27 18:22:47 | 01,002,492 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1513.jpg
[2008/11/27 18:22:43 | 01,011,300 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1512.jpg
[2008/11/27 18:22:39 | 01,008,024 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1511.jpg
[2008/11/27 18:22:35 | 01,018,432 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1510.jpg
[2008/11/27 18:22:31 | 00,991,148 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1509.jpg
[2008/11/27 18:22:28 | 01,000,796 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1508.jpg
[2008/11/27 18:22:23 | 01,006,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1507.jpg
[2008/11/27 18:22:19 | 01,009,588 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1506.jpg
[2008/11/27 18:22:14 | 01,005,348 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1505.jpg
[2008/11/27 18:22:08 | 01,008,932 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1504.jpg
[2008/11/27 18:22:02 | 01,004,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1503.jpg
[2008/11/27 18:21:53 | 01,002,208 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1502.jpg
[2008/11/27 18:21:45 | 01,012,008 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1501.jpg
[2008/11/27 18:21:40 | 01,007,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1500.jpg
[2008/11/27 18:21:35 | 01,005,228 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1499.jpg
[2008/11/27 18:21:31 | 01,005,408 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1498.jpg
[2008/11/27 18:21:27 | 01,008,552 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1497.jpg
[2008/11/27 18:21:23 | 01,006,068 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1496.jpg
[2008/11/27 18:21:18 | 01,011,724 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1495.jpg
[2008/11/27 18:21:15 | 01,008,740 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1494.jpg
[2008/11/27 18:21:11 | 01,009,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1493.jpg
[2008/11/27 18:21:08 | 01,004,028 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1492.jpg
[2008/11/27 18:21:04 | 00,993,396 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1491.jpg
[2008/11/27 18:21:00 | 00,997,480 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1490.jpg
[2008/11/27 18:20:56 | 00,992,880 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1489.jpg
[2008/11/27 18:20:52 | 00,984,776 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1488.jpg
[2008/11/27 18:20:47 | 00,998,812 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1487.jpg
[2008/11/27 18:20:39 | 00,994,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1486.jpg
[2008/11/27 18:20:35 | 00,996,460 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1485.jpg
[2008/11/27 18:20:32 | 00,998,964 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1484.jpg
[2008/11/27 18:20:28 | 00,996,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1483.jpg
[2008/11/27 18:20:25 | 01,008,848 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1481.jpg
[2008/11/27 18:20:19 | 00,994,676 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1480.jpg
[2008/11/27 18:20:16 | 00,991,636 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1479.jpg
[2008/11/27 18:20:10 | 00,993,688 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1477.jpg
[2008/11/27 18:20:03 | 00,993,724 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1476.jpg
[2008/11/27 18:19:56 | 01,005,572 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1475.jpg
[2008/11/27 18:19:52 | 00,996,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1474.jpg
[2008/11/27 18:19:47 | 00,983,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1473.jpg
[2008/11/27 18:19:43 | 00,992,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1472.jpg
[2008/11/27 18:19:39 | 00,992,776 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1471.jpg
[2008/11/27 18:19:35 | 01,007,560 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1470.jpg
[2008/11/27 18:19:31 | 00,989,340 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1469.jpg
[2008/11/27 18:19:25 | 00,989,760 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1468.jpg
[2008/11/27 18:19:21 | 00,997,884 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1467.jpg
[2008/11/27 18:19:13 | 00,990,336 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1466.jpg
[2008/11/27 18:19:08 | 01,007,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1465.jpg
[2008/11/27 18:19:05 | 00,991,480 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1464.jpg
[2008/11/27 18:18:54 | 00,992,232 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1463.jpg
[2008/11/27 18:18:51 | 00,997,644 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1462.jpg
[2008/11/27 18:18:48 | 01,007,272 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1461.jpg
[2008/11/27 18:18:44 | 01,005,188 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1460.jpg
[2008/11/27 18:18:40 | 01,031,316 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1459.jpg
[2008/11/27 18:18:37 | 01,005,100 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1458.jpg
[2008/11/27 18:18:33 | 00,979,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1457.jpg
[2008/11/27 18:18:29 | 00,997,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1456.jpg
[2008/11/27 18:18:25 | 00,992,620 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1455.jpg
[2008/11/27 18:18:18 | 00,997,200 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1454.jpg
[2008/11/27 18:18:14 | 00,992,836 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1453.jpg
[2008/11/27 18:18:09 | 00,994,300 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1452.jpg
[2008/11/27 18:16:07 | 00,986,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1451.jpg
[2008/11/27 18:16:03 | 00,995,328 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1450.jpg
[2008/11/27 18:15:59 | 01,004,292 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1449.jpg
[2008/11/27 18:15:53 | 00,992,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1448.jpg
[2008/11/27 18:15:49 | 00,998,768 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1447.jpg
[2008/11/27 18:15:45 | 01,003,612 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1446.jpg
[2008/11/27 18:15:41 | 00,999,600 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1445.jpg
[2008/11/27 18:15:37 | 01,001,832 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1444.jpg
[2008/11/27 18:15:33 | 01,001,812 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1443.jpg
[2008/11/27 18:15:28 | 01,004,040 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1442.jpg
[2008/11/27 18:15:23 | 00,980,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1441.jpg
[2008/11/27 18:15:19 | 01,000,504 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1440.jpg
[2008/11/27 18:15:11 | 01,006,108 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1439.jpg
[2008/11/27 18:15:07 | 00,997,284 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1438.jpg
[2008/11/27 18:15:02 | 01,002,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1437.jpg
[2008/11/27 18:14:56 | 01,006,660 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1436.jpg
[2008/11/27 18:14:51 | 00,999,816 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1435.jpg
[2008/11/27 18:14:46 | 01,001,440 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1434.jpg
[2008/11/27 18:14:40 | 00,977,820 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1433.jpg
[2008/11/27 18:14:36 | 00,980,992 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1432.jpg
[2008/11/27 18:14:30 | 01,004,732 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1431.jpg
[2008/11/27 18:14:25 | 01,007,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1430.jpg
[2008/11/27 18:14:21 | 00,986,920 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1429.jpg
[2008/11/27 18:14:16 | 00,985,092 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1428.jpg
[2008/11/27 18:14:08 | 00,968,212 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1427.jpg
[2008/11/27 18:14:03 | 00,978,400 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1426.jpg
[2008/11/27 18:13:59 | 00,986,892 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1425.jpg
[2008/11/27 18:13:53 | 00,993,252 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1424.jpg
[2008/11/27 18:13:48 | 00,996,668 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1423.jpg
[2008/11/27 18:13:44 | 00,990,088 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1422.jpg
[2008/11/27 18:13:39 | 01,017,192 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1421.jpg
[2008/11/27 18:10:44 | 01,007,824 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1419.jpg
[2008/11/27 18:10:26 | 01,009,244 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1418.jpg
[2008/11/27 18:10:17 | 01,015,296 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1417.jpg
[2008/11/27 18:10:12 | 01,018,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1416.jpg
[2008/11/27 18:09:10 | 01,001,712 | ---- | C] () -- C:\100_1553.jpg
[2008/11/24 23:15:35 | 00,002,254 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\BuffThrottle-1.3.3.zip

========== Files - Modified Within 30 Days ==========

[13 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/24 16:29:24 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2008/12/24 12:00:00 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\dymjoodh.job
[2008/12/24 11:22:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/24 11:22:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/23 23:45:58 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 23:33:34 | 00,002,741 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Attach.rar
[2008/12/23 12:35:54 | 00,000,868 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Install Verizon Internet Security Suite.lnk
[2008/12/23 06:21:12 | 00,000,441 | ---- | M] () -- C:\WINDOWS\System32\TDSSosvd.dat
[2008/12/21 01:46:32 | 00,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/19 19:10:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/19 01:03:03 | 00,005,732 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\NAMBLA_CustomTextures.zip
[2008/12/15 18:40:33 | 00,606,208 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/12/14 13:22:29 | 00,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/14 03:39:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/12 14:54:29 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 13:29:18 | 00,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Saitek Cyborg Mouse.lnk
[2008/12/12 13:29:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 03:02:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/12 00:27:21 | 01,125,376 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 20:21:17 | 00,001,884 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Star Wars Galaxies.lnk
[2008/12/04 01:07:23 | 00,060,705 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Squared-2.8.1.zip
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 12:15:26 | 00,001,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2008/12/03 01:39:28 | 01,545,129 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Equilibriums UI.zip
[2008/12/03 01:28:26 | 00,023,508 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\CleanUnitFrames-1.0.15.zip
[2008/11/27 18:45:47 | 00,000,970 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2008/11/27 18:44:57 | 00,002,480 | ---- | M] () -- C:\WINDOWS\U3DEDIT2.INI
[2008/11/27 18:00:06 | 00,992,140 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1554.jpg
[2008/11/27 18:00:05 | 01,001,712 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1553.jpg
[2008/11/27 18:00:05 | 01,001,712 | ---- | M] () -- C:\100_1553.jpg
[2008/11/27 18:00:04 | 00,995,148 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1552.jpg
[2008/11/27 18:00:03 | 00,997,636 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1551.jpg
[2008/11/27 18:00:01 | 01,008,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1550.jpg
[2008/11/27 18:00:00 | 01,003,216 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1548.jpg
[2008/11/27 17:59:59 | 00,999,924 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1547.jpg
[2008/11/27 17:59:58 | 01,023,924 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1546.jpg
[2008/11/27 17:59:57 | 01,024,952 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1545.jpg
[2008/11/27 17:59:55 | 01,023,464 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1544.jpg
[2008/11/27 17:59:54 | 01,007,860 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1543.jpg
[2008/11/27 17:59:53 | 00,999,280 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1542.jpg
[2008/11/27 17:59:52 | 01,013,244 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1541.jpg
[2008/11/27 17:59:50 | 01,031,020 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1540.jpg
[2008/11/27 17:59:49 | 01,000,764 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1539.jpg
[2008/11/27 17:59:48 | 01,017,240 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1538.jpg
[2008/11/27 17:59:47 | 00,989,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1537.jpg
[2008/11/27 17:59:46 | 01,000,440 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1536.jpg
[2008/11/27 17:59:44 | 01,010,524 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1535.jpg
[2008/11/27 17:59:43 | 01,010,656 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1534.jpg
[2008/11/27 17:59:42 | 00,989,872 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1532.jpg
[2008/11/27 17:59:41 | 00,996,492 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1531.jpg
[2008/11/27 17:59:40 | 00,989,744 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1530.jpg
[2008/11/27 17:59:38 | 01,006,296 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1529.jpg
[2008/11/27 17:59:37 | 00,994,420 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1528.jpg
[2008/11/27 17:59:36 | 01,014,600 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1527.jpg
[2008/11/27 17:59:35 | 00,997,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1526.jpg
[2008/11/27 17:59:33 | 00,994,952 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1525.jpg
[2008/11/27 17:59:32 | 01,015,836 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1524.jpg
[2008/11/27 17:59:31 | 00,992,568 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1523.jpg
[2008/11/27 17:59:30 | 00,991,824 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1522.jpg
[2008/11/27 17:59:29 | 00,994,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1521.jpg
[2008/11/27 17:59:27 | 01,011,312 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1520.jpg
[2008/11/27 17:59:26 | 00,995,172 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1519.jpg
[2008/11/27 17:59:25 | 01,006,100 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1518.jpg
[2008/11/27 17:59:24 | 01,006,852 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1517.jpg
[2008/11/27 17:59:23 | 01,015,116 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1516.jpg
[2008/11/27 17:59:21 | 01,012,716 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1515.jpg
[2008/11/27 17:59:20 | 01,004,580 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1514.jpg
[2008/11/27 17:59:19 | 01,002,492 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1513.jpg
[2008/11/27 17:59:18 | 01,011,300 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1512.jpg
[2008/11/27 17:59:17 | 01,008,024 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1511.jpg
[2008/11/27 17:59:15 | 01,018,432 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1510.jpg
[2008/11/27 17:59:14 | 00,991,148 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1509.jpg
[2008/11/27 17:59:13 | 01,000,796 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1508.jpg
[2008/11/27 17:59:12 | 01,006,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1507.jpg
[2008/11/27 17:59:11 | 01,009,588 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1506.jpg
[2008/11/27 17:59:09 | 01,005,348 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1505.jpg
[2008/11/27 17:59:08 | 01,008,932 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1504.jpg
[2008/11/27 17:59:07 | 01,004,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1503.jpg
[2008/11/27 17:59:06 | 01,002,208 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1502.jpg
[2008/11/27 17:59:04 | 01,012,008 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1501.jpg
[2008/11/27 17:59:03 | 01,007,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1500.jpg
[2008/11/27 17:59:02 | 01,005,228 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1499.jpg
[2008/11/27 17:59:01 | 01,005,408 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1498.jpg
[2008/11/27 17:58:59 | 01,008,552 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1497.jpg
[2008/11/27 17:58:58 | 01,006,068 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1496.jpg
[2008/11/27 17:58:57 | 01,011,724 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1495.jpg
[2008/11/27 17:58:56 | 01,008,740 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1494.jpg
[2008/11/27 17:58:55 | 01,009,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1493.jpg
[2008/11/27 17:58:53 | 01,004,028 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1492.jpg
[2008/11/27 17:58:52 | 00,993,396 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1491.jpg
[2008/11/27 17:58:51 | 00,997,480 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1490.jpg
[2008/11/27 17:58:50 | 00,992,880 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1489.jpg
[2008/11/27 17:58:49 | 00,984,776 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1488.jpg
[2008/11/27 17:58:47 | 00,998,812 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1487.jpg
[2008/11/27 17:58:46 | 00,994,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1486.jpg
[2008/11/27 17:58:45 | 00,996,460 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1485.jpg
[2008/11/27 17:58:44 | 00,998,964 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1484.jpg
[2008/11/27 17:58:43 | 00,996,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1483.jpg
[2008/11/27 17:58:41 | 01,008,848 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1481.jpg
[2008/11/27 17:58:40 | 00,994,676 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1480.jpg
[2008/11/27 17:58:39 | 00,991,636 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1479.jpg
[2008/11/27 17:58:38 | 00,993,688 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1477.jpg
[2008/11/27 17:58:37 | 00,993,724 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1476.jpg
[2008/11/27 17:58:35 | 01,005,572 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1475.jpg
[2008/11/27 17:58:34 | 00,996,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1474.jpg
[2008/11/27 17:58:33 | 00,983,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1473.jpg
[2008/11/27 17:58:32 | 00,992,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1472.jpg
[2008/11/27 17:58:30 | 00,992,776 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1471.jpg
[2008/11/27 17:58:29 | 01,007,560 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1470.jpg
[2008/11/27 17:58:28 | 00,989,340 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1469.jpg
[2008/11/27 17:58:27 | 00,989,760 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1468.jpg
[2008/11/27 17:58:26 | 00,997,884 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1467.jpg
[2008/11/27 17:58:25 | 00,990,336 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1466.jpg
[2008/11/27 17:58:23 | 01,007,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1465.jpg
[2008/11/27 17:58:22 | 00,991,480 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1464.jpg
[2008/11/27 17:58:21 | 00,992,232 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1463.jpg
[2008/11/27 17:58:20 | 00,997,644 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1462.jpg
[2008/11/27 17:58:19 | 01,007,272 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1461.jpg
[2008/11/27 17:58:17 | 01,005,188 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1460.jpg
[2008/11/27 17:58:16 | 01,031,316 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1459.jpg
[2008/11/27 17:58:15 | 01,005,100 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1458.jpg
[2008/11/27 17:58:14 | 00,979,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1457.jpg
[2008/11/27 17:58:13 | 00,997,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1456.jpg
[2008/11/27 17:58:11 | 00,992,620 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1455.jpg
[2008/11/27 17:58:10 | 00,997,200 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1454.jpg
[2008/11/27 17:58:09 | 00,992,836 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1453.jpg
[2008/11/27 17:58:08 | 00,994,300 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1452.jpg
[2008/11/27 17:58:07 | 00,986,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1451.jpg
[2008/11/27 17:58:05 | 00,995,328 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1450.jpg
[2008/11/27 17:58:04 | 01,004,292 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1449.jpg
[2008/11/27 17:58:03 | 00,992,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1448.jpg
[2008/11/27 17:58:02 | 00,998,768 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1447.jpg
[2008/11/27 17:58:00 | 01,003,612 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1446.jpg
[2008/11/27 17:57:59 | 00,999,600 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1445.jpg
[2008/11/27 17:57:58 | 01,001,832 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1444.jpg
[2008/11/27 17:57:57 | 01,001,812 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1443.jpg
[2008/11/27 17:57:56 | 01,004,040 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1442.jpg
[2008/11/27 17:57:54 | 00,980,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1441.jpg
[2008/11/27 17:57:53 | 01,000,504 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1440.jpg
[2008/11/27 17:57:52 | 01,006,108 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1439.jpg
[2008/11/27 17:57:50 | 01,015,296 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1417.jpg
[2008/11/27 17:57:49 | 01,018,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1416.jpg
[2008/11/27 17:54:42 | 00,997,284 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1438.jpg
[2008/11/27 17:54:41 | 01,002,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1437.jpg
[2008/11/27 17:54:40 | 01,006,660 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1436.jpg
[2008/11/27 17:54:38 | 00,999,816 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1435.jpg
[2008/11/27 17:54:37 | 01,001,440 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1434.jpg
[2008/11/27 17:54:36 | 00,977,820 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1433.jpg
[2008/11/27 17:54:35 | 00,980,992 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1432.jpg
[2008/11/27 17:54:34 | 01,004,732 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1431.jpg
[2008/11/27 17:54:32 | 01,007,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1430.jpg
[2008/11/27 17:54:31 | 00,986,920 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1429.jpg
[2008/11/27 17:54:30 | 00,985,092 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1428.jpg
[2008/11/27 17:54:29 | 00,968,212 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1427.jpg
[2008/11/27 17:54:28 | 00,978,400 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1426.jpg
[2008/11/27 17:54:27 | 00,986,892 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1425.jpg
[2008/11/27 17:54:25 | 00,996,668 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1423.jpg
[2008/11/27 17:54:24 | 00,990,088 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1422.jpg
[2008/11/27 17:54:23 | 01,017,192 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1421.jpg
[2008/11/27 17:54:21 | 01,007,824 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1419.jpg
[2008/11/27 17:54:19 | 01,009,244 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1418.jpg
[2008/11/27 17:53:38 | 00,993,252 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1424.jpg
[2008/11/26 14:16:37 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/11/24 23:15:37 | 00,002,254 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\BuffThrottle-1.3.3.zip
< End of report >


Extras:


OTViewIt Extras logfile created on: 12/24/2008 4:29:48 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.93 Gb Free Space | 44.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
File not found -- C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
[2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
File not found -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
File not found -- C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System
File not found -- C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Enabled:Age of Empires II
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/07/05 16:23:08 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2007/05/25 04:38:32 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe:*:Enabled:
[2007/05/25 04:38:35 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe:*:Enabled:
[2007/05/25 04:38:48 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe:*:Enabled:
[2007/10/24 23:11:24 | 04,674,784 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32
[2007/10/24 23:11:28 | 00,017,120 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32
[2008/10/18 16:12:03 | 06,448,448 | ---- | M] (Flagship Studios) -- C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London
[2008/10/08 19:47:08 | 03,098,448 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
File not found -- F:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
[2006/09/26 16:53:22 | 07,574,463 | ---- | M] () -- C:\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
File not found -- C:\Program Files\ROBLOX Corporation\ROBLOX\Roblox.exe:*:Enabled:ROBLOX Game
[2006/09/26 16:53:22 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
File not found -- F:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
[2008/07/03 10:30:08 | 05,661,928 | ---- | M] (BioWare) -- C:\Documents and Settings\Dave\Desktop\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
[2008/07/16 00:37:19 | 02,330,624 | ---- | M] () -- C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad
[2008/12/04 20:36:23 | 24,137,728 | ---- | M] (Sony Online Entertainment) -- C:\Program Files\StarWarsGalaxies\SwgClient_r.exe:*:Disabled:SwgClient_r
[2008/08/17 18:45:27 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/09/30 23:39:08 | 01,470,464 | ---- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
[2008/08/23 09:10:33 | 24,076,288 | ---- | M] (Sony Online Entertainment) -- C:\Program Files\StarWarsGalaxies\testcenter\SwgClient_r.exe:*:Enabled:SwgClient_r
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/10 14:56:32 | 04,789,760 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}"=Crysis®
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{12EC0178-2605-4973-B9D6-D3E0B95A62A5}"=Saitek SD6 Programming Software 6.2.2.4
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}"=Mobile Broadband Drivers
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}"=Sound Blaster Audigy
"{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"{242FBF70-03A3-4317-931F-FA7798F39A13}"=Winflash
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 11
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}"=Data Lifeguard Tools
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150120}"=J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{50D4CB89-AF34-4978-96DC-C3034062E901}"=Battlefield 2: Special Forces
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}"=fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{6710FE30-27F7-492B-A660-D31D4A898A43}"=MSN Toolbar
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}"=CryEngine®2 Sandbox™2
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{92B0B959-BDC0-41D0-A3D3-5F89AF5297B2}"=T-Utility Hardware Monitor
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{A179591B-58E3-4365-BF57-2E1DE45662A1}"=T-Utility Over Clock
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}"=Hellgate: London
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}"=Saitek Cyborg Keyboard Volume 6.2.1.3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7646-A70000000000}"=Adobe Reader 7.0
"{AC76BA86-7AD7-3D00-0000-7E8A450000A7}"=3D For Adobe Reader Package
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}"=Spelling Dictionaries For Adobe Reader Package
"{AC76BA86-7AD7-EF45-EB65-7E8A450000A7}"=Adobe Reader Digital Editions and Accessibility Package
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}"=hph_software_req
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}"=Dual-Core Optimizer
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}"=Pivot Stickfigure Animator
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}"=HP Photosmart and Deskjet 7.0 Software
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}"=Razer Copperhead
"{D8748D14-88C5-44C7-8A22-F3CE754A1218}"=T-Utility BIOS Live Update
"{DACE3124-AA28-4D1E-BF64-7BD2C339A310}"=Saitek SD6 Programming Software 6.2.0.11
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Blender"=Blender (remove only)
"Combat Arms"=Combat Arms
"Coupon Printer for Windows4.0"=Coupon Printer for Windows
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"CurseClient"=Curse Client
"FMOD Designer"=FMOD Designer
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"NVIDIA Drivers"=NVIDIA Drivers
"prunnet"=Advertisement Service
"PunkBusterSvc"=PunkBuster Services
"RadialpointClientGateway_is1"=Verizon Servicepoint 1.5.20
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SysInfo"=Creative System Information
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Titanic"=Titanic
"Ulead GIF Animator 3.0a"=Special Bonus from Ulead F/X for GIF Animator
"Ulead WebRazor Pro 1.02"=Ulead WebRazor Pro 1.02 Full Version
"Verizon Online Help and Support"=Verizon Online Help and Support
"Warhammer Online - Age of Reckoning"=Warhammer Online - Age of Reckoning
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"Xfire"=Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}"=Roblox for Dave
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer"=LEGO Digital Designer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}"=Roblox for Dave
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer"=LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2008 1:23:13 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/13/2008 1:23:17 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2008 1:18:28 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2008 9:07:26 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000010e6.

Error - 12/18/2008 8:09:37 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5726, fault address 0x0006c4e5.

Error - 12/21/2008 2:28:53 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 7.0.25.114, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000113a2.

Error - 12/21/2008 2:33:24 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 7.0.25.114, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/22/2008 10:05:46 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application VirusRemover2008_Setup_Free_en[1].exe, version
1.0.22.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 6:56:31 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 8:14:31 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.2.2.4, faulting module
profileru.exe, version 6.2.2.4, fault address 0x0000571f.

[ System Events ]
Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 5:21:14 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 24 December 2008 - 05:03 PM

Hi NosDoze.

From your previous problem you said you have many infection that were flagged. The AV scan you provided shows that it found some System Volume Information infected points.

System Volume Information are restore points when you do a system restore point. If you ever went back to an earlier restore point with that date it would infect you. However, those restore points cannot do much harm while they are in that folder.

Malwarebytes Anti-Malware found some rogue registry entries and also some vundo files.

That was just a recap of what's going on, so you have an idea.

From the logs you gave me, it seems like Malwarebytes Anti-Malware and also your AV probably took care most of it, because all I see is some orphans, meaning leftover registry entries which we will remove. There is one file that caught my attention which is related to a TDSSserv infection.

TDSSserv is a rootkit which can lead to backdoor trojans and etc...

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

We will continue please do the following scan below:

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

Next post depending if the infection is present or not the tools we use will differ, we will begin disinfecting next post after you give me the logs.

Also I asked for a Kaspersky online scan log which you didn't give me..

Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • Kaspersky's Log


For your next reply please provide the following:
-GMER log
-Kaspersky online scan log
-New OTViewIT log
-Problems you still have.


:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 NosDoze

NosDoze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 24 December 2008 - 10:48 PM

Ok...think I did everything correct:

OTViewIt logfile created on: 12/24/2008 10:44:00 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.22% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.87 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/23 18:25:16 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
[2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2006/11/14 16:21:28 | 16,270,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2005/10/31 09:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/10/08 15:27:48 | 00,155,648 | ---- | M] () -- C:\Program Files\Razer\Copperhead\razerhid.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/01/18 13:05:16 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
[2008/07/17 18:20:16 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/01/18 16:37:38 | 00,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/04 11:34:42 | 00,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
[2008/04/04 11:35:20 | 00,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/08/18 17:41:00 | 01,832,272 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2005/07/22 14:02:46 | 00,159,744 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Copperhead\razerofa.exe
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2007/08/09 22:01:02 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/12/24 16:29:24 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/23 18:25:16 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/23 18:25:13 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [On_Demand | Stopped])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Running])
[2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
[2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[2006/07/01 21:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2006/11/01 13:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
[2004/08/03 21:31:20 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983 [On_Demand | Running])
[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/06/15 00:27:32 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Stopped])
[2008/11/26 14:16:37 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [System | Running])
[2006/04/13 13:33:28 | 00,008,192 | ---- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo [System | Running])
[2005/01/10 05:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/24 22:06:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2001/08/17 12:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/15 13:34:40 | 04,225,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/09/28 13:30:57 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
[2007/09/28 13:30:49 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2007/12/05 00:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/21 04:24:28 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/09/11 05:45:36 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/09/11 05:45:38 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/09/11 05:45:26 | 00,110,592 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP [System | Running])
[2007/04/19 11:09:42 | 00,194,048 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI [On_Demand | Running])
[2007/04/19 11:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem [On_Demand | Stopped])
[2007/04/19 11:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort [On_Demand | Stopped])
[2005/01/10 05:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2005/07/07 03:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/29 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/08/12 09:11:10 | 00,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow [On_Demand | Stopped])
[2008/02/18 09:21:33 | 00,104,960 | R--- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiK0728.sys -- (SaiK0728 [On_Demand | Running])
[2008/04/04 17:21:16 | 00,104,960 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiK0CEA.sys -- (SaiK0CEA [On_Demand | Running])
[2008/04/04 17:21:42 | 00,014,080 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini [On_Demand | Running])
[2008/04/04 17:21:42 | 00,035,456 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus [On_Demand | Running])
[2008/04/04 17:21:18 | 00,028,544 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiU0CEA.sys -- (SaiU0CEA [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2005/08/14 13:25:02 | 00,003,548 | ---- | M] () -- C:\Program Files\BIOSTAR\T-Utility BIOS Live Update\WinFlash.sys -- (WINFLASH [On_Demand | Stopped])
[2006/02/28 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265422 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9196 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5C73BF21-7739-4191-B3B9-1AFCF341BB05} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"P17Helper"=Rundll32 P17.dll,P17Helper ()
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"razer"=C:\Program Files\Razer\Copperhead\razerhid.exe ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
"SaiVolume"=C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UpdReg"=C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
"ussshreg"=C:\PROGRA~1\ULEADW~1.02\Ussshreg.exe /r ()
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe File not found
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN (Verizon)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[2004/12/14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
amaena.com: * in Trusted sites
avsystemcare.com: * in Trusted sites
onerateld.com: * in Trusted sites
safetydownload.com: * in Trusted sites
trustedantivirus.com: * in Trusted sites
virusremover2008.com: * in Trusted sites
virusschlacht.com: * in Trusted sites
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testAc...OnlineGames.cab -- Disney Online Games ActiveX Control
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.systemrequirementslab.com/sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su2...15105/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{0F86D39C-DCA0-41C9-91BC-86E55B78EE5B} (Servers: | Description: )
{17944847-F5BB-4E30-9403-C183CE4D4969} (Servers: | Description: NVIDIA nForce Networking Controller)
{24AE78D9-75AA-4F6F-B423-C47C5EB8F6C9} (Servers: | Description: Linksys NC100 Fast Ethernet Adapter)
{66FCE40D-1ED1-4C27-B3B5-5D992EEF5544} (Servers: | Description: Westell USB Network Interface)
{724EB4D3-FD0C-4BD9-A3D5-8F6EB433E53C} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=hhynva.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/08/09 21:48:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[13 C:\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/24 22:11:01 | 00,000,466 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to gmer.lnk
[2008/12/24 22:10:45 | 00,000,000 | ---D | C] -- C:\gmer
[2008/12/24 22:06:39 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/24 22:06:37 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/24 22:06:37 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/24 22:06:37 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/24 22:06:37 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/24 20:58:27 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2008/12/24 16:29:22 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2008/12/23 23:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\WinZip
[2008/12/23 23:45:58 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 23:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/12/23 23:44:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B7.TMP
[2008/12/23 23:33:34 | 00,002,741 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Attach.rar
[2008/12/23 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\{87C4601D-5E35-4694-9D27-B7E614C758B5}
[2008/12/23 06:21:12 | 00,000,441 | ---- | C] () -- C:\WINDOWS\System32\TDSSosvd.dat
[2008/12/19 01:03:03 | 00,005,732 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\NAMBLA_CustomTextures.zip
[2008/12/14 03:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2008/12/14 03:39:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 03:39:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 03:39:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 03:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 03:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/13 22:55:01 | 00,000,292 | ---- | C] () -- C:\WINDOWS\tasks\dymjoodh.job
[2008/12/13 22:54:17 | 00,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/12/13 22:54:17 | 00,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2008/12/12 14:43:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2008/12/12 13:42:33 | 00,004,886 | R--- | C] () -- C:\WINDOWS\System32\SaiD0CEA.pr0
[2008/12/12 13:29:27 | 00,028,544 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiU0CEA.sys
[2008/12/12 13:29:18 | 00,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Saitek Cyborg Mouse.lnk
[2008/12/12 13:29:17 | 00,065,536 | ---- | C] (Saitek) -- C:\WINDOWS\System32\Saio0CEA.dll
[2008/12/12 13:29:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
[2008/12/12 13:29:15 | 01,232,896 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA.exe
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_11.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_10.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0C.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0A.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_09.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_07.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0402.dll
[2008/12/12 13:29:13 | 00,104,960 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiK0CEA.sys
[2008/12/04 20:21:17 | 00,001,884 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Star Wars Galaxies.lnk
[2008/12/04 01:07:23 | 00,060,705 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Squared-2.8.1.zip
[2008/12/03 12:15:26 | 00,001,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2008/12/03 12:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\CurseClient
[2008/12/03 12:15:18 | 00,000,000 | ---D | C] -- C:\Program Files\Curse
[2008/12/03 01:39:24 | 01,545,129 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Equilibriums UI.zip
[2008/12/03 01:28:26 | 00,023,508 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\CleanUnitFrames-1.0.15.zip
[2008/11/27 18:26:10 | 00,992,140 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1554.jpg
[2008/11/27 18:26:06 | 01,001,712 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1553.jpg
[2008/11/27 18:26:01 | 00,995,148 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1552.jpg
[2008/11/27 18:25:56 | 00,997,636 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1551.jpg
[2008/11/27 18:25:49 | 01,008,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1550.jpg
[2008/11/27 18:25:43 | 01,003,216 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1548.jpg
[2008/11/27 18:25:39 | 00,999,924 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1547.jpg
[2008/11/27 18:25:35 | 01,023,924 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1546.jpg
[2008/11/27 18:25:31 | 01,024,952 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1545.jpg
[2008/11/27 18:25:25 | 01,023,464 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1544.jpg
[2008/11/27 18:25:20 | 01,007,860 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1543.jpg
[2008/11/27 18:25:17 | 00,999,280 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1542.jpg
[2008/11/27 18:25:12 | 01,013,244 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1541.jpg
[2008/11/27 18:25:05 | 01,031,020 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1540.jpg
[2008/11/27 18:25:00 | 01,000,764 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1539.jpg
[2008/11/27 18:24:56 | 01,017,240 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1538.jpg
[2008/11/27 18:24:52 | 00,989,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1537.jpg
[2008/11/27 18:24:48 | 01,000,440 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1536.jpg
[2008/11/27 18:24:39 | 01,010,524 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1535.jpg
[2008/11/27 18:24:35 | 01,010,656 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1534.jpg
[2008/11/27 18:24:30 | 00,989,872 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1532.jpg
[2008/11/27 18:24:25 | 00,996,492 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1531.jpg
[2008/11/27 18:24:21 | 00,989,744 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1530.jpg
[2008/11/27 18:24:18 | 01,006,296 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1529.jpg
[2008/11/27 18:24:14 | 00,994,420 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1528.jpg
[2008/11/27 18:24:10 | 01,014,600 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1527.jpg
[2008/11/27 18:24:06 | 00,997,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1526.jpg
[2008/11/27 18:24:02 | 00,994,952 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1525.jpg
[2008/11/27 18:23:57 | 01,015,836 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1524.jpg
[2008/11/27 18:23:46 | 00,992,568 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1523.jpg
[2008/11/27 18:23:41 | 00,991,824 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1522.jpg
[2008/11/27 18:23:38 | 00,994,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1521.jpg
[2008/11/27 18:23:34 | 01,011,312 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1520.jpg
[2008/11/27 18:23:29 | 00,995,172 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1519.jpg
[2008/11/27 18:23:24 | 01,006,100 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1518.jpg
[2008/11/27 18:23:20 | 01,006,852 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1517.jpg
[2008/11/27 18:23:15 | 01,015,116 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1516.jpg
[2008/11/27 18:23:09 | 01,012,716 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1515.jpg
[2008/11/27 18:23:01 | 01,004,580 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1514.jpg
[2008/11/27 18:22:47 | 01,002,492 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1513.jpg
[2008/11/27 18:22:43 | 01,011,300 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1512.jpg
[2008/11/27 18:22:39 | 01,008,024 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1511.jpg
[2008/11/27 18:22:35 | 01,018,432 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1510.jpg
[2008/11/27 18:22:31 | 00,991,148 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1509.jpg
[2008/11/27 18:22:28 | 01,000,796 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1508.jpg
[2008/11/27 18:22:23 | 01,006,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1507.jpg
[2008/11/27 18:22:19 | 01,009,588 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1506.jpg
[2008/11/27 18:22:14 | 01,005,348 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1505.jpg
[2008/11/27 18:22:08 | 01,008,932 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1504.jpg
[2008/11/27 18:22:02 | 01,004,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1503.jpg
[2008/11/27 18:21:53 | 01,002,208 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1502.jpg
[2008/11/27 18:21:45 | 01,012,008 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1501.jpg
[2008/11/27 18:21:40 | 01,007,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1500.jpg
[2008/11/27 18:21:35 | 01,005,228 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1499.jpg
[2008/11/27 18:21:31 | 01,005,408 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1498.jpg
[2008/11/27 18:21:27 | 01,008,552 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1497.jpg
[2008/11/27 18:21:23 | 01,006,068 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1496.jpg
[2008/11/27 18:21:18 | 01,011,724 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1495.jpg
[2008/11/27 18:21:15 | 01,008,740 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1494.jpg
[2008/11/27 18:21:11 | 01,009,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1493.jpg
[2008/11/27 18:21:08 | 01,004,028 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1492.jpg
[2008/11/27 18:21:04 | 00,993,396 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1491.jpg
[2008/11/27 18:21:00 | 00,997,480 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1490.jpg
[2008/11/27 18:20:56 | 00,992,880 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1489.jpg
[2008/11/27 18:20:52 | 00,984,776 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1488.jpg
[2008/11/27 18:20:47 | 00,998,812 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1487.jpg
[2008/11/27 18:20:39 | 00,994,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1486.jpg
[2008/11/27 18:20:35 | 00,996,460 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1485.jpg
[2008/11/27 18:20:32 | 00,998,964 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1484.jpg
[2008/11/27 18:20:28 | 00,996,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1483.jpg
[2008/11/27 18:20:25 | 01,008,848 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1481.jpg
[2008/11/27 18:20:19 | 00,994,676 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1480.jpg
[2008/11/27 18:20:16 | 00,991,636 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1479.jpg
[2008/11/27 18:20:10 | 00,993,688 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1477.jpg
[2008/11/27 18:20:03 | 00,993,724 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1476.jpg
[2008/11/27 18:19:56 | 01,005,572 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1475.jpg
[2008/11/27 18:19:52 | 00,996,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1474.jpg
[2008/11/27 18:19:47 | 00,983,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1473.jpg
[2008/11/27 18:19:43 | 00,992,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1472.jpg
[2008/11/27 18:19:39 | 00,992,776 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1471.jpg
[2008/11/27 18:19:35 | 01,007,560 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1470.jpg
[2008/11/27 18:19:31 | 00,989,340 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1469.jpg
[2008/11/27 18:19:25 | 00,989,760 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1468.jpg
[2008/11/27 18:19:21 | 00,997,884 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1467.jpg
[2008/11/27 18:19:13 | 00,990,336 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1466.jpg
[2008/11/27 18:19:08 | 01,007,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1465.jpg
[2008/11/27 18:19:05 | 00,991,480 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1464.jpg
[2008/11/27 18:18:54 | 00,992,232 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1463.jpg
[2008/11/27 18:18:51 | 00,997,644 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1462.jpg
[2008/11/27 18:18:48 | 01,007,272 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1461.jpg
[2008/11/27 18:18:44 | 01,005,188 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1460.jpg
[2008/11/27 18:18:40 | 01,031,316 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1459.jpg
[2008/11/27 18:18:37 | 01,005,100 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1458.jpg
[2008/11/27 18:18:33 | 00,979,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1457.jpg
[2008/11/27 18:18:29 | 00,997,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1456.jpg
[2008/11/27 18:18:25 | 00,992,620 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1455.jpg
[2008/11/27 18:18:18 | 00,997,200 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1454.jpg
[2008/11/27 18:18:14 | 00,992,836 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1453.jpg
[2008/11/27 18:18:09 | 00,994,300 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1452.jpg
[2008/11/27 18:16:07 | 00,986,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1451.jpg
[2008/11/27 18:16:03 | 00,995,328 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1450.jpg
[2008/11/27 18:15:59 | 01,004,292 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1449.jpg
[2008/11/27 18:15:53 | 00,992,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1448.jpg
[2008/11/27 18:15:49 | 00,998,768 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1447.jpg
[2008/11/27 18:15:45 | 01,003,612 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1446.jpg
[2008/11/27 18:15:41 | 00,999,600 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1445.jpg
[2008/11/27 18:15:37 | 01,001,832 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1444.jpg
[2008/11/27 18:15:33 | 01,001,812 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1443.jpg
[2008/11/27 18:15:28 | 01,004,040 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1442.jpg
[2008/11/27 18:15:23 | 00,980,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1441.jpg
[2008/11/27 18:15:19 | 01,000,504 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1440.jpg
[2008/11/27 18:15:11 | 01,006,108 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1439.jpg
[2008/11/27 18:15:07 | 00,997,284 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1438.jpg
[2008/11/27 18:15:02 | 01,002,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1437.jpg
[2008/11/27 18:14:56 | 01,006,660 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1436.jpg
[2008/11/27 18:14:51 | 00,999,816 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1435.jpg
[2008/11/27 18:14:46 | 01,001,440 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1434.jpg
[2008/11/27 18:14:40 | 00,977,820 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1433.jpg
[2008/11/27 18:14:36 | 00,980,992 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1432.jpg
[2008/11/27 18:14:30 | 01,004,732 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1431.jpg
[2008/11/27 18:14:25 | 01,007,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1430.jpg
[2008/11/27 18:14:21 | 00,986,920 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1429.jpg
[2008/11/27 18:14:16 | 00,985,092 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1428.jpg
[2008/11/27 18:14:08 | 00,968,212 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1427.jpg
[2008/11/27 18:14:03 | 00,978,400 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1426.jpg
[2008/11/27 18:13:59 | 00,986,892 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1425.jpg
[2008/11/27 18:13:53 | 00,993,252 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1424.jpg
[2008/11/27 18:13:48 | 00,996,668 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1423.jpg
[2008/11/27 18:13:44 | 00,990,088 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1422.jpg
[2008/11/27 18:13:39 | 01,017,192 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1421.jpg
[2008/11/27 18:10:44 | 01,007,824 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1419.jpg
[2008/11/27 18:10:26 | 01,009,244 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1418.jpg
[2008/11/27 18:10:17 | 01,015,296 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1417.jpg
[2008/11/27 18:10:12 | 01,018,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1416.jpg
[2008/11/27 18:09:10 | 01,001,712 | ---- | C] () -- C:\100_1553.jpg
[2008/11/24 23:15:35 | 00,002,254 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\BuffThrottle-1.3.3.zip

========== Files - Modified Within 30 Days ==========

[13 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/24 22:14:02 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/24 22:13:25 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\dymjoodh.job
[2008/12/24 22:13:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/24 22:13:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/24 22:11:01 | 00,000,466 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to gmer.lnk
[2008/12/24 22:06:37 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/24 22:06:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/24 22:06:37 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/24 20:58:31 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2008/12/24 16:29:24 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2008/12/23 23:45:58 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 23:33:34 | 00,002,741 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Attach.rar
[2008/12/23 12:35:54 | 00,000,868 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Install Verizon Internet Security Suite.lnk
[2008/12/23 06:21:12 | 00,000,441 | ---- | M] () -- C:\WINDOWS\System32\TDSSosvd.dat
[2008/12/21 01:46:32 | 00,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/19 19:10:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/19 01:03:03 | 00,005,732 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\NAMBLA_CustomTextures.zip
[2008/12/15 18:40:33 | 00,606,208 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/12/14 13:22:29 | 00,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/14 03:39:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/12 14:54:29 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 13:29:18 | 00,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Saitek Cyborg Mouse.lnk
[2008/12/12 13:29:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 03:02:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/12 00:27:21 | 01,125,376 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 20:21:17 | 00,001,884 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Star Wars Galaxies.lnk
[2008/12/04 01:07:23 | 00,060,705 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Squared-2.8.1.zip
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 12:15:26 | 00,001,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2008/12/03 01:39:28 | 01,545,129 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Equilibriums UI.zip
[2008/12/03 01:28:26 | 00,023,508 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\CleanUnitFrames-1.0.15.zip
[2008/11/27 18:45:47 | 00,000,970 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2008/11/27 18:44:57 | 00,002,480 | ---- | M] () -- C:\WINDOWS\U3DEDIT2.INI
[2008/11/27 18:00:06 | 00,992,140 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1554.jpg
[2008/11/27 18:00:05 | 01,001,712 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1553.jpg
[2008/11/27 18:00:05 | 01,001,712 | ---- | M] () -- C:\100_1553.jpg
[2008/11/27 18:00:04 | 00,995,148 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1552.jpg
[2008/11/27 18:00:03 | 00,997,636 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1551.jpg
[2008/11/27 18:00:01 | 01,008,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1550.jpg
[2008/11/27 18:00:00 | 01,003,216 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1548.jpg
[2008/11/27 17:59:59 | 00,999,924 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1547.jpg
[2008/11/27 17:59:58 | 01,023,924 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1546.jpg
[2008/11/27 17:59:57 | 01,024,952 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1545.jpg
[2008/11/27 17:59:55 | 01,023,464 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1544.jpg
[2008/11/27 17:59:54 | 01,007,860 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1543.jpg
[2008/11/27 17:59:53 | 00,999,280 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1542.jpg
[2008/11/27 17:59:52 | 01,013,244 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1541.jpg
[2008/11/27 17:59:50 | 01,031,020 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1540.jpg
[2008/11/27 17:59:49 | 01,000,764 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1539.jpg
[2008/11/27 17:59:48 | 01,017,240 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1538.jpg
[2008/11/27 17:59:47 | 00,989,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1537.jpg
[2008/11/27 17:59:46 | 01,000,440 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1536.jpg
[2008/11/27 17:59:44 | 01,010,524 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1535.jpg
[2008/11/27 17:59:43 | 01,010,656 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1534.jpg
[2008/11/27 17:59:42 | 00,989,872 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1532.jpg
[2008/11/27 17:59:41 | 00,996,492 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1531.jpg
[2008/11/27 17:59:40 | 00,989,744 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1530.jpg
[2008/11/27 17:59:38 | 01,006,296 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1529.jpg
[2008/11/27 17:59:37 | 00,994,420 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1528.jpg
[2008/11/27 17:59:36 | 01,014,600 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1527.jpg
[2008/11/27 17:59:35 | 00,997,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1526.jpg
[2008/11/27 17:59:33 | 00,994,952 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1525.jpg
[2008/11/27 17:59:32 | 01,015,836 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1524.jpg
[2008/11/27 17:59:31 | 00,992,568 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1523.jpg
[2008/11/27 17:59:30 | 00,991,824 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1522.jpg
[2008/11/27 17:59:29 | 00,994,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1521.jpg
[2008/11/27 17:59:27 | 01,011,312 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1520.jpg
[2008/11/27 17:59:26 | 00,995,172 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1519.jpg
[2008/11/27 17:59:25 | 01,006,100 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1518.jpg
[2008/11/27 17:59:24 | 01,006,852 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1517.jpg
[2008/11/27 17:59:23 | 01,015,116 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1516.jpg
[2008/11/27 17:59:21 | 01,012,716 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1515.jpg
[2008/11/27 17:59:20 | 01,004,580 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1514.jpg
[2008/11/27 17:59:19 | 01,002,492 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1513.jpg
[2008/11/27 17:59:18 | 01,011,300 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1512.jpg
[2008/11/27 17:59:17 | 01,008,024 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1511.jpg
[2008/11/27 17:59:15 | 01,018,432 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1510.jpg
[2008/11/27 17:59:14 | 00,991,148 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1509.jpg
[2008/11/27 17:59:13 | 01,000,796 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1508.jpg
[2008/11/27 17:59:12 | 01,006,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1507.jpg
[2008/11/27 17:59:11 | 01,009,588 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1506.jpg
[2008/11/27 17:59:09 | 01,005,348 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1505.jpg
[2008/11/27 17:59:08 | 01,008,932 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1504.jpg
[2008/11/27 17:59:07 | 01,004,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1503.jpg
[2008/11/27 17:59:06 | 01,002,208 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1502.jpg
[2008/11/27 17:59:04 | 01,012,008 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1501.jpg
[2008/11/27 17:59:03 | 01,007,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1500.jpg
[2008/11/27 17:59:02 | 01,005,228 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1499.jpg
[2008/11/27 17:59:01 | 01,005,408 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1498.jpg
[2008/11/27 17:58:59 | 01,008,552 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1497.jpg
[2008/11/27 17:58:58 | 01,006,068 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1496.jpg
[2008/11/27 17:58:57 | 01,011,724 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1495.jpg
[2008/11/27 17:58:56 | 01,008,740 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1494.jpg
[2008/11/27 17:58:55 | 01,009,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1493.jpg
[2008/11/27 17:58:53 | 01,004,028 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1492.jpg
[2008/11/27 17:58:52 | 00,993,396 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1491.jpg
[2008/11/27 17:58:51 | 00,997,480 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1490.jpg
[2008/11/27 17:58:50 | 00,992,880 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1489.jpg
[2008/11/27 17:58:49 | 00,984,776 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1488.jpg
[2008/11/27 17:58:47 | 00,998,812 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1487.jpg
[2008/11/27 17:58:46 | 00,994,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1486.jpg
[2008/11/27 17:58:45 | 00,996,460 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1485.jpg
[2008/11/27 17:58:44 | 00,998,964 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1484.jpg
[2008/11/27 17:58:43 | 00,996,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1483.jpg
[2008/11/27 17:58:41 | 01,008,848 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1481.jpg
[2008/11/27 17:58:40 | 00,994,676 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1480.jpg
[2008/11/27 17:58:39 | 00,991,636 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1479.jpg
[2008/11/27 17:58:38 | 00,993,688 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1477.jpg
[2008/11/27 17:58:37 | 00,993,724 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1476.jpg
[2008/11/27 17:58:35 | 01,005,572 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1475.jpg
[2008/11/27 17:58:34 | 00,996,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1474.jpg
[2008/11/27 17:58:33 | 00,983,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1473.jpg
[2008/11/27 17:58:32 | 00,992,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1472.jpg
[2008/11/27 17:58:30 | 00,992,776 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1471.jpg
[2008/11/27 17:58:29 | 01,007,560 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1470.jpg
[2008/11/27 17:58:28 | 00,989,340 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1469.jpg
[2008/11/27 17:58:27 | 00,989,760 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1468.jpg
[2008/11/27 17:58:26 | 00,997,884 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1467.jpg
[2008/11/27 17:58:25 | 00,990,336 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1466.jpg
[2008/11/27 17:58:23 | 01,007,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1465.jpg
[2008/11/27 17:58:22 | 00,991,480 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1464.jpg
[2008/11/27 17:58:21 | 00,992,232 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1463.jpg
[2008/11/27 17:58:20 | 00,997,644 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1462.jpg
[2008/11/27 17:58:19 | 01,007,272 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1461.jpg
[2008/11/27 17:58:17 | 01,005,188 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1460.jpg
[2008/11/27 17:58:16 | 01,031,316 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1459.jpg
[2008/11/27 17:58:15 | 01,005,100 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1458.jpg
[2008/11/27 17:58:14 | 00,979,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1457.jpg
[2008/11/27 17:58:13 | 00,997,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1456.jpg
[2008/11/27 17:58:11 | 00,992,620 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1455.jpg
[2008/11/27 17:58:10 | 00,997,200 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1454.jpg
[2008/11/27 17:58:09 | 00,992,836 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1453.jpg
[2008/11/27 17:58:08 | 00,994,300 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1452.jpg
[2008/11/27 17:58:07 | 00,986,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1451.jpg
[2008/11/27 17:58:05 | 00,995,328 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1450.jpg
[2008/11/27 17:58:04 | 01,004,292 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1449.jpg
[2008/11/27 17:58:03 | 00,992,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1448.jpg
[2008/11/27 17:58:02 | 00,998,768 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1447.jpg
[2008/11/27 17:58:00 | 01,003,612 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1446.jpg
[2008/11/27 17:57:59 | 00,999,600 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1445.jpg
[2008/11/27 17:57:58 | 01,001,832 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1444.jpg
[2008/11/27 17:57:57 | 01,001,812 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1443.jpg
[2008/11/27 17:57:56 | 01,004,040 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1442.jpg
[2008/11/27 17:57:54 | 00,980,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1441.jpg
[2008/11/27 17:57:53 | 01,000,504 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1440.jpg
[2008/11/27 17:57:52 | 01,006,108 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1439.jpg
[2008/11/27 17:57:50 | 01,015,296 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1417.jpg
[2008/11/27 17:57:49 | 01,018,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1416.jpg
[2008/11/27 17:54:42 | 00,997,284 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1438.jpg
[2008/11/27 17:54:41 | 01,002,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1437.jpg
[2008/11/27 17:54:40 | 01,006,660 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1436.jpg
[2008/11/27 17:54:38 | 00,999,816 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1435.jpg
[2008/11/27 17:54:37 | 01,001,440 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1434.jpg
[2008/11/27 17:54:36 | 00,977,820 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1433.jpg
[2008/11/27 17:54:35 | 00,980,992 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1432.jpg
[2008/11/27 17:54:34 | 01,004,732 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1431.jpg
[2008/11/27 17:54:32 | 01,007,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1430.jpg
[2008/11/27 17:54:31 | 00,986,920 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1429.jpg
[2008/11/27 17:54:30 | 00,985,092 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1428.jpg
[2008/11/27 17:54:29 | 00,968,212 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1427.jpg
[2008/11/27 17:54:28 | 00,978,400 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1426.jpg
[2008/11/27 17:54:27 | 00,986,892 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1425.jpg
[2008/11/27 17:54:25 | 00,996,668 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1423.jpg
[2008/11/27 17:54:24 | 00,990,088 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1422.jpg
[2008/11/27 17:54:23 | 01,017,192 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1421.jpg
[2008/11/27 17:54:21 | 01,007,824 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1419.jpg
[2008/11/27 17:54:19 | 01,009,244 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1418.jpg
[2008/11/27 17:53:38 | 00,993,252 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1424.jpg
[2008/11/26 14:16:37 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/11/24 23:15:37 | 00,002,254 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\BuffThrottle-1.3.3.zip
< End of report >


Extras:


OTViewIt Extras logfile created on: 12/24/2008 10:44:00 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.22% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.87 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
File not found -- C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
[2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
File not found -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
File not found -- C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System
File not found -- C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Enabled:Age of Empires II
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/07/05 16:23:08 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2007/05/25 04:38:32 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe:*:Enabled:
[2007/05/25 04:38:35 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe:*:Enabled:
[2007/05/25 04:38:48 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe:*:Enabled:
[2007/10/24 23:11:24 | 04,674,784 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32
[2007/10/24 23:11:28 | 00,017,120 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32
[2008/10/18 16:12:03 | 06,448,448 | ---- | M] (Flagship Studios) -- C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London
[2008/10/08 19:47:08 | 03,098,448 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
File not found -- F:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
[2006/09/26 16:53:22 | 07,574,463 | ---- | M] () -- C:\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
File not found -- C:\Program Files\ROBLOX Corporation\ROBLOX\Roblox.exe:*:Enabled:ROBLOX Game
[2006/09/26 16:53:22 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
File not found -- F:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
[2008/07/03 10:30:08 | 05,661,928 | ---- | M] (BioWare) -- C:\Documents and Settings\Dave\Desktop\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
[2008/07/16 00:37:19 | 02,330,624 | ---- | M] () -- C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad
[2008/12/04 20:36:23 | 24,137,728 | ---- | M] (Sony Online Entertainment) -- C:\Program Files\StarWarsGalaxies\SwgClient_r.exe:*:Disabled:SwgClient_r
[2008/08/17 18:45:27 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/09/30 23:39:08 | 01,470,464 | ---- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
[2008/08/23 09:10:33 | 24,076,288 | ---- | M] (Sony Online Entertainment) -- C:\Program Files\StarWarsGalaxies\testcenter\SwgClient_r.exe:*:Enabled:SwgClient_r
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/10 14:56:32 | 04,789,760 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}"=Crysis®
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{12EC0178-2605-4973-B9D6-D3E0B95A62A5}"=Saitek SD6 Programming Software 6.2.2.4
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}"=Mobile Broadband Drivers
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}"=Sound Blaster Audigy
"{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"{242FBF70-03A3-4317-931F-FA7798F39A13}"=Winflash
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 11
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}"=Data Lifeguard Tools
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150120}"=J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{50D4CB89-AF34-4978-96DC-C3034062E901}"=Battlefield 2: Special Forces
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}"=fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{6710FE30-27F7-492B-A660-D31D4A898A43}"=MSN Toolbar
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}"=CryEngine®2 Sandbox™2
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{92B0B959-BDC0-41D0-A3D3-5F89AF5297B2}"=T-Utility Hardware Monitor
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{A179591B-58E3-4365-BF57-2E1DE45662A1}"=T-Utility Over Clock
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}"=Hellgate: London
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}"=Saitek Cyborg Keyboard Volume 6.2.1.3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7646-A70000000000}"=Adobe Reader 7.0
"{AC76BA86-7AD7-3D00-0000-7E8A450000A7}"=3D For Adobe Reader Package
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}"=Spelling Dictionaries For Adobe Reader Package
"{AC76BA86-7AD7-EF45-EB65-7E8A450000A7}"=Adobe Reader Digital Editions and Accessibility Package
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}"=hph_software_req
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}"=Dual-Core Optimizer
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}"=Pivot Stickfigure Animator
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}"=HP Photosmart and Deskjet 7.0 Software
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}"=Razer Copperhead
"{D8748D14-88C5-44C7-8A22-F3CE754A1218}"=T-Utility BIOS Live Update
"{DACE3124-AA28-4D1E-BF64-7BD2C339A310}"=Saitek SD6 Programming Software 6.2.0.11
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Blender"=Blender (remove only)
"Combat Arms"=Combat Arms
"Coupon Printer for Windows4.0"=Coupon Printer for Windows
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"CurseClient"=Curse Client
"FMOD Designer"=FMOD Designer
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"NVIDIA Drivers"=NVIDIA Drivers
"prunnet"=Advertisement Service
"PunkBusterSvc"=PunkBuster Services
"RadialpointClientGateway_is1"=Verizon Servicepoint 1.5.20
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SysInfo"=Creative System Information
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Titanic"=Titanic
"Ulead GIF Animator 3.0a"=Special Bonus from Ulead F/X for GIF Animator
"Ulead WebRazor Pro 1.02"=Ulead WebRazor Pro 1.02 Full Version
"Verizon Online Help and Support"=Verizon Online Help and Support
"Warhammer Online - Age of Reckoning"=Warhammer Online - Age of Reckoning
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"Xfire"=Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}"=Roblox for Dave
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer"=LEGO Digital Designer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}"=Roblox for Dave
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer"=LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2008 1:23:13 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/13/2008 1:23:17 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2008 1:18:28 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2008 9:07:26 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000010e6.

Error - 12/18/2008 8:09:37 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5726, fault address 0x0006c4e5.

Error - 12/21/2008 2:28:53 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 7.0.25.114, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000113a2.

Error - 12/21/2008 2:33:24 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 7.0.25.114, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/22/2008 10:05:46 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application VirusRemover2008_Setup_Free_en[1].exe, version
1.0.22.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 6:56:31 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 8:14:31 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.2.2.4, faulting module
profileru.exe, version 6.2.2.4, fault address 0x0000571f.

[ System Events ]
Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/24/2008 11:43:38 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >



KasperSky:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 20:58:20
Records in database: 1461208
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Dave\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 66794
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:59:32


File name / Threat name / Threats count
C:\WINDOWS\system32\tuvSIYOH.dll Infected: Trojan-Downloader.Win32.Agent.aubk 1

The selected area was scanned.


Gmer:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-24 22:41:16
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT BAEBC344 ZwCreateThread
SSDT BAEBC330 ZwOpenProcess
SSDT BAEBC335 ZwOpenThread
SSDT BAEBC33F ZwTerminateProcess
SSDT BAEBC33A ZwWriteVirtualMemory

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

---- EOF - GMER 1.0.14 ----

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 24 December 2008 - 10:54 PM

Hello NosDoze.

Could you describe to me what problems you have or anything strange you are experiencing so far so I know what's happening with your machine right now..

We will begin disinfecting soon after I have an idea what's happening right now..

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 NosDoze

NosDoze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 24 December 2008 - 11:13 PM

Well it all started back on the 13th of the month, I was unable to get past the Windows loading screen. I finally was able to get past by going to the last good known config. Anyway I scanned with the Malwarebytes program and it found 50 some infections and deleted them.

So, since then it hasn't been bad, but yesterday my wife informed me about Spywareguard 2008. It was a real hassle, but again I ran Malwarebytes and it found another 58 infections and must of deleted the Spywareguard virus, cause it hasn't bugged me since.

Basically I don't know where all these things are coming from.. I don't know if there is something in there the scans aren't picking up and it just keeps downloading virus's or what. I haven't had this many viruses before, usually Avira may pick up a couple, but not like the last few weeks.

Back on the 13th I deleted alot of temp files from my youngest son's account, which I cann't believe he would of been looking at.... So, I don't know if its possible for someone else to use my computer for that or what..

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 25 December 2008 - 09:49 AM

Hello.

Sorry I couldn't get back to you eariler, it was passed my bedtime yesterday...

I understand you problem now. Let's see if we clear up some of that mess for you. Just to let you know Spywareguard 2008 is a Rogue program. More information on that can be found over here

One last thing..

Ok...think I did everything correct:

Yes, BUT, next time when doing the Kaspersky online scan please do a complete scan meaning scanning for your Whole Computer. I saw you only ran the crtical area scanner option, which may have missed things...

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\System32\TDSSosvd.dat
    C:\WINDOWS\tasks\dymjoodh.job
    C:\WINDOWS\system32\tuvSIYOH.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C73BF21-7739-4191-B3B9-1AFCF341BB05}]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=-
    "{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}"=-
    
    [HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=-
    "{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}"=-
    
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avsystemcare.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onerateld.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\safetydownload.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trustedantivirus.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\virusremover2008.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\virusschlacht.com]
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Removing Programs using Add/Remove
We will remove the old version of Java since you have the latest version already.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

"{3248F0A8-6813-11D6-A77B-00B0D0150120}"=J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7

Additional instructions can be found here if needed.

From what I see you actually look fine. Let's run one scan so I can see if Malwraebytes anti-malware picks up anythign else..

Download and run MalwareBytes Anti-Malware(Full Scan)

Please download Malwarebytes Anti-Malware and save it to your desktop if you lost your copy and need to install it, otherwise skip the installation step and continue with the Full Scan.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please refer tothis link

Post back with:
-OTMoveIT log
-Malwarebytes Anti-Malware scan log
-Fresh OTViewIT log
-Any Problem you are currently experiencing?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 NosDoze

NosDoze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 25 December 2008 - 05:51 PM

Notta problem, I appreciate ur help on Christmas...

heres some logs:

========== FILES ==========
C:\WINDOWS\System32\TDSSosvd.dat moved successfully.
C:\WINDOWS\tasks\dymjoodh.job moved successfully.
File/Folder C:\WINDOWS\system32\tuvSIYOH.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C73BF21-7739-4191-B3B9-1AFCF341BB05}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avsystemcare.com\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onerateld.com\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\safetydownload.com\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trustedantivirus.com\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\virusremover2008.com\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\virusschlacht.com\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_75c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12252008_152524

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_75c.dat not found!



Malwarebytes' Anti-Malware 1.31
Database version: 1539
Windows 5.1.2600 Service Pack 3

12/25/2008 5:42:52 PM
mbam-log-2008-12-25 (17-42-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 169489
Time elapsed: 2 hour(s), 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5DB9C8F4-D9BE-4F7A-BA83-344365C6ECFF}\RP499\A0123912.dll (Trojan.TDSS) -> No action taken.



Malwarebytes' Anti-Malware 1.31
Database version: 1539
Windows 5.1.2600 Service Pack 3

12/25/2008 5:44:31 PM
mbam-log-2008-12-25 (17-44-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 169489
Time elapsed: 2 hour(s), 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5DB9C8F4-D9BE-4F7A-BA83-344365C6ECFF}\RP499\A0123912.dll (Trojan.TDSS) -> Quarantined and deleted successfully.



OTViewIt logfile created on: 12/25/2008 5:45:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.26% Memory free
3.85 Gb Paging File | 3.50 Gb Available in Paging File | 91.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.89 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/23 18:25:16 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
[2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2006/11/14 16:21:28 | 16,270,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2005/10/31 09:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/10/08 15:27:48 | 00,155,648 | ---- | M] () -- C:\Program Files\Razer\Copperhead\razerhid.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/01/18 13:05:16 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
[2008/07/17 18:20:16 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/01/18 16:37:38 | 00,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/04 11:34:42 | 00,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
[2005/07/22 14:02:46 | 00,159,744 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Copperhead\razerofa.exe
[2008/04/04 11:35:20 | 00,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/08/18 17:41:00 | 01,832,272 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/08/09 22:01:02 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/12/24 16:29:24 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/23 18:25:16 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/23 18:25:13 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [On_Demand | Stopped])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Running])
[2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
[2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[2006/07/01 21:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2006/11/01 13:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
[2004/08/03 21:31:20 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983 [On_Demand | Running])
[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/06/15 00:27:32 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Stopped])
[2008/11/26 14:16:37 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [System | Running])
[2006/04/13 13:33:28 | 00,008,192 | ---- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo [System | Running])
[2005/01/10 05:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/24 22:06:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2001/08/17 12:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/15 13:34:40 | 04,225,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/09/28 13:30:57 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
[2007/09/28 13:30:49 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2007/12/05 00:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/21 04:24:28 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/09/11 05:45:36 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/09/11 05:45:38 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/09/11 05:45:26 | 00,110,592 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP [System | Running])
[2007/04/19 11:09:42 | 00,194,048 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI [On_Demand | Running])
[2007/04/19 11:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem [On_Demand | Stopped])
[2007/04/19 11:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort [On_Demand | Stopped])
[2005/01/10 05:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2005/07/07 03:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/29 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/08/12 09:11:10 | 00,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow [On_Demand | Stopped])
[2008/02/18 09:21:33 | 00,104,960 | R--- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiK0728.sys -- (SaiK0728 [On_Demand | Running])
[2008/04/04 17:21:16 | 00,104,960 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiK0CEA.sys -- (SaiK0CEA [On_Demand | Running])
[2008/04/04 17:21:42 | 00,014,080 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini [On_Demand | Running])
[2008/04/04 17:21:42 | 00,035,456 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus [On_Demand | Running])
[2008/04/04 17:21:18 | 00,028,544 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiU0CEA.sys -- (SaiU0CEA [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2005/08/14 13:25:02 | 00,003,548 | ---- | M] () -- C:\Program Files\BIOSTAR\T-Utility BIOS Live Update\WinFlash.sys -- (WINFLASH [On_Demand | Stopped])
[2006/02/28 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265422 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9196 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"P17Helper"=Rundll32 P17.dll,P17Helper ()
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"razer"=C:\Program Files\Razer\Copperhead\razerhid.exe ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
"SaiVolume"=C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UpdReg"=C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
"ussshreg"=C:\PROGRA~1\ULEADW~1.02\Ussshreg.exe /r ()
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe File not found
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN (Verizon)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[2004/12/14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testAc...OnlineGames.cab -- Disney Online Games ActiveX Control
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.systemrequirementslab.com/sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su2...15105/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{0F86D39C-DCA0-41C9-91BC-86E55B78EE5B} (Servers: | Description: )
{17944847-F5BB-4E30-9403-C183CE4D4969} (Servers: | Description: NVIDIA nForce Networking Controller)
{24AE78D9-75AA-4F6F-B423-C47C5EB8F6C9} (Servers: | Description: Linksys NC100 Fast Ethernet Adapter)
{66FCE40D-1ED1-4C27-B3B5-5D992EEF5544} (Servers: | Description: Westell USB Network Interface)
{724EB4D3-FD0C-4BD9-A3D5-8F6EB433E53C} (Servers: | Description: NVIDIA nForce Networking Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/08/09 21:48:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[13 C:\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/25 15:25:24 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/25 15:24:28 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTMoveIt3.exe
[2008/12/24 22:11:01 | 00,000,466 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to gmer.lnk
[2008/12/24 22:10:45 | 00,000,000 | ---D | C] -- C:\gmer
[2008/12/24 22:06:39 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/24 22:06:37 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/24 22:06:37 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/24 22:06:37 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/24 22:06:37 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/24 20:58:27 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2008/12/24 16:29:22 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2008/12/23 23:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\WinZip
[2008/12/23 23:45:58 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 23:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/12/23 23:44:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B7.TMP
[2008/12/23 23:33:34 | 00,002,741 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Attach.rar
[2008/12/23 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\{87C4601D-5E35-4694-9D27-B7E614C758B5}
[2008/12/19 01:03:03 | 00,005,732 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\NAMBLA_CustomTextures.zip
[2008/12/14 03:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2008/12/14 03:39:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 03:39:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 03:39:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 03:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 03:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/13 22:54:17 | 00,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/12/13 22:54:17 | 00,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2008/12/12 14:43:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2008/12/12 13:42:33 | 00,004,886 | R--- | C] () -- C:\WINDOWS\System32\SaiD0CEA.pr0
[2008/12/12 13:29:27 | 00,028,544 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiU0CEA.sys
[2008/12/12 13:29:18 | 00,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Saitek Cyborg Mouse.lnk
[2008/12/12 13:29:17 | 00,065,536 | ---- | C] (Saitek) -- C:\WINDOWS\System32\Saio0CEA.dll
[2008/12/12 13:29:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
[2008/12/12 13:29:15 | 01,232,896 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA.exe
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_11.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_10.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0C.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0A.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_09.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_07.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0402.dll
[2008/12/12 13:29:13 | 00,104,960 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiK0CEA.sys
[2008/12/04 20:21:17 | 00,001,884 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Star Wars Galaxies.lnk
[2008/12/04 01:07:23 | 00,060,705 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Squared-2.8.1.zip
[2008/12/03 12:15:26 | 00,001,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2008/12/03 12:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\CurseClient
[2008/12/03 12:15:18 | 00,000,000 | ---D | C] -- C:\Program Files\Curse
[2008/12/03 01:39:24 | 01,545,129 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Equilibriums UI.zip
[2008/12/03 01:28:26 | 00,023,508 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\CleanUnitFrames-1.0.15.zip
[2008/11/27 18:26:10 | 00,992,140 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1554.jpg
[2008/11/27 18:26:06 | 01,001,712 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1553.jpg
[2008/11/27 18:26:01 | 00,995,148 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1552.jpg
[2008/11/27 18:25:56 | 00,997,636 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1551.jpg
[2008/11/27 18:25:49 | 01,008,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1550.jpg
[2008/11/27 18:25:43 | 01,003,216 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1548.jpg
[2008/11/27 18:25:39 | 00,999,924 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1547.jpg
[2008/11/27 18:25:35 | 01,023,924 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1546.jpg
[2008/11/27 18:25:31 | 01,024,952 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1545.jpg
[2008/11/27 18:25:25 | 01,023,464 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1544.jpg
[2008/11/27 18:25:20 | 01,007,860 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1543.jpg
[2008/11/27 18:25:17 | 00,999,280 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1542.jpg
[2008/11/27 18:25:12 | 01,013,244 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1541.jpg
[2008/11/27 18:25:05 | 01,031,020 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1540.jpg
[2008/11/27 18:25:00 | 01,000,764 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1539.jpg
[2008/11/27 18:24:56 | 01,017,240 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1538.jpg
[2008/11/27 18:24:52 | 00,989,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1537.jpg
[2008/11/27 18:24:48 | 01,000,440 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1536.jpg
[2008/11/27 18:24:39 | 01,010,524 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1535.jpg
[2008/11/27 18:24:35 | 01,010,656 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1534.jpg
[2008/11/27 18:24:30 | 00,989,872 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1532.jpg
[2008/11/27 18:24:25 | 00,996,492 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1531.jpg
[2008/11/27 18:24:21 | 00,989,744 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1530.jpg
[2008/11/27 18:24:18 | 01,006,296 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1529.jpg
[2008/11/27 18:24:14 | 00,994,420 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1528.jpg
[2008/11/27 18:24:10 | 01,014,600 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1527.jpg
[2008/11/27 18:24:06 | 00,997,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1526.jpg
[2008/11/27 18:24:02 | 00,994,952 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1525.jpg
[2008/11/27 18:23:57 | 01,015,836 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1524.jpg
[2008/11/27 18:23:46 | 00,992,568 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1523.jpg
[2008/11/27 18:23:41 | 00,991,824 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1522.jpg
[2008/11/27 18:23:38 | 00,994,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1521.jpg
[2008/11/27 18:23:34 | 01,011,312 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1520.jpg
[2008/11/27 18:23:29 | 00,995,172 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1519.jpg
[2008/11/27 18:23:24 | 01,006,100 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1518.jpg
[2008/11/27 18:23:20 | 01,006,852 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1517.jpg
[2008/11/27 18:23:15 | 01,015,116 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1516.jpg
[2008/11/27 18:23:09 | 01,012,716 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1515.jpg
[2008/11/27 18:23:01 | 01,004,580 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1514.jpg
[2008/11/27 18:22:47 | 01,002,492 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1513.jpg
[2008/11/27 18:22:43 | 01,011,300 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1512.jpg
[2008/11/27 18:22:39 | 01,008,024 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1511.jpg
[2008/11/27 18:22:35 | 01,018,432 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1510.jpg
[2008/11/27 18:22:31 | 00,991,148 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1509.jpg
[2008/11/27 18:22:28 | 01,000,796 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1508.jpg
[2008/11/27 18:22:23 | 01,006,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1507.jpg
[2008/11/27 18:22:19 | 01,009,588 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1506.jpg
[2008/11/27 18:22:14 | 01,005,348 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1505.jpg
[2008/11/27 18:22:08 | 01,008,932 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1504.jpg
[2008/11/27 18:22:02 | 01,004,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1503.jpg
[2008/11/27 18:21:53 | 01,002,208 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1502.jpg
[2008/11/27 18:21:45 | 01,012,008 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1501.jpg
[2008/11/27 18:21:40 | 01,007,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1500.jpg
[2008/11/27 18:21:35 | 01,005,228 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1499.jpg
[2008/11/27 18:21:31 | 01,005,408 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1498.jpg
[2008/11/27 18:21:27 | 01,008,552 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1497.jpg
[2008/11/27 18:21:23 | 01,006,068 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1496.jpg
[2008/11/27 18:21:18 | 01,011,724 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1495.jpg
[2008/11/27 18:21:15 | 01,008,740 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1494.jpg
[2008/11/27 18:21:11 | 01,009,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1493.jpg
[2008/11/27 18:21:08 | 01,004,028 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1492.jpg
[2008/11/27 18:21:04 | 00,993,396 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1491.jpg
[2008/11/27 18:21:00 | 00,997,480 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1490.jpg
[2008/11/27 18:20:56 | 00,992,880 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1489.jpg
[2008/11/27 18:20:52 | 00,984,776 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1488.jpg
[2008/11/27 18:20:47 | 00,998,812 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1487.jpg
[2008/11/27 18:20:39 | 00,994,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1486.jpg
[2008/11/27 18:20:35 | 00,996,460 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1485.jpg
[2008/11/27 18:20:32 | 00,998,964 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1484.jpg
[2008/11/27 18:20:28 | 00,996,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1483.jpg
[2008/11/27 18:20:25 | 01,008,848 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1481.jpg
[2008/11/27 18:20:19 | 00,994,676 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1480.jpg
[2008/11/27 18:20:16 | 00,991,636 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1479.jpg
[2008/11/27 18:20:10 | 00,993,688 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1477.jpg
[2008/11/27 18:20:03 | 00,993,724 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1476.jpg
[2008/11/27 18:19:56 | 01,005,572 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1475.jpg
[2008/11/27 18:19:52 | 00,996,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1474.jpg
[2008/11/27 18:19:47 | 00,983,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1473.jpg
[2008/11/27 18:19:43 | 00,992,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1472.jpg
[2008/11/27 18:19:39 | 00,992,776 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1471.jpg
[2008/11/27 18:19:35 | 01,007,560 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1470.jpg
[2008/11/27 18:19:31 | 00,989,340 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1469.jpg
[2008/11/27 18:19:25 | 00,989,760 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1468.jpg
[2008/11/27 18:19:21 | 00,997,884 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1467.jpg
[2008/11/27 18:19:13 | 00,990,336 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1466.jpg
[2008/11/27 18:19:08 | 01,007,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1465.jpg
[2008/11/27 18:19:05 | 00,991,480 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1464.jpg
[2008/11/27 18:18:54 | 00,992,232 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1463.jpg
[2008/11/27 18:18:51 | 00,997,644 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1462.jpg
[2008/11/27 18:18:48 | 01,007,272 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1461.jpg
[2008/11/27 18:18:44 | 01,005,188 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1460.jpg
[2008/11/27 18:18:40 | 01,031,316 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1459.jpg
[2008/11/27 18:18:37 | 01,005,100 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1458.jpg
[2008/11/27 18:18:33 | 00,979,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1457.jpg
[2008/11/27 18:18:29 | 00,997,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1456.jpg
[2008/11/27 18:18:25 | 00,992,620 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1455.jpg
[2008/11/27 18:18:18 | 00,997,200 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1454.jpg
[2008/11/27 18:18:14 | 00,992,836 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1453.jpg
[2008/11/27 18:18:09 | 00,994,300 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1452.jpg
[2008/11/27 18:16:07 | 00,986,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1451.jpg
[2008/11/27 18:16:03 | 00,995,328 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1450.jpg
[2008/11/27 18:15:59 | 01,004,292 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1449.jpg
[2008/11/27 18:15:53 | 00,992,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1448.jpg
[2008/11/27 18:15:49 | 00,998,768 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1447.jpg
[2008/11/27 18:15:45 | 01,003,612 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1446.jpg
[2008/11/27 18:15:41 | 00,999,600 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1445.jpg
[2008/11/27 18:15:37 | 01,001,832 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1444.jpg
[2008/11/27 18:15:33 | 01,001,812 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1443.jpg
[2008/11/27 18:15:28 | 01,004,040 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1442.jpg
[2008/11/27 18:15:23 | 00,980,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1441.jpg
[2008/11/27 18:15:19 | 01,000,504 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1440.jpg
[2008/11/27 18:15:11 | 01,006,108 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1439.jpg
[2008/11/27 18:15:07 | 00,997,284 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1438.jpg
[2008/11/27 18:15:02 | 01,002,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1437.jpg
[2008/11/27 18:14:56 | 01,006,660 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1436.jpg
[2008/11/27 18:14:51 | 00,999,816 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1435.jpg
[2008/11/27 18:14:46 | 01,001,440 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1434.jpg
[2008/11/27 18:14:40 | 00,977,820 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1433.jpg
[2008/11/27 18:14:36 | 00,980,992 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1432.jpg
[2008/11/27 18:14:30 | 01,004,732 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1431.jpg
[2008/11/27 18:14:25 | 01,007,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1430.jpg
[2008/11/27 18:14:21 | 00,986,920 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1429.jpg
[2008/11/27 18:14:16 | 00,985,092 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1428.jpg
[2008/11/27 18:14:08 | 00,968,212 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1427.jpg
[2008/11/27 18:14:03 | 00,978,400 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1426.jpg
[2008/11/27 18:13:59 | 00,986,892 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1425.jpg
[2008/11/27 18:13:53 | 00,993,252 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1424.jpg
[2008/11/27 18:13:48 | 00,996,668 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1423.jpg
[2008/11/27 18:13:44 | 00,990,088 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1422.jpg
[2008/11/27 18:13:39 | 01,017,192 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1421.jpg
[2008/11/27 18:10:44 | 01,007,824 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1419.jpg
[2008/11/27 18:10:26 | 01,009,244 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1418.jpg
[2008/11/27 18:10:17 | 01,015,296 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1417.jpg
[2008/11/27 18:10:12 | 01,018,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1416.jpg
[2008/11/27 18:09:10 | 01,001,712 | ---- | C] () -- C:\100_1553.jpg

========== Files - Modified Within 30 Days ==========

[13 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/25 15:33:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/25 15:33:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/25 15:24:31 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTMoveIt3.exe
[2008/12/25 12:04:18 | 01,484,800 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/12/25 12:04:18 | 00,784,384 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/12/24 22:14:02 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/24 22:11:01 | 00,000,466 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to gmer.lnk
[2008/12/24 22:06:37 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/24 22:06:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/24 22:06:37 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/24 20:58:31 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2008/12/24 16:29:24 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2008/12/23 23:45:58 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 23:33:34 | 00,002,741 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Attach.rar
[2008/12/23 12:35:54 | 00,000,868 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Install Verizon Internet Security Suite.lnk
[2008/12/21 01:46:32 | 00,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/19 19:10:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/19 01:03:03 | 00,005,732 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\NAMBLA_CustomTextures.zip
[2008/12/14 13:22:29 | 00,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/14 03:39:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/12 14:54:29 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 13:29:18 | 00,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Saitek Cyborg Mouse.lnk
[2008/12/12 13:29:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 03:02:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 20:21:17 | 00,001,884 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Star Wars Galaxies.lnk
[2008/12/04 01:07:23 | 00,060,705 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Squared-2.8.1.zip
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 12:15:26 | 00,001,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2008/12/03 01:39:28 | 01,545,129 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Equilibriums UI.zip
[2008/12/03 01:28:26 | 00,023,508 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\CleanUnitFrames-1.0.15.zip
[2008/11/27 18:45:47 | 00,000,970 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2008/11/27 18:44:57 | 00,002,480 | ---- | M] () -- C:\WINDOWS\U3DEDIT2.INI
[2008/11/27 18:00:06 | 00,992,140 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1554.jpg
[2008/11/27 18:00:05 | 01,001,712 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1553.jpg
[2008/11/27 18:00:05 | 01,001,712 | ---- | M] () -- C:\100_1553.jpg
[2008/11/27 18:00:04 | 00,995,148 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1552.jpg
[2008/11/27 18:00:03 | 00,997,636 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1551.jpg
[2008/11/27 18:00:01 | 01,008,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1550.jpg
[2008/11/27 18:00:00 | 01,003,216 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1548.jpg
[2008/11/27 17:59:59 | 00,999,924 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1547.jpg
[2008/11/27 17:59:58 | 01,023,924 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1546.jpg
[2008/11/27 17:59:57 | 01,024,952 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1545.jpg
[2008/11/27 17:59:55 | 01,023,464 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1544.jpg
[2008/11/27 17:59:54 | 01,007,860 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1543.jpg
[2008/11/27 17:59:53 | 00,999,280 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1542.jpg
[2008/11/27 17:59:52 | 01,013,244 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1541.jpg
[2008/11/27 17:59:50 | 01,031,020 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1540.jpg
[2008/11/27 17:59:49 | 01,000,764 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1539.jpg
[2008/11/27 17:59:48 | 01,017,240 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1538.jpg
[2008/11/27 17:59:47 | 00,989,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1537.jpg
[2008/11/27 17:59:46 | 01,000,440 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1536.jpg
[2008/11/27 17:59:44 | 01,010,524 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1535.jpg
[2008/11/27 17:59:43 | 01,010,656 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1534.jpg
[2008/11/27 17:59:42 | 00,989,872 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1532.jpg
[2008/11/27 17:59:41 | 00,996,492 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1531.jpg
[2008/11/27 17:59:40 | 00,989,744 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1530.jpg
[2008/11/27 17:59:38 | 01,006,296 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1529.jpg
[2008/11/27 17:59:37 | 00,994,420 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1528.jpg
[2008/11/27 17:59:36 | 01,014,600 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1527.jpg
[2008/11/27 17:59:35 | 00,997,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1526.jpg
[2008/11/27 17:59:33 | 00,994,952 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1525.jpg
[2008/11/27 17:59:32 | 01,015,836 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1524.jpg
[2008/11/27 17:59:31 | 00,992,568 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1523.jpg
[2008/11/27 17:59:30 | 00,991,824 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1522.jpg
[2008/11/27 17:59:29 | 00,994,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1521.jpg
[2008/11/27 17:59:27 | 01,011,312 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1520.jpg
[2008/11/27 17:59:26 | 00,995,172 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1519.jpg
[2008/11/27 17:59:25 | 01,006,100 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1518.jpg
[2008/11/27 17:59:24 | 01,006,852 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1517.jpg
[2008/11/27 17:59:23 | 01,015,116 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1516.jpg
[2008/11/27 17:59:21 | 01,012,716 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1515.jpg
[2008/11/27 17:59:20 | 01,004,580 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1514.jpg
[2008/11/27 17:59:19 | 01,002,492 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1513.jpg
[2008/11/27 17:59:18 | 01,011,300 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1512.jpg
[2008/11/27 17:59:17 | 01,008,024 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1511.jpg
[2008/11/27 17:59:15 | 01,018,432 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1510.jpg
[2008/11/27 17:59:14 | 00,991,148 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1509.jpg
[2008/11/27 17:59:13 | 01,000,796 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1508.jpg
[2008/11/27 17:59:12 | 01,006,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1507.jpg
[2008/11/27 17:59:11 | 01,009,588 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1506.jpg
[2008/11/27 17:59:09 | 01,005,348 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1505.jpg
[2008/11/27 17:59:08 | 01,008,932 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1504.jpg
[2008/11/27 17:59:07 | 01,004,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1503.jpg
[2008/11/27 17:59:06 | 01,002,208 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1502.jpg
[2008/11/27 17:59:04 | 01,012,008 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1501.jpg
[2008/11/27 17:59:03 | 01,007,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1500.jpg
[2008/11/27 17:59:02 | 01,005,228 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1499.jpg
[2008/11/27 17:59:01 | 01,005,408 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1498.jpg
[2008/11/27 17:58:59 | 01,008,552 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1497.jpg
[2008/11/27 17:58:58 | 01,006,068 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1496.jpg
[2008/11/27 17:58:57 | 01,011,724 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1495.jpg
[2008/11/27 17:58:56 | 01,008,740 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1494.jpg
[2008/11/27 17:58:55 | 01,009,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1493.jpg
[2008/11/27 17:58:53 | 01,004,028 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1492.jpg
[2008/11/27 17:58:52 | 00,993,396 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1491.jpg
[2008/11/27 17:58:51 | 00,997,480 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1490.jpg
[2008/11/27 17:58:50 | 00,992,880 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1489.jpg
[2008/11/27 17:58:49 | 00,984,776 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1488.jpg
[2008/11/27 17:58:47 | 00,998,812 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1487.jpg
[2008/11/27 17:58:46 | 00,994,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1486.jpg
[2008/11/27 17:58:45 | 00,996,460 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1485.jpg
[2008/11/27 17:58:44 | 00,998,964 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1484.jpg
[2008/11/27 17:58:43 | 00,996,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1483.jpg
[2008/11/27 17:58:41 | 01,008,848 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1481.jpg
[2008/11/27 17:58:40 | 00,994,676 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1480.jpg
[2008/11/27 17:58:39 | 00,991,636 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1479.jpg
[2008/11/27 17:58:38 | 00,993,688 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1477.jpg
[2008/11/27 17:58:37 | 00,993,724 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1476.jpg
[2008/11/27 17:58:35 | 01,005,572 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1475.jpg
[2008/11/27 17:58:34 | 00,996,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1474.jpg
[2008/11/27 17:58:33 | 00,983,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1473.jpg
[2008/11/27 17:58:32 | 00,992,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1472.jpg
[2008/11/27 17:58:30 | 00,992,776 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1471.jpg
[2008/11/27 17:58:29 | 01,007,560 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1470.jpg
[2008/11/27 17:58:28 | 00,989,340 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1469.jpg
[2008/11/27 17:58:27 | 00,989,760 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1468.jpg
[2008/11/27 17:58:26 | 00,997,884 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1467.jpg
[2008/11/27 17:58:25 | 00,990,336 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1466.jpg
[2008/11/27 17:58:23 | 01,007,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1465.jpg
[2008/11/27 17:58:22 | 00,991,480 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1464.jpg
[2008/11/27 17:58:21 | 00,992,232 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1463.jpg
[2008/11/27 17:58:20 | 00,997,644 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1462.jpg
[2008/11/27 17:58:19 | 01,007,272 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1461.jpg
[2008/11/27 17:58:17 | 01,005,188 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1460.jpg
[2008/11/27 17:58:16 | 01,031,316 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1459.jpg
[2008/11/27 17:58:15 | 01,005,100 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1458.jpg
[2008/11/27 17:58:14 | 00,979,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1457.jpg
[2008/11/27 17:58:13 | 00,997,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1456.jpg
[2008/11/27 17:58:11 | 00,992,620 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1455.jpg
[2008/11/27 17:58:10 | 00,997,200 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1454.jpg
[2008/11/27 17:58:09 | 00,992,836 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1453.jpg
[2008/11/27 17:58:08 | 00,994,300 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1452.jpg
[2008/11/27 17:58:07 | 00,986,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1451.jpg
[2008/11/27 17:58:05 | 00,995,328 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1450.jpg
[2008/11/27 17:58:04 | 01,004,292 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1449.jpg
[2008/11/27 17:58:03 | 00,992,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1448.jpg
[2008/11/27 17:58:02 | 00,998,768 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1447.jpg
[2008/11/27 17:58:00 | 01,003,612 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1446.jpg
[2008/11/27 17:57:59 | 00,999,600 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1445.jpg
[2008/11/27 17:57:58 | 01,001,832 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1444.jpg
[2008/11/27 17:57:57 | 01,001,812 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1443.jpg
[2008/11/27 17:57:56 | 01,004,040 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1442.jpg
[2008/11/27 17:57:54 | 00,980,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1441.jpg
[2008/11/27 17:57:53 | 01,000,504 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1440.jpg
[2008/11/27 17:57:52 | 01,006,108 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1439.jpg
[2008/11/27 17:57:50 | 01,015,296 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1417.jpg
[2008/11/27 17:57:49 | 01,018,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1416.jpg
[2008/11/27 17:54:42 | 00,997,284 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1438.jpg
[2008/11/27 17:54:41 | 01,002,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1437.jpg
[2008/11/27 17:54:40 | 01,006,660 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1436.jpg
[2008/11/27 17:54:38 | 00,999,816 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1435.jpg
[2008/11/27 17:54:37 | 01,001,440 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1434.jpg
[2008/11/27 17:54:36 | 00,977,820 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1433.jpg
[2008/11/27 17:54:35 | 00,980,992 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1432.jpg
[2008/11/27 17:54:34 | 01,004,732 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1431.jpg
[2008/11/27 17:54:32 | 01,007,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1430.jpg
[2008/11/27 17:54:31 | 00,986,920 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1429.jpg
[2008/11/27 17:54:30 | 00,985,092 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1428.jpg
[2008/11/27 17:54:29 | 00,968,212 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1427.jpg
[2008/11/27 17:54:28 | 00,978,400 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1426.jpg
[2008/11/27 17:54:27 | 00,986,892 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1425.jpg
[2008/11/27 17:54:25 | 00,996,668 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1423.jpg
[2008/11/27 17:54:24 | 00,990,088 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1422.jpg
[2008/11/27 17:54:23 | 01,017,192 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1421.jpg
[2008/11/27 17:54:21 | 01,007,824 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1419.jpg
[2008/11/27 17:54:19 | 01,009,244 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1418.jpg
[2008/11/27 17:53:38 | 00,993,252 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1424.jpg
[2008/11/26 14:16:37 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
< End of report >



OTViewIt Extras logfile created on: 12/25/2008 5:45:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.26% Memory free
3.85 Gb Paging File | 3.50 Gb Available in Paging File | 91.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.89 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
File not found -- C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
[2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
File not found -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
File not found -- C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System
File not found -- C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Enabled:Age of Empires II
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/07/05 16:23:08 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2007/05/25 04:38:32 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe:*:Enabled:
[2007/05/25 04:38:35 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe:*:Enabled:
[2007/05/25 04:38:48 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe:*:Enabled:
[2007/10/24 23:11:24 | 04,674,784 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32
[2007/10/24 23:11:28 | 00,017,120 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32
[2008/10/18 16:12:03 | 06,448,448 | ---- | M] (Flagship Studios) -- C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London
[2008/10/08 19:47:08 | 03,098,448 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
File not found -- F:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
[2006/09/26 16:53:22 | 07,574,463 | ---- | M] () -- C:\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
File not found -- C:\Program Files\ROBLOX Corporation\ROBLOX\Roblox.exe:*:Enabled:ROBLOX Game
[2006/09/26 16:53:22 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
File not found -- F:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
[2008/07/03 10:30:08 | 05,661,928 | ---- | M] (BioWare) -- C:\Documents and Settings\Dave\Desktop\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
[2008/07/16 00:37:19 | 02,330,624 | ---- | M] () -- C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad
[2008/12/04 20:36:23 | 24,137,728 | ---- | M] (Sony Online Entertainment) -- C:\Program Files\StarWarsGalaxies\SwgClient_r.exe:*:Disabled:SwgClient_r
[2008/08/17 18:45:27 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/09/30 23:39:08 | 01,470,464 | ---- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
[2008/08/23 09:10:33 | 24,076,288 | ---- | M] (Sony Online Entertainment) -- C:\Program Files\StarWarsGalaxies\testcenter\SwgClient_r.exe:*:Enabled:SwgClient_r
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/10 14:56:32 | 04,789,760 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}"=Crysis®
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{12EC0178-2605-4973-B9D6-D3E0B95A62A5}"=Saitek SD6 Programming Software 6.2.2.4
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}"=Mobile Broadband Drivers
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}"=Sound Blaster Audigy
"{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"{242FBF70-03A3-4317-931F-FA7798F39A13}"=Winflash
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 11
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}"=Data Lifeguard Tools
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150120}"=J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{50D4CB89-AF34-4978-96DC-C3034062E901}"=Battlefield 2: Special Forces
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}"=fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{6710FE30-27F7-492B-A660-D31D4A898A43}"=MSN Toolbar
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}"=CryEngine®2 Sandbox™2
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{92B0B959-BDC0-41D0-A3D3-5F89AF5297B2}"=T-Utility Hardware Monitor
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{A179591B-58E3-4365-BF57-2E1DE45662A1}"=T-Utility Over Clock
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}"=Hellgate: London
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}"=Saitek Cyborg Keyboard Volume 6.2.1.3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7646-A70000000000}"=Adobe Reader 7.0
"{AC76BA86-7AD7-3D00-0000-7E8A450000A7}"=3D For Adobe Reader Package
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}"=Spelling Dictionaries For Adobe Reader Package
"{AC76BA86-7AD7-EF45-EB65-7E8A450000A7}"=Adobe Reader Digital Editions and Accessibility Package
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}"=hph_software_req
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}"=Dual-Core Optimizer
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}"=Pivot Stickfigure Animator
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}"=HP Photosmart and Deskjet 7.0 Software
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}"=Razer Copperhead
"{D8748D14-88C5-44C7-8A22-F3CE754A1218}"=T-Utility BIOS Live Update
"{DACE3124-AA28-4D1E-BF64-7BD2C339A310}"=Saitek SD6 Programming Software 6.2.0.11
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Blender"=Blender (remove only)
"Combat Arms"=Combat Arms
"Coupon Printer for Windows4.0"=Coupon Printer for Windows
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"CurseClient"=Curse Client
"FMOD Designer"=FMOD Designer
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"NVIDIA Drivers"=NVIDIA Drivers
"prunnet"=Advertisement Service
"PunkBusterSvc"=PunkBuster Services
"RadialpointClientGateway_is1"=Verizon Servicepoint 1.5.20
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SysInfo"=Creative System Information
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Titanic"=Titanic
"Ulead GIF Animator 3.0a"=Special Bonus from Ulead F/X for GIF Animator
"Ulead WebRazor Pro 1.02"=Ulead WebRazor Pro 1.02 Full Version
"Verizon Online Help and Support"=Verizon Online Help and Support
"Warhammer Online - Age of Reckoning"=Warhammer Online - Age of Reckoning
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"Xfire"=Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}"=Roblox for Dave
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer"=LEGO Digital Designer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}"=Roblox for Dave
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer"=LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2008 1:23:13 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/13/2008 1:23:17 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2008 1:18:28 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2008 9:07:26 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000010e6.

Error - 12/18/2008 8:09:37 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5726, fault address 0x0006c4e5.

Error - 12/21/2008 2:28:53 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 7.0.25.114, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000113a2.

Error - 12/21/2008 2:33:24 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 7.0.25.114, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/22/2008 10:05:46 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application VirusRemover2008_Setup_Free_en[1].exe, version
1.0.22.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 6:56:31 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 8:14:31 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.2.2.4, faulting module
profileru.exe, version 6.2.2.4, fault address 0x0000571f.

[ System Events ]
Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/25/2008 6:32:48 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >


Think that was all you wanted.....let me know


Thanks,
David

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 25 December 2008 - 06:09 PM

Hi again.

Notta problem, I appreciate ur help on Christmas...

Great, you log looks okay from what I see so far.

Everything deleted that I wanted it to delete that was considered "bad". :thumbsup:

Malwarebytes Anti-Malware picked up an restore point that was related to TDSSserv. however, from the GMER scan you were free from any TDSSserv rootkits. Just to make sure run GMER again.

How is your computer doing when on the web? I can't tell much right now. You look good.

We will run one last online scan to make sure nothing else is around.

F-Secure Online Scan

Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.
Also install a firewall to further enhance and increase your protection.

Install Firewall

Install a third-party firewall from the following selection of excellent programsThe main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signles (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks.

After you have installed one of the above firewalls, please disable your Windows Firewall, if you had it enabled.

Please post back with:
-F-Secure online scan log
-New GMER log
-New OTViewIT log
-How is your computer on the web? Any Problems?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 NosDoze

NosDoze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 26 December 2008 - 11:04 PM

Here ya go,


Scanning Report
Friday, December 26, 2008 17:30:55 - 22:05:51
Computer name: DAVID
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 12 malware found
Exploit.Java.ByteVerify (virus)
C:\DOCUMENTS AND SETTINGS\JUSTIN\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\21\4733B815-773513A9 (Renamed & Submitted)
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Specificclick (spyware)
System
TrackingCookie.Statcounter (spyware)
System
TrackingCookie.Xiti (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 40238
System: 3811
Not scanned: 172
Actions:
Disinfected: 0
Renamed: 1
Deleted: 0
None: 11
Submitted: 1
Files not scanned:
詗xއAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1667.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1670.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1671.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1672.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1673.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1674.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1675.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1676.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1677.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1678.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1679.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1680.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1681.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1682.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1683.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1684.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1685.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1686.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1687.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1688.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1689.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1690.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1691.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1692.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1693.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1694.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1695.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1696.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1697.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1698.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1699.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1700.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1701.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1702.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1703.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1704.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1705.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1706.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1707.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1708.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1709.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1710.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1711.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1712.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1713.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1714.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1715.JPG
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\SWG-3.1.807.1746\SEARCHWITHGOOGLEUPDATE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KC큝t
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1667.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1670.JPG
C:\RECYCLER\S-1-~-8xއxއ935655697-725345543-1006\DC1671.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1672.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1673.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1674.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1675.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1676.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1677.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1678.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1679.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1680.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1681.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1682.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1683.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1684.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1685.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1686.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1687.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1688.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1689.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1690.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1691.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1692.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1693.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1694.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1695.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1696.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1697.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1698.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1699.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1700.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1701.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1702.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1703.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1704.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1705.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1706.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1707.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1708.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1709.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1710.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1711.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1712.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1713.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1714.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1715.JPG
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\SWG-3.1.807.1746\SEARCHWITHGOOGLEUPDATE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\Z1485 IS DIGITAL CAMERA\100_0055.JPG
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\?
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1667.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1670.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1671.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1672.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1673.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1674.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1675.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1676.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1677.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1678.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1679.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1680.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1681.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1682.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1683.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1684.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1685.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1686.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1687.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1688.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1689.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1690.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1691.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1692.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1693.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1694.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1695.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1696.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1697.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1698.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1699.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1700.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1701.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1702.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1703.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1704.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1705.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1706.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1707.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1708.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1709.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1710.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1711.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1712.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1713.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1714.JPG
C:\RECYCLER\S-1-5-21-789336058-1935655697-725345543-1006\DC1715.JPG
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\SWG-3.1.807.1746\SEARCHWITHGOOGLEUPDATE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\Z1485 IS DIGITAL CAMERA\100_0055.JPG
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\Z1485 IS DIGITAL CAMERA\100_0056.JPG
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\Z1485 IS DIGITCTURES\Ď?52xއxއ272.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0273.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0274.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0275.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0276.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0277.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0278.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0279.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0280.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0281.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0282.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\12-25-2008\100_0283.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\11-18-2008\100_0117.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\11-18-2008\100_0118.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\11-18-2008\100_0126.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\11-18-2008\100_0127.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\11-18-2008\100_0130.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\11-18-2008\100_0131.JPGC:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\KODAK PICTURES\11-18-2008\100_0132.JPG

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2008-12-26
F-Secure AVP: 7.0.171, 2008-12-26
F-Secure Pegasus: 1.20.0, 2008-11-17
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------




OTViewIt logfile created on: 12/26/2008 10:09:18 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.73% Memory free
3.85 Gb Paging File | 2.91 Gb Available in Paging File | 75.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.28 Gb Free Space | 43.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/23 18:25:16 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
[2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2006/11/14 16:21:28 | 16,270,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2005/10/31 09:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/10/08 15:27:48 | 00,155,648 | ---- | M] () -- C:\Program Files\Razer\Copperhead\razerhid.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/01/18 13:05:16 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
[2008/07/17 18:20:16 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/01/18 16:37:38 | 00,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/04 11:34:42 | 00,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
[2005/07/22 14:02:46 | 00,159,744 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Copperhead\razerofa.exe
[2008/04/04 11:35:20 | 00,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/08/18 17:41:00 | 01,832,272 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/08/09 22:01:02 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/24 16:29:24 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/23 18:25:16 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/23 18:25:13 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [On_Demand | Stopped])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Running])
[2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
[2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/10/11 10:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[2006/07/01 21:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2006/11/01 13:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
[2004/08/03 21:31:20 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983 [On_Demand | Running])
[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/06/15 00:27:32 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Stopped])
[2008/11/26 14:16:37 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [System | Running])
[2006/04/13 13:33:28 | 00,008,192 | ---- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo [System | Running])
[2005/01/10 05:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/24 22:06:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2001/08/17 12:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/15 13:34:40 | 04,225,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/09/28 13:30:57 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
[2007/09/28 13:30:49 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2007/12/05 00:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/08/21 04:24:28 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/09/11 05:45:36 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/09/11 05:45:38 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/09/11 05:45:26 | 00,110,592 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP [System | Running])
[2007/04/19 11:09:42 | 00,194,048 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI [On_Demand | Running])
[2007/04/19 11:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem [On_Demand | Stopped])
[2007/04/19 11:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort [On_Demand | Stopped])
[2005/01/10 05:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2005/07/07 03:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/29 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/08/12 09:11:10 | 00,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow [On_Demand | Stopped])
[2008/02/18 09:21:33 | 00,104,960 | R--- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiK0728.sys -- (SaiK0728 [On_Demand | Running])
[2008/04/04 17:21:16 | 00,104,960 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiK0CEA.sys -- (SaiK0CEA [On_Demand | Running])
[2008/04/04 17:21:42 | 00,014,080 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini [On_Demand | Running])
[2008/04/04 17:21:42 | 00,035,456 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus [On_Demand | Running])
[2008/04/04 17:21:18 | 00,028,544 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiU0CEA.sys -- (SaiU0CEA [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2005/08/14 13:25:02 | 00,003,548 | ---- | M] () -- C:\Program Files\BIOSTAR\T-Utility BIOS Live Update\WinFlash.sys -- (WINFLASH [On_Demand | Stopped])
[2006/02/28 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265422 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9196 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"P17Helper"=Rundll32 P17.dll,P17Helper ()
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"razer"=C:\Program Files\Razer\Copperhead\razerhid.exe ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
"SaiVolume"=C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UpdReg"=C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
"ussshreg"=C:\PROGRA~1\ULEADW~1.02\Ussshreg.exe /r ()
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe File not found
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN (Verizon)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[2004/12/14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/07/07 08:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testAc...OnlineGames.cab -- Disney Online Games ActiveX Control
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.systemrequirementslab.com/sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su2...15105/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{0F86D39C-DCA0-41C9-91BC-86E55B78EE5B} (Servers: | Description: )
{17944847-F5BB-4E30-9403-C183CE4D4969} (Servers: | Description: NVIDIA nForce Networking Controller)
{24AE78D9-75AA-4F6F-B423-C47C5EB8F6C9} (Servers: | Description: Linksys NC100 Fast Ethernet Adapter)
{66FCE40D-1ED1-4C27-B3B5-5D992EEF5544} (Servers: | Description: Westell USB Network Interface)
{724EB4D3-FD0C-4BD9-A3D5-8F6EB433E53C} (Servers: | Description: NVIDIA nForce Networking Controller)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/08/09 21:48:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[13 C:\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/26 17:27:11 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/12/25 15:25:24 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/25 15:24:28 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTMoveIt3.exe
[2008/12/24 22:11:01 | 00,000,466 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to gmer.lnk
[2008/12/24 22:10:45 | 00,000,000 | ---D | C] -- C:\gmer
[2008/12/24 22:06:39 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/24 22:06:37 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/24 22:06:37 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/24 22:06:37 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/24 22:06:37 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/24 20:58:27 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2008/12/24 16:29:22 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2008/12/23 23:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\WinZip
[2008/12/23 23:45:58 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 23:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/12/23 23:44:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B7.TMP
[2008/12/23 23:33:34 | 00,002,741 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Attach.rar
[2008/12/23 19:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\{87C4601D-5E35-4694-9D27-B7E614C758B5}
[2008/12/19 01:03:03 | 00,005,732 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\NAMBLA_CustomTextures.zip
[2008/12/14 03:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2008/12/14 03:39:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 03:39:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 03:39:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 03:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 03:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/13 22:54:17 | 00,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/12/13 22:54:17 | 00,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2008/12/12 14:43:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2008/12/12 13:42:33 | 00,004,886 | R--- | C] () -- C:\WINDOWS\System32\SaiD0CEA.pr0
[2008/12/12 13:29:27 | 00,028,544 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiU0CEA.sys
[2008/12/12 13:29:18 | 00,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Saitek Cyborg Mouse.lnk
[2008/12/12 13:29:17 | 00,065,536 | ---- | C] (Saitek) -- C:\WINDOWS\System32\Saio0CEA.dll
[2008/12/12 13:29:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
[2008/12/12 13:29:15 | 01,232,896 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA.exe
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_11.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_10.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0C.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0A.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_09.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_07.dll
[2008/12/12 13:29:15 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\SaiM0CEA_0402.dll
[2008/12/12 13:29:13 | 00,104,960 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiK0CEA.sys
[2008/12/04 20:21:17 | 00,001,884 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Star Wars Galaxies.lnk
[2008/12/04 01:07:23 | 00,060,705 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Squared-2.8.1.zip
[2008/12/03 12:15:26 | 00,001,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2008/12/03 12:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\CurseClient
[2008/12/03 12:15:18 | 00,000,000 | ---D | C] -- C:\Program Files\Curse
[2008/12/03 01:39:24 | 01,545,129 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Equilibriums UI.zip
[2008/12/03 01:28:26 | 00,023,508 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\CleanUnitFrames-1.0.15.zip
[2008/11/27 18:26:10 | 00,992,140 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1554.jpg
[2008/11/27 18:26:06 | 01,001,712 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1553.jpg
[2008/11/27 18:26:01 | 00,995,148 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1552.jpg
[2008/11/27 18:25:56 | 00,997,636 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1551.jpg
[2008/11/27 18:25:49 | 01,008,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1550.jpg
[2008/11/27 18:25:43 | 01,003,216 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1548.jpg
[2008/11/27 18:25:39 | 00,999,924 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1547.jpg
[2008/11/27 18:25:35 | 01,023,924 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1546.jpg
[2008/11/27 18:25:31 | 01,024,952 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1545.jpg
[2008/11/27 18:25:25 | 01,023,464 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1544.jpg
[2008/11/27 18:25:20 | 01,007,860 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1543.jpg
[2008/11/27 18:25:17 | 00,999,280 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1542.jpg
[2008/11/27 18:25:12 | 01,013,244 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1541.jpg
[2008/11/27 18:25:05 | 01,031,020 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1540.jpg
[2008/11/27 18:25:00 | 01,000,764 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1539.jpg
[2008/11/27 18:24:56 | 01,017,240 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1538.jpg
[2008/11/27 18:24:52 | 00,989,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1537.jpg
[2008/11/27 18:24:48 | 01,000,440 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1536.jpg
[2008/11/27 18:24:39 | 01,010,524 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1535.jpg
[2008/11/27 18:24:35 | 01,010,656 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1534.jpg
[2008/11/27 18:24:30 | 00,989,872 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1532.jpg
[2008/11/27 18:24:25 | 00,996,492 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1531.jpg
[2008/11/27 18:24:21 | 00,989,744 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1530.jpg
[2008/11/27 18:24:18 | 01,006,296 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1529.jpg
[2008/11/27 18:24:14 | 00,994,420 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1528.jpg
[2008/11/27 18:24:10 | 01,014,600 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1527.jpg
[2008/11/27 18:24:06 | 00,997,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1526.jpg
[2008/11/27 18:24:02 | 00,994,952 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1525.jpg
[2008/11/27 18:23:57 | 01,015,836 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1524.jpg
[2008/11/27 18:23:46 | 00,992,568 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1523.jpg
[2008/11/27 18:23:41 | 00,991,824 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1522.jpg
[2008/11/27 18:23:38 | 00,994,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1521.jpg
[2008/11/27 18:23:34 | 01,011,312 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1520.jpg
[2008/11/27 18:23:29 | 00,995,172 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1519.jpg
[2008/11/27 18:23:24 | 01,006,100 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1518.jpg
[2008/11/27 18:23:20 | 01,006,852 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1517.jpg
[2008/11/27 18:23:15 | 01,015,116 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1516.jpg
[2008/11/27 18:23:09 | 01,012,716 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1515.jpg
[2008/11/27 18:23:01 | 01,004,580 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1514.jpg
[2008/11/27 18:22:47 | 01,002,492 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1513.jpg
[2008/11/27 18:22:43 | 01,011,300 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1512.jpg
[2008/11/27 18:22:39 | 01,008,024 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1511.jpg
[2008/11/27 18:22:35 | 01,018,432 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1510.jpg
[2008/11/27 18:22:31 | 00,991,148 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1509.jpg
[2008/11/27 18:22:28 | 01,000,796 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1508.jpg
[2008/11/27 18:22:23 | 01,006,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1507.jpg
[2008/11/27 18:22:19 | 01,009,588 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1506.jpg
[2008/11/27 18:22:14 | 01,005,348 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1505.jpg
[2008/11/27 18:22:08 | 01,008,932 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1504.jpg
[2008/11/27 18:22:02 | 01,004,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1503.jpg
[2008/11/27 18:21:53 | 01,002,208 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1502.jpg
[2008/11/27 18:21:45 | 01,012,008 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1501.jpg
[2008/11/27 18:21:40 | 01,007,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1500.jpg
[2008/11/27 18:21:35 | 01,005,228 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1499.jpg
[2008/11/27 18:21:31 | 01,005,408 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1498.jpg
[2008/11/27 18:21:27 | 01,008,552 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1497.jpg
[2008/11/27 18:21:23 | 01,006,068 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1496.jpg
[2008/11/27 18:21:18 | 01,011,724 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1495.jpg
[2008/11/27 18:21:15 | 01,008,740 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1494.jpg
[2008/11/27 18:21:11 | 01,009,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1493.jpg
[2008/11/27 18:21:08 | 01,004,028 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1492.jpg
[2008/11/27 18:21:04 | 00,993,396 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1491.jpg
[2008/11/27 18:21:00 | 00,997,480 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1490.jpg
[2008/11/27 18:20:56 | 00,992,880 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1489.jpg
[2008/11/27 18:20:52 | 00,984,776 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1488.jpg
[2008/11/27 18:20:47 | 00,998,812 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1487.jpg
[2008/11/27 18:20:39 | 00,994,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1486.jpg
[2008/11/27 18:20:35 | 00,996,460 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1485.jpg
[2008/11/27 18:20:32 | 00,998,964 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1484.jpg
[2008/11/27 18:20:28 | 00,996,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1483.jpg
[2008/11/27 18:20:25 | 01,008,848 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1481.jpg
[2008/11/27 18:20:19 | 00,994,676 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1480.jpg
[2008/11/27 18:20:16 | 00,991,636 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1479.jpg
[2008/11/27 18:20:10 | 00,993,688 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1477.jpg
[2008/11/27 18:20:03 | 00,993,724 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1476.jpg
[2008/11/27 18:19:56 | 01,005,572 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1475.jpg
[2008/11/27 18:19:52 | 00,996,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1474.jpg
[2008/11/27 18:19:47 | 00,983,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1473.jpg
[2008/11/27 18:19:43 | 00,992,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1472.jpg
[2008/11/27 18:19:39 | 00,992,776 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1471.jpg
[2008/11/27 18:19:35 | 01,007,560 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1470.jpg
[2008/11/27 18:19:31 | 00,989,340 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1469.jpg
[2008/11/27 18:19:25 | 00,989,760 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1468.jpg
[2008/11/27 18:19:21 | 00,997,884 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1467.jpg
[2008/11/27 18:19:13 | 00,990,336 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1466.jpg
[2008/11/27 18:19:08 | 01,007,904 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1465.jpg
[2008/11/27 18:19:05 | 00,991,480 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1464.jpg
[2008/11/27 18:18:54 | 00,992,232 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1463.jpg
[2008/11/27 18:18:51 | 00,997,644 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1462.jpg
[2008/11/27 18:18:48 | 01,007,272 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1461.jpg
[2008/11/27 18:18:44 | 01,005,188 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1460.jpg
[2008/11/27 18:18:40 | 01,031,316 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1459.jpg
[2008/11/27 18:18:37 | 01,005,100 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1458.jpg
[2008/11/27 18:18:33 | 00,979,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1457.jpg
[2008/11/27 18:18:29 | 00,997,436 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1456.jpg
[2008/11/27 18:18:25 | 00,992,620 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1455.jpg
[2008/11/27 18:18:18 | 00,997,200 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1454.jpg
[2008/11/27 18:18:14 | 00,992,836 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1453.jpg
[2008/11/27 18:18:09 | 00,994,300 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1452.jpg
[2008/11/27 18:16:07 | 00,986,808 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1451.jpg
[2008/11/27 18:16:03 | 00,995,328 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1450.jpg
[2008/11/27 18:15:59 | 01,004,292 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1449.jpg
[2008/11/27 18:15:53 | 00,992,944 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1448.jpg
[2008/11/27 18:15:49 | 00,998,768 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1447.jpg
[2008/11/27 18:15:45 | 01,003,612 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1446.jpg
[2008/11/27 18:15:41 | 00,999,600 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1445.jpg
[2008/11/27 18:15:37 | 01,001,832 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1444.jpg
[2008/11/27 18:15:33 | 01,001,812 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1443.jpg
[2008/11/27 18:15:28 | 01,004,040 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1442.jpg
[2008/11/27 18:15:23 | 00,980,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1441.jpg
[2008/11/27 18:15:19 | 01,000,504 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1440.jpg
[2008/11/27 18:15:11 | 01,006,108 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1439.jpg
[2008/11/27 18:15:07 | 00,997,284 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1438.jpg
[2008/11/27 18:15:02 | 01,002,452 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1437.jpg
[2008/11/27 18:14:56 | 01,006,660 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1436.jpg
[2008/11/27 18:14:51 | 00,999,816 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1435.jpg
[2008/11/27 18:14:46 | 01,001,440 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1434.jpg
[2008/11/27 18:14:40 | 00,977,820 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1433.jpg
[2008/11/27 18:14:36 | 00,980,992 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1432.jpg
[2008/11/27 18:14:30 | 01,004,732 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1431.jpg
[2008/11/27 18:14:25 | 01,007,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1430.jpg
[2008/11/27 18:14:21 | 00,986,920 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1429.jpg
[2008/11/27 18:14:16 | 00,985,092 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1428.jpg
[2008/11/27 18:14:08 | 00,968,212 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1427.jpg
[2008/11/27 18:14:03 | 00,978,400 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1426.jpg
[2008/11/27 18:13:59 | 00,986,892 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1425.jpg
[2008/11/27 18:13:53 | 00,993,252 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1424.jpg
[2008/11/27 18:13:48 | 00,996,668 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1423.jpg
[2008/11/27 18:13:44 | 00,990,088 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1422.jpg
[2008/11/27 18:13:39 | 01,017,192 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1421.jpg
[2008/11/27 18:10:44 | 01,007,824 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1419.jpg
[2008/11/27 18:10:26 | 01,009,244 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1418.jpg
[2008/11/27 18:10:17 | 01,015,296 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1417.jpg
[2008/11/27 18:10:12 | 01,018,736 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\100_1416.jpg
[2008/11/27 18:09:10 | 01,001,712 | ---- | C] () -- C:\100_1553.jpg

========== Files - Modified Within 30 Days ==========

[13 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/26 22:06:08 | 00,000,868 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Install Verizon Internet Security Suite.lnk
[2008/12/26 19:10:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/26 00:40:06 | 01,484,800 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/12/26 00:40:06 | 00,784,384 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/12/25 15:33:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/25 15:33:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/25 15:24:31 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTMoveIt3.exe
[2008/12/24 22:14:02 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/24 22:11:01 | 00,000,466 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to gmer.lnk
[2008/12/24 22:06:37 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/24 22:06:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/24 22:06:37 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/24 20:58:31 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2008/12/24 16:29:24 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2008/12/23 23:45:58 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 23:33:34 | 00,002,741 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Attach.rar
[2008/12/21 01:46:32 | 00,001,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/19 01:03:03 | 00,005,732 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\NAMBLA_CustomTextures.zip
[2008/12/14 13:22:29 | 00,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/14 03:39:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/12 14:54:29 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 13:29:18 | 00,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Saitek Cyborg Mouse.lnk
[2008/12/12 13:29:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SaiK0CEA_01005.Wdf
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 03:02:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 20:21:17 | 00,001,884 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Star Wars Galaxies.lnk
[2008/12/04 01:07:23 | 00,060,705 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Squared-2.8.1.zip
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 12:15:26 | 00,001,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Curse Client.lnk
[2008/12/03 01:39:28 | 01,545,129 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Equilibriums UI.zip
[2008/12/03 01:28:26 | 00,023,508 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\CleanUnitFrames-1.0.15.zip
[2008/11/27 18:45:47 | 00,000,970 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2008/11/27 18:44:57 | 00,002,480 | ---- | M] () -- C:\WINDOWS\U3DEDIT2.INI
[2008/11/27 18:00:06 | 00,992,140 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1554.jpg
[2008/11/27 18:00:05 | 01,001,712 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1553.jpg
[2008/11/27 18:00:05 | 01,001,712 | ---- | M] () -- C:\100_1553.jpg
[2008/11/27 18:00:04 | 00,995,148 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1552.jpg
[2008/11/27 18:00:03 | 00,997,636 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1551.jpg
[2008/11/27 18:00:01 | 01,008,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1550.jpg
[2008/11/27 18:00:00 | 01,003,216 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1548.jpg
[2008/11/27 17:59:59 | 00,999,924 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1547.jpg
[2008/11/27 17:59:58 | 01,023,924 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1546.jpg
[2008/11/27 17:59:57 | 01,024,952 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1545.jpg
[2008/11/27 17:59:55 | 01,023,464 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1544.jpg
[2008/11/27 17:59:54 | 01,007,860 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1543.jpg
[2008/11/27 17:59:53 | 00,999,280 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1542.jpg
[2008/11/27 17:59:52 | 01,013,244 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1541.jpg
[2008/11/27 17:59:50 | 01,031,020 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1540.jpg
[2008/11/27 17:59:49 | 01,000,764 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1539.jpg
[2008/11/27 17:59:48 | 01,017,240 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1538.jpg
[2008/11/27 17:59:47 | 00,989,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1537.jpg
[2008/11/27 17:59:46 | 01,000,440 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1536.jpg
[2008/11/27 17:59:44 | 01,010,524 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1535.jpg
[2008/11/27 17:59:43 | 01,010,656 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1534.jpg
[2008/11/27 17:59:42 | 00,989,872 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1532.jpg
[2008/11/27 17:59:41 | 00,996,492 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1531.jpg
[2008/11/27 17:59:40 | 00,989,744 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1530.jpg
[2008/11/27 17:59:38 | 01,006,296 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1529.jpg
[2008/11/27 17:59:37 | 00,994,420 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1528.jpg
[2008/11/27 17:59:36 | 01,014,600 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1527.jpg
[2008/11/27 17:59:35 | 00,997,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1526.jpg
[2008/11/27 17:59:33 | 00,994,952 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1525.jpg
[2008/11/27 17:59:32 | 01,015,836 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1524.jpg
[2008/11/27 17:59:31 | 00,992,568 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1523.jpg
[2008/11/27 17:59:30 | 00,991,824 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1522.jpg
[2008/11/27 17:59:29 | 00,994,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1521.jpg
[2008/11/27 17:59:27 | 01,011,312 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1520.jpg
[2008/11/27 17:59:26 | 00,995,172 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1519.jpg
[2008/11/27 17:59:25 | 01,006,100 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1518.jpg
[2008/11/27 17:59:24 | 01,006,852 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1517.jpg
[2008/11/27 17:59:23 | 01,015,116 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1516.jpg
[2008/11/27 17:59:21 | 01,012,716 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1515.jpg
[2008/11/27 17:59:20 | 01,004,580 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1514.jpg
[2008/11/27 17:59:19 | 01,002,492 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1513.jpg
[2008/11/27 17:59:18 | 01,011,300 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1512.jpg
[2008/11/27 17:59:17 | 01,008,024 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1511.jpg
[2008/11/27 17:59:15 | 01,018,432 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1510.jpg
[2008/11/27 17:59:14 | 00,991,148 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1509.jpg
[2008/11/27 17:59:13 | 01,000,796 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1508.jpg
[2008/11/27 17:59:12 | 01,006,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1507.jpg
[2008/11/27 17:59:11 | 01,009,588 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1506.jpg
[2008/11/27 17:59:09 | 01,005,348 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1505.jpg
[2008/11/27 17:59:08 | 01,008,932 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1504.jpg
[2008/11/27 17:59:07 | 01,004,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1503.jpg
[2008/11/27 17:59:06 | 01,002,208 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1502.jpg
[2008/11/27 17:59:04 | 01,012,008 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1501.jpg
[2008/11/27 17:59:03 | 01,007,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1500.jpg
[2008/11/27 17:59:02 | 01,005,228 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1499.jpg
[2008/11/27 17:59:01 | 01,005,408 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1498.jpg
[2008/11/27 17:58:59 | 01,008,552 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1497.jpg
[2008/11/27 17:58:58 | 01,006,068 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1496.jpg
[2008/11/27 17:58:57 | 01,011,724 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1495.jpg
[2008/11/27 17:58:56 | 01,008,740 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1494.jpg
[2008/11/27 17:58:55 | 01,009,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1493.jpg
[2008/11/27 17:58:53 | 01,004,028 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1492.jpg
[2008/11/27 17:58:52 | 00,993,396 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1491.jpg
[2008/11/27 17:58:51 | 00,997,480 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1490.jpg
[2008/11/27 17:58:50 | 00,992,880 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1489.jpg
[2008/11/27 17:58:49 | 00,984,776 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1488.jpg
[2008/11/27 17:58:47 | 00,998,812 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1487.jpg
[2008/11/27 17:58:46 | 00,994,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1486.jpg
[2008/11/27 17:58:45 | 00,996,460 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1485.jpg
[2008/11/27 17:58:44 | 00,998,964 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1484.jpg
[2008/11/27 17:58:43 | 00,996,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1483.jpg
[2008/11/27 17:58:41 | 01,008,848 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1481.jpg
[2008/11/27 17:58:40 | 00,994,676 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1480.jpg
[2008/11/27 17:58:39 | 00,991,636 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1479.jpg
[2008/11/27 17:58:38 | 00,993,688 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1477.jpg
[2008/11/27 17:58:37 | 00,993,724 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1476.jpg
[2008/11/27 17:58:35 | 01,005,572 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1475.jpg
[2008/11/27 17:58:34 | 00,996,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1474.jpg
[2008/11/27 17:58:33 | 00,983,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1473.jpg
[2008/11/27 17:58:32 | 00,992,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1472.jpg
[2008/11/27 17:58:30 | 00,992,776 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1471.jpg
[2008/11/27 17:58:29 | 01,007,560 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1470.jpg
[2008/11/27 17:58:28 | 00,989,340 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1469.jpg
[2008/11/27 17:58:27 | 00,989,760 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1468.jpg
[2008/11/27 17:58:26 | 00,997,884 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1467.jpg
[2008/11/27 17:58:25 | 00,990,336 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1466.jpg
[2008/11/27 17:58:23 | 01,007,904 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1465.jpg
[2008/11/27 17:58:22 | 00,991,480 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1464.jpg
[2008/11/27 17:58:21 | 00,992,232 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1463.jpg
[2008/11/27 17:58:20 | 00,997,644 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1462.jpg
[2008/11/27 17:58:19 | 01,007,272 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1461.jpg
[2008/11/27 17:58:17 | 01,005,188 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1460.jpg
[2008/11/27 17:58:16 | 01,031,316 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1459.jpg
[2008/11/27 17:58:15 | 01,005,100 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1458.jpg
[2008/11/27 17:58:14 | 00,979,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1457.jpg
[2008/11/27 17:58:13 | 00,997,436 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1456.jpg
[2008/11/27 17:58:11 | 00,992,620 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1455.jpg
[2008/11/27 17:58:10 | 00,997,200 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1454.jpg
[2008/11/27 17:58:09 | 00,992,836 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1453.jpg
[2008/11/27 17:58:08 | 00,994,300 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1452.jpg
[2008/11/27 17:58:07 | 00,986,808 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1451.jpg
[2008/11/27 17:58:05 | 00,995,328 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1450.jpg
[2008/11/27 17:58:04 | 01,004,292 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1449.jpg
[2008/11/27 17:58:03 | 00,992,944 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1448.jpg
[2008/11/27 17:58:02 | 00,998,768 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1447.jpg
[2008/11/27 17:58:00 | 01,003,612 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1446.jpg
[2008/11/27 17:57:59 | 00,999,600 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1445.jpg
[2008/11/27 17:57:58 | 01,001,832 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1444.jpg
[2008/11/27 17:57:57 | 01,001,812 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1443.jpg
[2008/11/27 17:57:56 | 01,004,040 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1442.jpg
[2008/11/27 17:57:54 | 00,980,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1441.jpg
[2008/11/27 17:57:53 | 01,000,504 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1440.jpg
[2008/11/27 17:57:52 | 01,006,108 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1439.jpg
[2008/11/27 17:57:50 | 01,015,296 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1417.jpg
[2008/11/27 17:57:49 | 01,018,736 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1416.jpg
[2008/11/27 17:54:42 | 00,997,284 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1438.jpg
[2008/11/27 17:54:41 | 01,002,452 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1437.jpg
[2008/11/27 17:54:40 | 01,006,660 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1436.jpg
[2008/11/27 17:54:38 | 00,999,816 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1435.jpg
[2008/11/27 17:54:37 | 01,001,440 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1434.jpg
[2008/11/27 17:54:36 | 00,977,820 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1433.jpg
[2008/11/27 17:54:35 | 00,980,992 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1432.jpg
[2008/11/27 17:54:34 | 01,004,732 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1431.jpg
[2008/11/27 17:54:32 | 01,007,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1430.jpg
[2008/11/27 17:54:31 | 00,986,920 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1429.jpg
[2008/11/27 17:54:30 | 00,985,092 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1428.jpg
[2008/11/27 17:54:29 | 00,968,212 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1427.jpg
[2008/11/27 17:54:28 | 00,978,400 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1426.jpg
[2008/11/27 17:54:27 | 00,986,892 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1425.jpg
[2008/11/27 17:54:25 | 00,996,668 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1423.jpg
[2008/11/27 17:54:24 | 00,990,088 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1422.jpg
[2008/11/27 17:54:23 | 01,017,192 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1421.jpg
[2008/11/27 17:54:21 | 01,007,824 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1419.jpg
[2008/11/27 17:54:19 | 01,009,244 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1418.jpg
[2008/11/27 17:53:38 | 00,993,252 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\100_1424.jpg
< End of report >




OTViewIt Extras logfile created on: 12/26/2008 10:09:18 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.73% Memory free
3.85 Gb Paging File | 2.91 Gb Available in Paging File | 75.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.28 Gb Free Space | 43.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
File not found -- C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
[2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
File not found -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
File not found -- C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System
File not found -- C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Enabled:Age of Empires II
[2008/04/30 17:58:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/07/05 16:23:08 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2007/05/25 04:38:32 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe:*:Enabled:
[2007/05/25 04:38:35 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe:*:Enabled:
[2007/05/25 04:38:48 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe:*:Enabled:
[2007/10/24 23:11:24 | 04,674,784 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32
[2007/10/24 23:11:28 | 00,017,120 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32
[2008/10/18 16:12:03 | 06,448,448 | ---- | M] (Flagship Studios) -- C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London
[2008/10/08 19:47:08 | 03,098,448 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
File not found -- F:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
[2006/09/26 16:53:22 | 07,574,463 | ---- | M] () -- C:\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
File not found -- C:\Program Files\ROBLOX Corporation\ROBLOX\Roblox.exe:*:Enabled:ROBLOX Game
[2006/09/26 16:53:22 | 07,574,463 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
File not found -- F:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
[2008/07/03 10:30:08 | 05,661,928 | ---- | M] (BioWare) -- C:\Documents and Settings\Dave\Desktop\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
[2008/07/16 00:37:19 | 02,330,624 | ---- | M] () -- C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad
[2008/12/04 20:36:23 | 24,137,728 | ---- | M] (Sony Online Entertainment) -- C:\Program Files\StarWarsGalaxies\SwgClient_r.exe:*:Disabled:SwgClient_r
[2008/08/17 18:45:27 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2008/11/28 01:23:55 | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
[2008/11/07 07:11:10 | 01,055,744 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/09/30 23:39:08 | 01,470,464 | ---- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
[2008/08/23 09:10:33 | 24,076,288 | ---- | M] (Sony Online Entertainment) -- C:\Program Files\StarWarsGalaxies\testcenter\SwgClient_r.exe:*:Enabled:SwgClient_r
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/10 14:56:32 | 04,789,760 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}"=Crysis®
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2™
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{12EC0178-2605-4973-B9D6-D3E0B95A62A5}"=Saitek SD6 Programming Software 6.2.2.4
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}"=Mobile Broadband Drivers
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}"=Sound Blaster Audigy
"{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"{242FBF70-03A3-4317-931F-FA7798F39A13}"=Winflash
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 11
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}"=Data Lifeguard Tools
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150120}"=J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{50D4CB89-AF34-4978-96DC-C3034062E901}"=Battlefield 2: Special Forces
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}"=fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{6710FE30-27F7-492B-A660-D31D4A898A43}"=MSN Toolbar
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}"=CryEngine®2 Sandbox™2
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{92B0B959-BDC0-41D0-A3D3-5F89AF5297B2}"=T-Utility Hardware Monitor
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{A179591B-58E3-4365-BF57-2E1DE45662A1}"=T-Utility Over Clock
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}"=Hellgate: London
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}"=Saitek Cyborg Keyboard Volume 6.2.1.3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7646-A70000000000}"=Adobe Reader 7.0
"{AC76BA86-7AD7-3D00-0000-7E8A450000A7}"=3D For Adobe Reader Package
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}"=Spelling Dictionaries For Adobe Reader Package
"{AC76BA86-7AD7-EF45-EB65-7E8A450000A7}"=Adobe Reader Digital Editions and Accessibility Package
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}"=hph_software_req
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}"=Dual-Core Optimizer
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}"=Pivot Stickfigure Animator
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}"=HP Photosmart and Deskjet 7.0 Software
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}"=Razer Copperhead
"{D8748D14-88C5-44C7-8A22-F3CE754A1218}"=T-Utility BIOS Live Update
"{DACE3124-AA28-4D1E-BF64-7BD2C339A310}"=Saitek SD6 Programming Software 6.2.0.11
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Blender"=Blender (remove only)
"Combat Arms"=Combat Arms
"Coupon Printer for Windows4.0"=Coupon Printer for Windows
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"CurseClient"=Curse Client
"FMOD Designer"=FMOD Designer
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}"=NVIDIA ForceWare Network Access Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"NVIDIA Drivers"=NVIDIA Drivers
"prunnet"=Advertisement Service
"PunkBusterSvc"=PunkBuster Services
"RadialpointClientGateway_is1"=Verizon Servicepoint 1.5.20
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SysInfo"=Creative System Information
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Titanic"=Titanic
"Ulead GIF Animator 3.0a"=Special Bonus from Ulead F/X for GIF Animator
"Ulead WebRazor Pro 1.02"=Ulead WebRazor Pro 1.02 Full Version
"Verizon Online Help and Support"=Verizon Online Help and Support
"Warhammer Online - Age of Reckoning"=Warhammer Online - Age of Reckoning
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"Xfire"=Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}"=Roblox for Dave
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer"=LEGO Digital Designer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-1935655697-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}"=Roblox for Dave
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"New LEGO Digital Designer"=LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2008 1:23:17 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2008 1:18:28 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2008 9:07:26 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000010e6.

Error - 12/18/2008 8:09:37 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5726, fault address 0x0006c4e5.

Error - 12/21/2008 2:28:53 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 7.0.25.114, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000113a2.

Error - 12/21/2008 2:33:24 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 7.0.25.114, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/22/2008 10:05:46 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application VirusRemover2008_Setup_Free_en[1].exe, version
1.0.22.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 6:56:31 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 8:14:31 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.2.2.4, faulting module
profileru.exe, version 6.2.2.4, fault address 0x0000571f.

Error - 12/26/2008 5:04:57 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2008 11:06:51 PM | Computer Name = DAVID | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >





GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-26 22:58:15
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT BAF05AD4 ZwCreateThread
SSDT BAF05AC0 ZwOpenProcess
SSDT BAF05AC5 ZwOpenThread
SSDT BAF05ACF ZwTerminateProcess
SSDT BAF05ACA ZwWriteVirtualMemory

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

---- EOF - GMER 1.0.14 ----



Machine seems fine...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users