Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DR/Delphi.gen Trojan? Problems with external drives alerting Avira


  • This topic is locked This topic is locked
20 replies to this topic

#1 dcheng116

dcheng116

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 02 April 2009 - 04:35 PM

Hey, I'm new here, so I hope I did everything appropriately.

I think the first thing was that I scanned my computer for errors with Avira Antivirus (free edition). A few major things showed up, and actually they came up periodically in scans months later.

1) DR/Delphi.Gen (Trojan-Dropper): It was found in something like C:\RECYCLER\S-1-5-21--1482476501-1644491937-682003330-1013\spoolsv.exe
2) DR/Delphi.Gen (Trojan-Dropper): in C:\ARK1B.tmp
3) TR/Autorun.TE: in X:\autorun.inf, where X is a external flash drive, compact flash card, external HD etc. Avira alerts me when i plug these in, even if i had just formatted the drive.


I ran Hijackthis i'll attach the DDS report, but one thing that stuck out to me is this:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04E3CDC-6C37-4C59-A8DE-6A177436613E}: NameServer = 171.64.7.77,171.64.7.55
I don't know what it is but i'm worried because it points to a couple ip addresses.


--Thanks!

==DDS.txt=========

DDS (Ver_09-03-16.01) - NTFSx86
Run by Daniel at 22:45:19.53 on Wed 04/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.498 [GMT -7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Daniel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jucheck.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Firefox Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.digsby.com
uSearch Page = hxxp://searchbox.digsby.com/
uSearch Bar = hxxp://searchbox.digsby.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Page = hxxp://searchbox.digsby.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://searchbox.digsby.com/search?q=%s
mSearchAssistant = hxxp://searchbox.digsby.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SansaDispatch] c:\documents and settings\daniel\application data\sandisk\sansa updater\SansaDispatch.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [EPSON Stylus CX6000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibia.exe /fu "c:\windows\temp\E_S82.tmp" /EF "HKLM"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\uclaci~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://d:\program files\ctrax player\DMDownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://upload.divshare.com/scripts/uploader/ImageUploader4.cab
TCP: {B04E3CDC-6C37-4C59-A8DE-6A177436613E} = 171.64.7.77,171.64.7.55
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daniel\applic~1\mozilla\firefox\profiles\4hnnn2yl.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [2008-8-8 96376]
R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [2008-11-8 12800]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-2-3 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-2-3 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-2-3 151297]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2008-11-8 345984]
R2 Z-SANService;Z-SAN Service;d:\program files\netgear\netgear storage central manager utility\Z-SANService.exe [2008-11-8 376891]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-2-3 52032]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [2008-11-8 15488]
R3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [2008-11-8 5120]
S3 Atmpork;Atmpork; [x]
S3 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2008-8-8 843384]
S3 Raom_sphpm;Raom_sphpm; [x]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-6-5 280344]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]

=============== Created Last 30 ================

2009-04-01 22:32 <DIR> --d----- c:\program files\Trend Micro
2009-03-24 13:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-03-24 13:07 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2009-03-24 13:07 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-03-24 12:51 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-03-16 17:13 1,917 a------- c:\windows\imsins.BAK
2009-03-14 15:35 <DIR> --d----- c:\docume~1\daniel\applic~1\foobar2000
2009-03-14 15:35 <DIR> --d----- c:\program files\foobar2000
2009-03-14 13:36 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-03-14 13:36 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-05 15:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-10-19 18:57 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101920081020\index.dat

============= FINISH: 22:45:57.50 ===============


==End DDS.txt=======

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 10 April 2009 - 05:05 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
In your next reply please include the following:
  • MBAM log
  • OTListIt.txt
  • Description of Problems you still have

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 dcheng116

dcheng116
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 12 April 2009 - 02:43 AM

thanks for the reply! i'll try it now

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 12 April 2009 - 10:07 AM

Okay.

Thanks for the update.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 dcheng116

dcheng116
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 12 April 2009 - 07:56 PM

I also noticed that my C:\ drive has one user (S-1-342...etc.) listed in C:\Recycler, while my other partition, D:\ has two user accounts. Does that mean anything?


MBAM Log:

Malwarebytes' Anti-Malware 1.36
Database version: 1971
Windows 5.1.2600 Service Pack 3

4/12/2009 5:20:20 PM
mbam-log-2009-04-12 (17-20-20).txt

Scan type: Quick Scan
Objects scanned: 73217
Time elapsed: 16 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{88abc5c0-4fcb-11bb-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

==================
==================

OTListIT.txt

OTListIt logfile created on: 4/12/2009 5:46:56 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Daniel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 572.38 Mb Available Physical Memory | 56.42% Memory free
2.09 Gb Paging File | 1.72 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): C:\pagefile.sys 200 500;D:\pagefile.sys 1024 1256;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.87 Gb Total Space | 0.87 Gb Free Space | 8.85% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 9.16 Gb Free Space | 14.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 151.11 Gb Total Space | 88.91 Gb Free Space | 58.83% Space Free | Partition Type: DataPlowSFSZ
Drive G: | 295.18 Gb Total Space | 31.58 Gb Free Space | 10.70% Space Free | Partition Type: DataPlowSFSZ
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCLAPPY
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2006/02/28 09:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/07/27 13:48:04 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/24 04:20:10 | 00,088,363 | R--- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/02/08 09:38:10 | 00,159,744 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/12/13 07:38:52 | 00,126,976 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/12/03 13:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2005/04/11 15:21:02 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2004/10/05 14:08:28 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2007/08/08 20:54:24 | 00,376,891 | ---- | M] (Zetera Corporation) -- D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
PRC - [2008/04/13 17:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/15 15:42:35 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Daniel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2005/03/04 12:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2009/04/12 00:45:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe
PRC - [2009/03/30 09:48:38 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (Atmpork [On_Demand | Stopped])
SRV - [2006/02/28 09:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2008/08/08 05:17:00 | 00,843,384 | ---- | M] (eBoostr.com) -- C:\Program Files\eBoostr\EBstrSvc.exe -- (EBOOSTRSVC [On_Demand | Stopped])
SRV - [2009/03/24 12:51:48 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/01/03 18:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/03/04 12:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Running])
SRV - [2006/10/30 10:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/08/08 20:54:24 | 00,376,891 | ---- | M] (Zetera Corporation) -- D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe -- (Z-SANService [Auto | Running])
SRV - [2008/04/29 19:56:20 | 00,061,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Disabled | Stopped])
SRV - [2008/04/29 19:56:32 | 05,065,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Disabled | Stopped])
SRV - [2008/04/29 19:56:22 | 00,245,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2004/10/06 01:29:50 | 00,129,280 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2004/08/24 04:20:08 | 01,268,204 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/01/31 10:23:08 | 00,109,319 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/10/30 11:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007/05/11 03:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
DRV - [2007/03/05 06:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
DRV - [2007/03/05 05:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2007/05/09 01:59:40 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2007/03/05 05:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
DRV - [2007/03/05 05:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2006/11/21 22:41:18 | 00,022,416 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
DRV - [2005/05/17 04:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2006/04/20 08:33:40 | 00,303,740 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2005/03/14 14:01:38 | 00,041,984 | ---- | M] (DeviceGuys, Inc.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2005/06/29 19:50:30 | 00,110,080 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2004/04/14 07:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EABFiltr.sys -- (eabfiltr [System | Running])
DRV - [2003/06/06 11:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2008/08/08 05:17:00 | 00,096,376 | ---- | M] (eBoostr.com) -- C:\WINDOWS\system32\drivers\eBoost.sys -- (eBoost [Boot | Running])
DRV - [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/05/12 17:25:28 | 00,026,056 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2004/12/13 08:11:40 | 00,776,157 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2002/09/20 03:53:34 | 00,235,100 | R--- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2004/03/23 19:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5 [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2004/06/28 03:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 15:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2006/11/06 01:28:11 | 00,030,988 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/04/26 02:49:56 | 00,381,056 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2007/08/14 22:29:46 | 00,345,984 | ---- | M] (DataPlow, Incorporated) -- C:\WINDOWS\system32\drivers\sfsz.sys -- (SFSZ [Auto | Running])
DRV - [2004/09/01 12:17:46 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2005/03/16 05:43:06 | 00,159,488 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/03/05 05:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2007/03/05 05:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
DRV - [2006/04/07 17:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\WINDOWS\system32\DRIVERS\VNUSB.sys -- (VNUSB [On_Demand | Stopped])
DRV - [2005/01/26 06:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2004/11/22 03:41:16 | 03,222,784 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2006/10/13 18:19:58 | 00,050,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\xusb20.sys -- (xusb20 [On_Demand | Stopped])
DRV - [2007/08/08 20:57:18 | 00,015,488 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetBus.sys -- (ZetBus [On_Demand | Running])
DRV - [2007/08/08 20:57:16 | 00,005,120 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetMPD.sys -- (ZetMPD [On_Demand | Running])
DRV - [2007/08/08 20:57:18 | 00,012,800 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetSFD.sys -- (ZetSFD [Boot | Running])
DRV - [2008/04/29 19:39:04 | 00,040,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.digsby.com
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\S-1-5-21-842925246-1214440339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\S-1-5-21-842925246-1214440339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.19.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:0.68.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:3.3.9


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/14 13:36:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/30 09:48:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/09 14:22:08 | 00,000,000 | ---D | M]

[2008/06/19 00:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Extensions
[2008/06/19 00:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/11 09:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions
[2009/01/27 02:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2009/03/28 01:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2007/10/20 09:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{69574B2C-CFBB-469f-9E09-90DCEEBAAC9D}
[2008/06/30 22:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2006/12/31 00:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2009/04/09 14:28:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/27 02:24:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/06 01:14:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/02/27 14:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/06/19 00:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2008/12/01 01:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\check4change-owner@mozdev.org
[2009/02/14 16:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\moveplayer@movenetworks.com
[2009/04/12 17:10:21 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\biblegateway-esv.xml
[2009/04/12 17:10:21 | 00,001,025 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\Blingo.xml
[2008/06/01 22:34:16 | 00,001,162 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\dictionary.xml
[2008/07/20 19:38:04 | 00,002,220 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\digsby.xml
[2009/04/12 17:10:21 | 00,002,216 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\flickr.xml
[2009/03/05 16:15:31 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\pricegrabber.xml
[2008/06/24 22:56:26 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\wikipedia.xml
[2007/08/21 10:46:07 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\youtube-video-search.xml
[2009/04/12 17:45:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/30 09:48:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/21 00:00:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/14 13:36:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/04 21:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/30 09:48:38 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/30 09:48:38 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/22 23:15:58 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/22 23:15:58 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/22 23:15:58 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/22 23:15:58 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/22 23:15:58 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/22 23:15:58 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/22 23:15:58 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S82.tmp" /EF "HKLM" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-842925246-1214440339-725345543-1004..\Run: [SansaDispatch] C:\Documents and Settings\Daniel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe (eBoostr.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UCLA Cisco VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - file://D:\Program Files\Ctrax Player\DMDownload.htm File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://upload.divshare.com/scripts/uploade...geUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{B04E3CDC-6C37-4C59-A8DE-6A177436613E}\\NameServer = 171.64.7.77,171.64.7.55
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 13:07:55 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3216a64d-b3f5-11dd-88f5-00158304db44}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
O33 - MountPoints2\{3216a64d-b3f5-11dd-88f5-00158304db44}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
O33 - MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\Shell - "" = AutoRun
O33 - MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7701753f-169e-11db-8781-0012f0840d41}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
O33 - MountPoints2\{7701753f-169e-11db-8781-0012f0840d41}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
O33 - MountPoints2\{ae3825e9-bc4a-11dd-88f9-00158304db44}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
O33 - MountPoints2\{ae3825e9-bc4a-11dd-88f9-00158304db44}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\Daniel\Desktop\*.tmp files]
[2009/04/12 17:02:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\Malwarebytes
[2009/04/12 17:02:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/12 17:02:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/12 17:02:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/12 17:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/12 00:46:35 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Flash_Disinfector.exe
[2009/04/12 00:45:10 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe
[2009/04/12 00:44:49 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel\Desktop\mbam-setup.exe
[2009/04/11 09:40:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Schlinger Reading
[2009/04/09 15:06:41 | 00,147,258 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\chicquita.jpg
[2009/04/09 14:25:59 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 4.doc
[2009/04/09 14:05:30 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 4.doc
[2009/04/09 12:27:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\neurosci 101C pgs 105-114.PDF
[2009/04/07 19:42:00 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 3.doc
[2009/04/07 13:23:51 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 3.doc
[2009/04/05 21:01:20 | 00,011,690 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\banquet decor budget.xlsx
[2009/04/05 16:41:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\40years
[2009/04/05 16:08:43 | 00,075,109 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\SG-Schedules.gif
[2009/04/05 00:03:06 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Hebrews 4 Notes.doc
[2009/04/05 00:02:54 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes2.doc
[2009/04/04 23:43:33 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Hi Melissa.doc
[2009/04/02 22:15:22 | 00,011,778 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\nathan_kwok_schedule.ics
[2009/04/02 14:48:25 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 2.doc
[2009/04/02 13:33:47 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 2.doc
[2009/04/02 13:23:25 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\david's girly notes.doc
[2009/04/01 22:32:47 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\HijackThis.lnk
[2009/04/01 22:32:46 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/31 14:15:21 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 1.doc
[2009/03/31 14:07:21 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 1.doc
[2009/03/31 11:46:18 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Med Schools Data.doc
[2009/03/30 09:44:45 | 00,382,878 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\img011.pdf
[2009/03/30 00:51:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Daniel\Desktop\~$NNotes.doc
[2009/03/30 00:51:47 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes.doc
[2009/03/26 23:59:37 | 02,082,611 | R--- | C] () -- C:\Documents and Settings\Daniel\Desktop\28565_Aldefluor.pdf
[2009/03/26 23:48:38 | 00,266,311 | R--- | C] () -- C:\Documents and Settings\Daniel\Desktop\12_aldefluor.pdf
[2009/03/26 22:02:19 | 03,221,504 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\MONAL Assay Presentation-Final.ppt
[2009/03/25 18:15:39 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\France STM Support Letter.doc
[2009/03/24 15:57:38 | 00,000,326 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\USB.lnk
[2009/03/24 14:46:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Installer888
[2009/03/24 13:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/24 13:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/03/24 13:07:48 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/03/24 13:07:48 | 00,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2009/03/24 12:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/03/24 12:44:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Winter 09
[2009/03/24 12:43:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Web Layouts
[2009/03/16 17:13:00 | 00,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/03/14 15:35:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\foobar2000
[2009/03/14 15:35:18 | 00,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2009/03/14 13:50:50 | 10,637,68064 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/08 14:34:39 | 00,163,927 | ---- | C] () -- C:\WINDOWS\System32\ZSANCoInst.dll
[2008/10/15 15:24:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/10/15 15:24:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2008/07/23 23:13:21 | 00,000,528 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/06/05 03:04:48 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/06/05 03:03:50 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/05 03:03:48 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/19 14:02:26 | 00,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2007/09/07 23:32:28 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/07/26 10:17:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DU800.INI
[2007/01/25 03:43:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/25 02:07:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/25 13:21:01 | 00,004,810 | ---- | C] () -- C:\WINDOWS\System32\Mapx16w6.dll
[2006/11/25 12:52:55 | 00,000,038 | ---- | C] () -- C:\WINDOWS\System32\w3url.dll
[2006/11/23 22:56:20 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/11 13:39:47 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 14:14:46 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/08/21 14:14:46 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/18 13:45:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/07/18 13:07:06 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/18 13:03:29 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/18 13:03:29 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/18 13:03:29 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/18 13:03:29 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/18 13:03:29 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/18 13:03:29 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/04 05:00:00 | 00,414,720 | ---- | C] () -- C:\WINDOWS\System32\msscp.dll
[2004/08/04 05:00:00 | 00,314,880 | ---- | C] () -- C:\WINDOWS\System32\scesrv.dll
[2004/08/04 05:00:00 | 00,000,589 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/24 02:20:02 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/01/13 11:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/03/19 18:30:00 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Daniel\Desktop\*.tmp files]
[2009/04/12 17:27:19 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/12 17:27:19 | 00,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/12 17:27:19 | 00,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/12 17:22:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/12 17:22:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/12 17:22:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/12 17:22:22 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/12 00:46:36 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Flash_Disinfector.exe
[2009/04/12 00:45:27 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel\Desktop\mbam-setup.exe
[2009/04/12 00:45:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe
[2009/04/11 19:10:01 | 00,095,232 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 15:40:27 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 4.doc
[2009/04/09 15:06:41 | 00,147,258 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\chicquita.jpg
[2009/04/09 14:05:31 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 4.doc
[2009/04/09 12:27:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\neurosci 101C pgs 105-114.PDF
[2009/04/09 12:12:11 | 01,542,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/07 19:42:00 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 3.doc
[2009/04/07 13:23:51 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 3.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 22:41:33 | 00,011,690 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\banquet decor budget.xlsx
[2009/04/05 16:08:43 | 00,075,109 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\SG-Schedules.gif
[2009/04/05 00:03:06 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Hebrews 4 Notes.doc
[2009/04/05 00:02:54 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes2.doc
[2009/04/04 23:43:33 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Hi Melissa.doc
[2009/04/04 23:04:48 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 22:15:22 | 00,011,778 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\nathan_kwok_schedule.ics
[2009/04/02 15:40:49 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 2.doc
[2009/04/02 14:13:01 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 2.doc
[2009/04/02 13:23:26 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\david's girly notes.doc
[2009/04/01 22:32:47 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\HijackThis.lnk
[2009/04/01 01:50:46 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes.doc
[2009/03/31 15:26:37 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 1.doc
[2009/03/31 14:07:21 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 1.doc
[2009/03/31 12:16:08 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Med Schools Data.doc
[2009/03/30 09:44:47 | 00,382,878 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\img011.pdf
[2009/03/30 09:31:34 | 03,221,504 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\MONAL Assay Presentation-Final.ppt
[2009/03/30 00:51:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Daniel\Desktop\~$NNotes.doc
[2009/03/30 00:29:48 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\France STM Support Letter.doc
[2009/03/26 23:59:20 | 02,082,611 | R--- | M] () -- C:\Documents and Settings\Daniel\Desktop\28565_Aldefluor.pdf
[2009/03/26 23:48:08 | 00,266,311 | R--- | M] () -- C:\Documents and Settings\Daniel\Desktop\12_aldefluor.pdf
[2009/03/24 15:57:53 | 00,000,326 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\USB.lnk
[2009/03/24 14:04:16 | 00,056,776 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/19 05:44:36 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\Daniel\My Documents\spider.sav
[2009/03/16 17:13:23 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

===============
===============

Extras.Txt

OTListIt Extras logfile created on: 4/12/2009 5:47:00 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Daniel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 572.38 Mb Available Physical Memory | 56.42% Memory free
2.09 Gb Paging File | 1.72 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): C:\pagefile.sys 200 500;D:\pagefile.sys 1024 1256;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.87 Gb Total Space | 0.87 Gb Free Space | 8.85% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 9.16 Gb Free Space | 14.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 151.11 Gb Total Space | 88.91 Gb Free Space | 58.83% Space Free | Partition Type: DataPlowSFSZ
Drive G: | 295.18 Gb Total Space | 31.58 Gb Free Space | 10.70% Space Free | Partition Type: DataPlowSFSZ
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCLAPPY
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"20001:UDP" = 20001:UDP:*:Enabled:MicroSAN
"80:TCP" = 80:TCP:*:Enabled:Web

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
File not found -- D:\Games\Valve\Steam\SteamApps\elitepenguin74@yahoo.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher
[2005/12/30 19:02:25 | 01,646,592 | ---- | M] (Cerulean Studios) -- D:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
File not found -- D:\Games\Valve\Steam\SteamApps\elitepenguin74@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher
[2005/10/25 11:28:15 | 00,081,920 | ---- | M] (Lime Wire, LLC) -- D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/30 10:36:32 | 15,338,560 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- D:\Games\Valve\Steam\SteamApps\elitepenguin74@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2007/05/12 17:25:27 | 00,617,000 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client
[2006/02/28 09:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus
[2007/09/01 21:53:49 | 00,224,048 | ---- | M] () -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
File not found -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
[2008/04/13 17:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
File not found -- C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
[2009/01/12 15:15:42 | 00,045,603 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin
[2007/05/17 17:08:14 | 00,661,776 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
[2008/11/07 15:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
[2008/04/13 17:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0354C0B5-AA35-49D8-B7B7-1CF3412465DD}" = DataCastComponent
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18A0369F-3469-4BE8-9DCC-AE4B7B25E9BC}" = SKYPAL T-20
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{27AB9BD6-4A3E-4BBD-8381-CD445E474936}" = Berkeley Madonna
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}" = e-Sword
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3672E1B-021F-4F50-A891-609471CCF941}" = NETGEAR Storage Central Manager Utility
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C63FE-DBA4-4FDA-9306-55AA627CE6C7}" = Wise-FTP
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AMPro" = AttributeMagic Pro
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ask Toolbar_is1" = Foxit Toolbar
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.2 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner (remove only)
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"Cole2k Media - Nero Audio Plugin Pack" = Cole2k Media - Nero Audio Plugin Pack
"Color Cop_is1" = Color Cop 5.4.3
"eBoostr 1" = eBoostr 2
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"foobar2000" = foobar2000 v0.9.6.3
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.6 rev a (remove only)
"Hamachi" = Hamachi 1.0.2.1
"HijackThis" = HijackThis 2.0.2
"hott notes 4" = hott notes 4
"ie7" = Windows Internet Explorer 7
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"IsoBuster_is1" = IsoBuster 2.1
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MRIcroN" = MRIcroN (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Pawn 2" = Pawn 2
"PhotoME_is1" = PhotoME
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"XviD_is1" = XviD MPEG-4 Video Codec
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pipeline" = Pipeline (remove only)
"Sansa Updater" = Sansa Updater

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pipeline" = Pipeline (remove only)
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2008 5:35:45 AM | Computer Name = DCLAPPY | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20071.12718, faulting
module firefox.exe, version 1.8.20071.12718, fault address 0x0022a9c5.

Error - 1/27/2008 7:02:08 PM | Computer Name = DCLAPPY | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 6.0.12.1578, faulting module
mpacore.dll, version 1.0.3.2742, fault address 0x0000778e.

Error - 1/29/2008 7:05:46 PM | Computer Name = DCLAPPY | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.4.exe, version 0.0.0.0, faulting module
libgdk-win32-2.0-0.dll, version 2.12.5.0, fault address 0x000483a0.

Error - 2/21/2008 5:50:44 AM | Computer Name = DCLAPPY | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.5.0.239, faulting module
skype.exe, version 3.5.0.239, fault address 0x00005bf4.

Error - 2/21/2008 5:50:49 AM | Computer Name = DCLAPPY | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 2/21/2008 5:51:43 AM | Computer Name = DCLAPPY | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 3.5.0.239, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/21/2008 5:53:13 AM | Computer Name = DCLAPPY | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.5.0.239, faulting module
skype.exe, version 3.5.0.239, fault address 0x00005bf4.

Error - 2/21/2008 5:53:36 AM | Computer Name = DCLAPPY | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 3.5.0.239, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2008 5:10:35 AM | Computer Name = DCLAPPY | Source = Application Hang | ID = 1002
Description = Hanging application MediaMonkey.exe, version 3.0.2.1134, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/20/2008 11:33:29 PM | Computer Name = DCLAPPY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.20121, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/12/2009 7:59:36 PM | Computer Name = DCLAPPY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/12/2009 7:59:51 PM | Computer Name = DCLAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 4/12/2009 8:01:27 PM | Computer Name = DCLAPPY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AntiVirScheduler service.

Error - 4/12/2009 8:02:18 PM | Computer Name = DCLAPPY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AntiVirScheduler service.

Error - 4/12/2009 8:22:36 PM | Computer Name = DCLAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 4/12/2009 8:22:41 PM | Computer Name = DCLAPPY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde ZetSFD

Error - 4/12/2009 8:22:47 PM | Computer Name = DCLAPPY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/12/2009 8:23:30 PM | Computer Name = DCLAPPY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AntiVirScheduler service.

Error - 4/12/2009 8:24:07 PM | Computer Name = DCLAPPY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AntiVirScheduler service.

Error - 4/12/2009 8:24:38 PM | Computer Name = DCLAPPY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AntiVirScheduler service.


< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 13 April 2009 - 11:06 AM

Hello.

Did you run flash-drive disinfector yet? I don't think you did.

Please run it NOW please with ALL of your external hard-drives plugged in please.

LEAVE ALL YOUR FLASH-DRIVES IN ONCE IT'S FINISHED AND FOLLOW THE STEPS BELOW WITH IT CONNECTED.

Run Script with OTListIT2

We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTLI
    O33 - MountPoints2\{3216a64d-b3f5-11dd-88f5-00158304db44}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
    O33 - MountPoints2\{3216a64d-b3f5-11dd-88f5-00158304db44}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
    O33 - MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\Shell - "" = AutoRun
    O33 - MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{7701753f-169e-11db-8781-0012f0840d41}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
    O33 - MountPoints2\{7701753f-169e-11db-8781-0012f0840d41}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
    O33 - MountPoints2\{ae3825e9-bc4a-11dd-88f9-00158304db44}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
    O33 - MountPoints2\{ae3825e9-bc4a-11dd-88f9-00158304db44}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe -- File not found
    :files
    C:\RECYCLER
    D:\RECYCLER
    E:\RECYCLER
    F:\RECYCLER
    G:\RECYCLER
    C:\WINDOWS\_delis32.ini
    :commands
    [EmptyTemp]
    [Reboot]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Download and Run SUPERAntiSpyware
We will run a scan with SuperAntiSpyware.
  • Download SUPERAntiSpyware to your desktop.
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation. Delete the installer after use.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download and unzip them from here.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive (or whatever drive your system is installed on).
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
  • Make sure everything has a checkmark next to it and click Next.
  • A notification will appear saying that "Quarantine and Removal is Complete". Click OK and then click the Finish button to return to the main menu.
  • If asked if you want to reboot, click Yes.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Post back with:
-OTListIt2 FIX log
-New OTListIT2 SCAN log
-SuperAntiSpyware scan log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 dcheng116

dcheng116
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 14 April 2009 - 05:25 PM

-OTListIt2 FIX log-
========== OTLISTIT ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3216a64d-b3f5-11dd-88f5-00158304db44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3216a64d-b3f5-11dd-88f5-00158304db44}\ not found.
File G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3216a64d-b3f5-11dd-88f5-00158304db44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3216a64d-b3f5-11dd-88f5-00158304db44}\ not found.
File G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481a2c1e-376a-11dd-88a2-0012f0840d41}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481a2c1e-376a-11dd-88a2-0012f0840d41}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481a2c1e-376a-11dd-88a2-0012f0840d41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481a2c1e-376a-11dd-88a2-0012f0840d41}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7701753f-169e-11db-8781-0012f0840d41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7701753f-169e-11db-8781-0012f0840d41}\ not found.
File G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7701753f-169e-11db-8781-0012f0840d41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7701753f-169e-11db-8781-0012f0840d41}\ not found.
File G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae3825e9-bc4a-11dd-88f9-00158304db44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae3825e9-bc4a-11dd-88f9-00158304db44}\ not found.
File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae3825e9-bc4a-11dd-88f9-00158304db44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae3825e9-bc4a-11dd-88f9-00158304db44}\ not found.
File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
========== FILES ==========
C:\RECYCLER\S-1-5-21-842925246-1214440339-725345543-1004 moved successfully.
C:\RECYCLER moved successfully.
D:\RECYCLER\S-1-5-21-842925246-1214440339-725345543-1004 moved successfully.
D:\RECYCLER\S-1-5-21-1409082233-1078145449-682003330-1004\Dd159 moved successfully.
D:\RECYCLER\S-1-5-21-1409082233-1078145449-682003330-1004 moved successfully.
D:\RECYCLER moved successfully.
File/Folder E:\RECYCLER not found.
File/Folder F:\RECYCLER not found.
File/Folder G:\RECYCLER not found.
C:\WINDOWS\_delis32.ini moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Daniel\Local Settings\Temp\etilqs_xNho3INGLpE8THbSPawK scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel\Local Settings\Temp\~DF94DA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_178.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04132009_094009

Files moved on Reboot...
File C:\Documents and Settings\Daniel\Local Settings\Temp\etilqs_xNho3INGLpE8THbSPawK not found!
File C:\Documents and Settings\Daniel\Local Settings\Temp\~DF94DA.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_178.dat not found!
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hnnn2yl.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...


-New OTListIT2 SCAN log-
OTListIt logfile created on: 4/14/2009 3:15:53 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Daniel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 532.06 Mb Available Physical Memory | 52.45% Memory free
2.09 Gb Paging File | 1.69 Gb Available in Paging File | 80.70% Paging File free
Paging file location(s): C:\pagefile.sys 200 500;D:\pagefile.sys 1024 1256;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.87 Gb Total Space | 1.06 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 8.06 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
Drive E: | 1.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.93 Gb Total Space | 0.69 Gb Free Space | 35.95% Space Free | Partition Type: FAT32
Drive I: | 1.83 Gb Total Space | 0.77 Gb Free Space | 42.25% Space Free | Partition Type: FAT32

Computer Name: DCLAPPY
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2006/02/28 09:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2007/08/08 20:54:24 | 00,376,891 | ---- | M] (Zetera Corporation) -- D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
PRC - [2004/07/27 13:48:04 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/24 04:20:10 | 00,088,363 | R--- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2005/02/08 09:38:10 | 00,159,744 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2004/12/13 07:38:52 | 00,126,976 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/12/03 13:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2005/04/11 15:21:02 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2004/10/05 14:08:28 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2008/04/13 17:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/29 19:56:20 | 00,158,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/15 15:42:35 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Daniel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2005/03/04 12:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2006/09/01 17:35:28 | 12,259,088 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/01/12 15:15:42 | 00,045,603 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe
PRC - [2009/03/30 09:48:38 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/12 00:45:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (Atmpork [On_Demand | Stopped])
SRV - [2006/02/28 09:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2008/08/08 05:17:00 | 00,843,384 | ---- | M] (eBoostr.com) -- C:\Program Files\eBoostr\EBstrSvc.exe -- (EBOOSTRSVC [On_Demand | Stopped])
SRV - [2009/03/24 12:51:48 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/01/03 18:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/03/04 12:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Running])
SRV - [2006/10/30 10:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/08/08 20:54:24 | 00,376,891 | ---- | M] (Zetera Corporation) -- D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe -- (Z-SANService [Auto | Running])
SRV - [2008/04/29 19:56:20 | 00,061,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Disabled | Stopped])
SRV - [2008/04/29 19:56:32 | 05,065,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Disabled | Stopped])
SRV - [2008/04/29 19:56:22 | 00,245,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2004/10/06 01:29:50 | 00,129,280 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2004/08/24 04:20:08 | 01,268,204 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/01/31 10:23:08 | 00,109,319 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/10/30 11:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007/05/11 03:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
DRV - [2007/03/05 06:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
DRV - [2007/03/05 05:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2007/05/09 01:59:40 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2007/03/05 05:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
DRV - [2007/03/05 05:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2006/11/21 22:41:18 | 00,022,416 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
DRV - [2005/05/17 04:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2006/04/20 08:33:40 | 00,303,740 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2005/03/14 14:01:38 | 00,041,984 | ---- | M] (DeviceGuys, Inc.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2005/06/29 19:50:30 | 00,110,080 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2004/04/14 07:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EABFiltr.sys -- (eabfiltr [System | Running])
DRV - [2003/06/06 11:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2008/08/08 05:17:00 | 00,096,376 | ---- | M] (eBoostr.com) -- C:\WINDOWS\system32\drivers\eBoost.sys -- (eBoost [Boot | Running])
DRV - [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/05/12 17:25:28 | 00,026,056 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2004/12/13 08:11:40 | 00,776,157 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2002/09/20 03:53:34 | 00,235,100 | R--- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2004/03/23 19:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5 [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2004/06/28 03:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 15:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/11/06 01:28:11 | 00,030,988 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/04/26 02:49:56 | 00,381,056 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2007/08/14 22:29:46 | 00,345,984 | ---- | M] (DataPlow, Incorporated) -- C:\WINDOWS\system32\drivers\sfsz.sys -- (SFSZ [Auto | Running])
DRV - [2004/09/01 12:17:46 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2005/03/16 05:43:06 | 00,159,488 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/03/05 05:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2007/03/05 05:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
DRV - [2005/01/26 06:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2004/11/22 03:41:16 | 03,222,784 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2006/10/13 18:19:58 | 00,050,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\xusb20.sys -- (xusb20 [On_Demand | Stopped])
DRV - [2007/08/08 20:57:18 | 00,015,488 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetBus.sys -- (ZetBus [On_Demand | Running])
DRV - [2007/08/08 20:57:16 | 00,005,120 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetMPD.sys -- (ZetMPD [On_Demand | Stopped])
DRV - [2007/08/08 20:57:18 | 00,012,800 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetSFD.sys -- (ZetSFD [Boot | Running])
DRV - [2008/04/29 19:39:04 | 00,040,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.digsby.com
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\S-1-5-21-842925246-1214440339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\S-1-5-21-842925246-1214440339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.19.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:0.68.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:3.3.9


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/14 13:36:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/12 21:55:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/12 21:55:17 | 00,000,000 | ---D | M]

[2008/06/19 00:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Extensions
[2008/06/19 00:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/14 13:58:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions
[2009/01/27 02:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2009/03/28 01:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2007/10/20 09:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{69574B2C-CFBB-469f-9E09-90DCEEBAAC9D}
[2008/06/30 22:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2006/12/31 00:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2009/04/09 14:28:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/27 02:24:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/06 01:14:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/06/19 00:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2008/12/01 01:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\check4change-owner@mozdev.org
[2009/02/14 16:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\moveplayer@movenetworks.com
[2009/04/12 17:10:21 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\biblegateway-esv.xml
[2009/04/12 17:10:21 | 00,001,025 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\Blingo.xml
[2008/06/01 22:34:16 | 00,001,162 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\dictionary.xml
[2008/07/20 19:38:04 | 00,002,220 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\digsby.xml
[2009/04/12 17:10:21 | 00,002,216 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\flickr.xml
[2009/03/05 16:15:31 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\pricegrabber.xml
[2008/06/24 22:56:26 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\wikipedia.xml
[2007/08/21 10:46:07 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\youtube-video-search.xml
[2009/04/14 15:01:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/30 09:48:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/21 00:00:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/14 13:36:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/04 21:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/30 09:48:38 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/30 09:48:38 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/22 23:15:58 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/22 23:15:58 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/22 23:15:58 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/22 23:15:58 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/22 23:15:58 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/22 23:15:58 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/22 23:15:58 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S82.tmp" /EF "HKLM" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-842925246-1214440339-725345543-1004..\Run: [SansaDispatch] C:\Documents and Settings\Daniel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-842925246-1214440339-725345543-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - file://D:\Program Files\Ctrax Player\DMDownload.htm File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://upload.divshare.com/scripts/uploade...geUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{B04E3CDC-6C37-4C59-A8DE-6A177436613E}\\NameServer = 171.64.7.77,171.64.7.55
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 13:07:55 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/12 22:06:47 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/12 22:06:47 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/13 09:39:26 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\Documents and Settings\Daniel\Desktop\*.tmp files]
[2009/04/14 15:01:03 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 5.doc
[2009/04/14 15:01:03 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Daniel\Desktop\~$101C Lecture 5.doc
[2009/04/14 14:04:19 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 5.doc
[2009/04/14 00:31:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\DVD Flick
[2009/04/14 00:28:10 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2009/04/14 00:28:09 | 00,609,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2009/04/14 00:28:09 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2009/04/14 00:28:09 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2009/04/14 00:28:09 | 00,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2009/04/14 00:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2009/04/13 19:59:55 | 10,637,68064 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/13 12:40:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/13 12:40:15 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/13 12:40:12 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/13 12:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\SUPERAntiSpyware.com
[2009/04/13 12:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/13 09:40:43 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/13 09:40:09 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/12 22:06:47 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/04/12 20:33:27 | 04,727,437 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Future of Forestry - Traveler's Song.mp3
[2009/04/12 20:28:58 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Pidgin.lnk
[2009/04/12 17:02:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\Malwarebytes
[2009/04/12 17:02:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/12 17:02:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/12 17:02:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/12 17:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/12 00:45:10 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe
[2009/04/12 00:44:49 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel\Desktop\mbam-setup.exe
[2009/04/11 09:40:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Schlinger Reading
[2009/04/09 14:25:59 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 4.doc
[2009/04/09 14:05:30 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 4.doc
[2009/04/09 12:27:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\neurosci 101C pgs 105-114.PDF
[2009/04/07 19:42:00 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 3.doc
[2009/04/07 13:23:51 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 3.doc
[2009/04/05 21:01:20 | 00,011,690 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\banquet decor budget.xlsx
[2009/04/05 16:41:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\40years
[2009/04/05 16:08:43 | 00,075,109 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\SG-Schedules.gif
[2009/04/05 00:03:06 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Hebrews 4 Notes.doc
[2009/04/05 00:02:54 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes2.doc
[2009/04/04 23:43:33 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Hi Melissa.doc
[2009/04/02 14:48:25 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 2.doc
[2009/04/02 13:33:47 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 2.doc
[2009/04/02 13:23:25 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\david's girly notes.doc
[2009/04/01 22:32:47 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\HijackThis.lnk
[2009/04/01 22:32:46 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/31 14:15:21 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 1.doc
[2009/03/31 14:07:21 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 1.doc
[2009/03/31 11:46:18 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Med Schools Data.doc
[2009/03/30 00:51:47 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes.doc
[2009/03/26 23:59:37 | 02,082,611 | R--- | C] () -- C:\Documents and Settings\Daniel\Desktop\28565_Aldefluor.pdf
[2009/03/26 23:48:38 | 00,266,311 | R--- | C] () -- C:\Documents and Settings\Daniel\Desktop\12_aldefluor.pdf
[2009/03/26 22:02:19 | 03,221,504 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\MONAL Assay Presentation-Final.ppt
[2009/03/25 18:15:39 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\France STM Support Letter.doc
[2009/03/24 14:46:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Installer888
[2009/03/24 13:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/24 13:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/03/24 13:07:48 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/03/24 13:07:48 | 00,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2009/03/24 12:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/03/24 12:44:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Winter 09
[2009/03/24 12:43:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Web Layouts
[2009/03/16 17:13:00 | 00,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/11/08 14:34:39 | 00,163,927 | ---- | C] () -- C:\WINDOWS\System32\ZSANCoInst.dll
[2008/06/05 03:04:48 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/06/05 03:03:50 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/05 03:03:48 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/19 14:02:26 | 00,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2007/09/07 23:32:28 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/07/26 10:17:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DU800.INI
[2007/01/25 03:43:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/25 02:07:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/25 13:21:01 | 00,004,810 | ---- | C] () -- C:\WINDOWS\System32\Mapx16w6.dll
[2006/11/25 12:52:55 | 00,000,038 | ---- | C] () -- C:\WINDOWS\System32\w3url.dll
[2006/11/23 22:56:20 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/11 13:39:47 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 14:14:46 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/08/21 14:14:46 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/18 13:45:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/07/18 13:07:06 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/18 13:03:29 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/18 13:03:29 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/18 13:03:29 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/18 13:03:29 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/18 13:03:29 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/18 13:03:29 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/04 05:00:00 | 00,000,589 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/24 02:20:02 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/01/13 11:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/03/19 18:30:00 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Daniel\Desktop\*.tmp files]
[2009/04/14 15:01:03 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 5.doc
[2009/04/14 15:01:03 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Daniel\Desktop\~$101C Lecture 5.doc
[2009/04/14 14:04:20 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 5.doc
[2009/04/14 12:53:51 | 00,057,560 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/14 12:34:39 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/14 12:34:39 | 00,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/14 12:34:39 | 00,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/14 12:30:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/14 12:30:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/14 12:30:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/14 12:30:15 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/13 12:40:15 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/12 20:36:32 | 04,727,437 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Future of Forestry - Traveler's Song.mp3
[2009/04/12 00:45:27 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel\Desktop\mbam-setup.exe
[2009/04/12 00:45:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe
[2009/04/11 19:10:01 | 00,095,232 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 15:40:27 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 4.doc
[2009/04/09 14:05:31 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 4.doc
[2009/04/09 12:27:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\neurosci 101C pgs 105-114.PDF
[2009/04/09 12:12:11 | 01,542,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/07 19:42:00 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 3.doc
[2009/04/07 13:23:51 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 3.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 22:41:33 | 00,011,690 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\banquet decor budget.xlsx
[2009/04/05 16:08:43 | 00,075,109 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\SG-Schedules.gif
[2009/04/05 00:03:06 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Hebrews 4 Notes.doc
[2009/04/05 00:02:54 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes2.doc
[2009/04/04 23:43:33 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Hi Melissa.doc
[2009/04/04 23:04:48 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 15:40:49 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 2.doc
[2009/04/02 14:13:01 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 2.doc
[2009/04/02 13:23:26 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\david's girly notes.doc
[2009/04/01 22:32:47 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\HijackThis.lnk
[2009/04/01 01:50:46 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes.doc
[2009/03/31 15:26:37 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 1.doc
[2009/03/31 14:07:21 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 1.doc
[2009/03/31 12:16:08 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Med Schools Data.doc
[2009/03/30 09:31:34 | 03,221,504 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\MONAL Assay Presentation-Final.ppt
[2009/03/30 00:29:48 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\France STM Support Letter.doc
[2009/03/26 23:59:20 | 02,082,611 | R--- | M] () -- C:\Documents and Settings\Daniel\Desktop\28565_Aldefluor.pdf
[2009/03/26 23:48:08 | 00,266,311 | R--- | M] () -- C:\Documents and Settings\Daniel\Desktop\12_aldefluor.pdf
[2009/03/19 05:44:36 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\Daniel\My Documents\spider.sav
[2009/03/16 17:13:23 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

-SuperAntiSpyware scan log-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/13/2009 at 02:47 PM

Application Version : 4.26.1000

Core Rules Database Version : 3841
Trace Rules Database Version: 1770

Scan type : Complete Scan
Total Scan Time : 02:02:06

Memory items scanned : 453
Memory threats detected : 0
Registry items scanned : 5662
Registry threats detected : 0
File items scanned : 106749
File threats detected : 2

Trojan.Agent/Gen-FSG
D:\DOWNLOADS\NEROKG\KEYGEN.EXE

Unclassified.Unknown Origin
D:\DOWNLOADS\NEROKG\KEYGEN.NFO

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 14 April 2009 - 07:23 PM

Hello.

please update Java and run an online scan. once it's done, post back with a new OTListIT2 log as well.

Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 dcheng116

dcheng116
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 15 April 2009 - 02:20 AM

kapersky won't let me check the box for Viruses, Worms, etc.

I disabled Avira Antivirus (closed umbrella). However, i can't get avguard.exe to close. Access is denied if i try to end the process

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 15 April 2009 - 03:30 PM

Hello.

I disabled Avira Antivirus (closed umbrella). However, i can't get avguard.exe to close. Access is denied if i try to end the process

Yeah, I have the same problem with avira, it doesn't let you kill the process. Don't worry about it.

Try Kaspersky again and if it still doesn't work run the following online scan instead.

Run F-Secure Online Scan

Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.
With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 dcheng116

dcheng116
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 15 April 2009 - 06:41 PM

Scanning Report
Wednesday, April 15, 2009 15:31:01 - 16:40:33

Computer name: DCLAPPY
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ F:\ G:\
Result: 1 malware found
TrackingCookie.2o7 (spyware)

* System

Statistics
Scanned:

* Files: 34076
* System: 3359
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\DANIEL\LOCAL SETTINGS\TEMP\HSPERFDATA_DANIEL\2864

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.8.9080, 2009-04-15
* F-Secure AVP: 7.0.171, 2009-04-15
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 15 April 2009 - 08:15 PM

Hello.

F-secure scan was clean, other than a cookie that was detected..

once it's done, post back with a new OTListIT2 log as well.


Also, how is your computer running?

Thanks.

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 dcheng116

dcheng116
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 16 April 2009 - 02:18 PM

Err.. my computer freezes up a lot while shutting down, at the "Windows is shutting down..." screen. I also have that user profile hive thing that Microsoft recommends for lagging logoffs, but it doesnt seem to be helping



OTListIt logfile created on: 4/16/2009 12:12:08 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Daniel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 513.75 Mb Available Physical Memory | 50.64% Memory free
2.09 Gb Paging File | 1.59 Gb Available in Paging File | 76.09% Paging File free
Paging file location(s): C:\pagefile.sys 200 500;D:\pagefile.sys 1024 1256;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.87 Gb Total Space | 0.57 Gb Free Space | 5.80% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 8.12 Gb Free Space | 12.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.93 Gb Total Space | 0.69 Gb Free Space | 35.95% Space Free | Partition Type: FAT32
Drive I: | 1.83 Gb Total Space | 0.77 Gb Free Space | 42.25% Space Free | Partition Type: FAT32

Computer Name: DCLAPPY
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2006/02/28 09:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2007/08/08 20:54:24 | 00,376,891 | ---- | M] (Zetera Corporation) -- D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
PRC - [2004/07/27 13:48:04 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/24 04:20:10 | 00,088,363 | R--- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2005/02/08 09:38:10 | 00,159,744 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2004/12/13 07:38:52 | 00,126,976 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/12/03 13:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2005/04/11 15:21:02 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2008/04/29 19:56:20 | 00,158,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/10/15 02:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/15 15:42:35 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Daniel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/03/23 14:07:24 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2004/10/05 14:08:28 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2005/03/04 12:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2009/03/30 09:48:38 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/12 00:45:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (Atmpork [On_Demand | Stopped])
SRV - [2006/02/28 09:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2008/08/08 05:17:00 | 00,843,384 | ---- | M] (eBoostr.com) -- C:\Program Files\eBoostr\EBstrSvc.exe -- (EBOOSTRSVC [On_Demand | Stopped])
SRV - [2009/03/24 12:51:48 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/01/03 18:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/03/04 12:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Running])
SRV - [2006/10/30 10:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/08/08 20:54:24 | 00,376,891 | ---- | M] (Zetera Corporation) -- D:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe -- (Z-SANService [Auto | Running])
SRV - [2008/04/29 19:56:20 | 00,061,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Disabled | Stopped])
SRV - [2008/04/29 19:56:32 | 05,065,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Disabled | Stopped])
SRV - [2008/04/29 19:56:22 | 00,245,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2004/10/06 01:29:50 | 00,129,280 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2004/08/24 04:20:08 | 01,268,204 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/01/31 10:23:08 | 00,109,319 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/10/30 11:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007/05/11 03:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
DRV - [2007/03/05 06:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
DRV - [2007/03/05 05:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2007/05/09 01:59:40 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2007/03/05 05:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
DRV - [2007/03/05 05:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2006/11/21 22:41:18 | 00,022,416 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
DRV - [2005/05/17 04:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2006/04/20 08:33:40 | 00,303,740 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2005/03/14 14:01:38 | 00,041,984 | ---- | M] (DeviceGuys, Inc.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2005/06/29 19:50:30 | 00,110,080 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2004/04/14 07:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EABFiltr.sys -- (eabfiltr [System | Running])
DRV - [2003/06/06 11:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2008/08/08 05:17:00 | 00,096,376 | ---- | M] (eBoostr.com) -- C:\WINDOWS\system32\drivers\eBoost.sys -- (eBoost [Boot | Running])
DRV - [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/05/12 17:25:28 | 00,026,056 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2004/12/13 08:11:40 | 00,776,157 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2002/09/20 03:53:34 | 00,235,100 | R--- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2004/03/23 19:12:34 | 00,017,280 | ---- | M] () -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5 [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2004/06/28 03:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 15:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/11/06 01:28:11 | 00,030,988 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/04/26 02:49:56 | 00,381,056 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2007/08/14 22:29:46 | 00,345,984 | ---- | M] (DataPlow, Incorporated) -- C:\WINDOWS\system32\drivers\sfsz.sys -- (SFSZ [Auto | Running])
DRV - [2004/09/01 12:17:46 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2005/03/16 05:43:06 | 00,159,488 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/03/05 05:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2007/03/05 05:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
DRV - [2005/01/26 06:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2004/11/22 03:41:16 | 03,222,784 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2006/10/13 18:19:58 | 00,050,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\xusb20.sys -- (xusb20 [On_Demand | Stopped])
DRV - [2007/08/08 20:57:18 | 00,015,488 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetBus.sys -- (ZetBus [On_Demand | Running])
DRV - [2007/08/08 20:57:16 | 00,005,120 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetMPD.sys -- (ZetMPD [On_Demand | Stopped])
DRV - [2007/08/08 20:57:18 | 00,012,800 | ---- | M] (Zetera Corporation) -- C:\WINDOWS\system32\DRIVERS\ZetSFD.sys -- (ZetSFD [Boot | Running])
DRV - [2008/04/29 19:39:04 | 00,040,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.digsby.com
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\S-1-5-21-842925246-1214440339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1214440339-725345543-1004\S-1-5-21-842925246-1214440339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.19.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:0.68.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:3.3.9


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/14 13:36:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/12 21:55:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/12 21:55:17 | 00,000,000 | ---D | M]

[2008/06/19 00:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Extensions
[2008/06/19 00:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/14 13:58:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions
[2009/01/27 02:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2009/03/28 01:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2007/10/20 09:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{69574B2C-CFBB-469f-9E09-90DCEEBAAC9D}
[2008/06/30 22:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2006/12/31 00:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2009/04/09 14:28:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/27 02:24:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/06 01:14:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/06/19 00:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2008/12/01 01:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\check4change-owner@mozdev.org
[2009/02/14 16:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\mozilla\Firefox\Profiles\4hnnn2yl.default\extensions\moveplayer@movenetworks.com
[2009/04/12 17:10:21 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\biblegateway-esv.xml
[2009/04/12 17:10:21 | 00,001,025 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\Blingo.xml
[2008/06/01 22:34:16 | 00,001,162 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\dictionary.xml
[2008/07/20 19:38:04 | 00,002,220 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\digsby.xml
[2009/04/12 17:10:21 | 00,002,216 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\flickr.xml
[2009/03/05 16:15:31 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\pricegrabber.xml
[2008/06/24 22:56:26 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\wikipedia.xml
[2007/08/21 10:46:07 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\FireFox\Profiles\4hnnn2yl.default\searchplugins\youtube-video-search.xml
[2009/04/16 12:07:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/30 09:48:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/21 00:00:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/14 13:36:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/04 21:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/30 09:48:38 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/30 09:48:38 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/22 23:15:58 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/22 23:15:58 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/22 23:15:58 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/22 23:15:58 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/22 23:15:58 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/22 23:15:58 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/22 23:15:58 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S82.tmp" /EF "HKLM" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-842925246-1214440339-725345543-1004..\Run: [SansaDispatch] C:\Documents and Settings\Daniel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-842925246-1214440339-725345543-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-842925246-1214440339-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - file://D:\Program Files\Ctrax Player\DMDownload.htm File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://upload.divshare.com/scripts/uploade...geUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{B04E3CDC-6C37-4C59-A8DE-6A177436613E}\\NameServer = 171.64.7.77,171.64.7.55
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 13:07:55 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/12 22:06:47 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/12 22:06:47 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/13 09:39:26 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\Documents and Settings\Daniel\Desktop\*.tmp files]
[2009/04/15 15:17:53 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/04/15 00:42:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 00:42:30 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 00:42:29 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 00:42:29 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 00:42:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 00:42:29 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 00:42:29 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 00:42:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 00:42:28 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 20:07:38 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 20:07:37 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/14 20:07:36 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 15:01:03 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 5.doc
[2009/04/14 14:04:19 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 5.doc
[2009/04/14 00:31:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\DVD Flick
[2009/04/14 00:28:10 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2009/04/14 00:28:09 | 00,609,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2009/04/14 00:28:09 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2009/04/14 00:28:09 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2009/04/14 00:28:09 | 00,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2009/04/14 00:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2009/04/13 19:59:55 | 10,637,68064 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/13 12:40:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/13 12:40:15 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/13 12:40:12 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/13 12:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\SUPERAntiSpyware.com
[2009/04/13 12:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/13 09:40:43 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/13 09:40:09 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/12 22:06:47 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/04/12 20:33:27 | 04,727,437 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Future of Forestry - Traveler's Song.mp3
[2009/04/12 20:28:58 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Pidgin.lnk
[2009/04/12 17:02:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Application Data\Malwarebytes
[2009/04/12 17:02:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/12 17:02:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/12 17:02:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/12 17:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/12 00:45:10 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe
[2009/04/12 00:44:49 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel\Desktop\mbam-setup.exe
[2009/04/11 09:40:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Schlinger Reading
[2009/04/09 14:25:59 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 4.doc
[2009/04/09 14:05:30 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 4.doc
[2009/04/09 12:27:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\neurosci 101C pgs 105-114.PDF
[2009/04/07 19:42:00 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 3.doc
[2009/04/07 13:23:51 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 3.doc
[2009/04/05 21:01:20 | 00,011,690 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\banquet decor budget.xlsx
[2009/04/05 16:41:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\40years
[2009/04/05 16:08:43 | 00,075,109 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\SG-Schedules.gif
[2009/04/05 00:03:06 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Hebrews 4 Notes.doc
[2009/04/05 00:02:54 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes2.doc
[2009/04/04 23:43:33 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Hi Melissa.doc
[2009/04/02 14:48:25 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 2.doc
[2009/04/02 13:33:47 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 2.doc
[2009/04/02 13:23:25 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\david's girly notes.doc
[2009/04/01 22:32:47 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\HijackThis.lnk
[2009/04/01 22:32:46 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/31 14:15:21 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 1.doc
[2009/03/31 14:07:21 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 1.doc
[2009/03/31 11:46:18 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\Med Schools Data.doc
[2009/03/30 00:51:47 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes.doc
[2009/03/26 23:59:37 | 02,082,611 | R--- | C] () -- C:\Documents and Settings\Daniel\Desktop\28565_Aldefluor.pdf
[2009/03/26 23:48:38 | 00,266,311 | R--- | C] () -- C:\Documents and Settings\Daniel\Desktop\12_aldefluor.pdf
[2009/03/26 22:02:19 | 03,221,504 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\MONAL Assay Presentation-Final.ppt
[2009/03/25 18:15:39 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\France STM Support Letter.doc
[2009/03/24 14:46:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Local Settings\Application Data\Installer888
[2009/03/24 13:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/24 13:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/03/24 13:07:48 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/03/24 13:07:48 | 00,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2009/03/24 12:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/03/24 12:44:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Winter 09
[2009/03/24 12:43:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\Web Layouts
[2009/03/21 07:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/02/03 01:06:30 | 00,022,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/11/08 14:34:39 | 00,163,927 | ---- | C] () -- C:\WINDOWS\System32\ZSANCoInst.dll
[2008/06/05 03:04:48 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/06/05 03:03:50 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/05 03:03:48 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/19 14:02:26 | 00,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2007/09/07 23:32:28 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/07/26 10:17:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DU800.INI
[2007/01/25 03:43:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/25 02:07:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/25 13:21:01 | 00,004,810 | ---- | C] () -- C:\WINDOWS\System32\Mapx16w6.dll
[2006/11/25 12:52:55 | 00,000,038 | ---- | C] () -- C:\WINDOWS\System32\w3url.dll
[2006/11/23 22:56:20 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/10/11 13:39:47 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 14:14:46 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/08/21 14:14:46 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/18 13:45:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/07/18 13:07:06 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/18 13:03:29 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/18 13:03:29 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/18 13:03:29 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/18 13:03:29 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/18 13:03:29 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/18 13:03:29 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/04 05:00:00 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\bidispl.dll
[2004/08/04 05:00:00 | 00,000,589 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/24 02:20:02 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/03/23 19:12:34 | 00,017,280 | ---- | C] () -- C:\WINDOWS\System32\nsndis5.sys
[2004/01/13 11:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/03/19 18:30:00 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Daniel\Desktop\*.tmp files]
[2009/04/16 12:10:54 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 12:10:54 | 00,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 12:10:54 | 00,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 12:07:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/16 12:06:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/16 12:06:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/16 12:06:31 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/15 00:57:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 20:03:50 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 5.doc
[2009/04/14 14:04:20 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 5.doc
[2009/04/14 12:53:51 | 00,057,560 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/13 12:40:15 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/12 20:36:32 | 04,727,437 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Future of Forestry - Traveler's Song.mp3
[2009/04/12 00:45:27 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel\Desktop\mbam-setup.exe
[2009/04/12 00:45:13 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTListIt2.exe
[2009/04/11 19:10:01 | 00,095,232 | ---- | M] () -- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 15:40:27 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 4.doc
[2009/04/09 14:05:31 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 4.doc
[2009/04/09 12:27:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\neurosci 101C pgs 105-114.PDF
[2009/04/09 12:12:11 | 01,542,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/07 19:42:00 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 3.doc
[2009/04/07 13:23:51 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 3.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 22:41:33 | 00,011,690 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\banquet decor budget.xlsx
[2009/04/05 16:08:43 | 00,075,109 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\SG-Schedules.gif
[2009/04/05 00:03:06 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Hebrews 4 Notes.doc
[2009/04/05 00:02:54 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes2.doc
[2009/04/04 23:43:33 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Hi Melissa.doc
[2009/04/04 23:04:48 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 15:40:49 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 2.doc
[2009/04/02 14:13:01 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 2.doc
[2009/04/02 13:23:26 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\david's girly notes.doc
[2009/04/01 22:32:47 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\HijackThis.lnk
[2009/04/01 01:50:46 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\GANNotes.doc
[2009/03/31 15:26:37 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS101C Lecture 1.doc
[2009/03/31 14:07:21 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\NS191C Lecture 1.doc
[2009/03/31 12:16:08 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\Med Schools Data.doc
[2009/03/30 09:31:34 | 03,221,504 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\MONAL Assay Presentation-Final.ppt
[2009/03/30 00:29:48 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\France STM Support Letter.doc
[2009/03/26 23:59:20 | 02,082,611 | R--- | M] () -- C:\Documents and Settings\Daniel\Desktop\28565_Aldefluor.pdf
[2009/03/26 23:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/26 23:48:08 | 00,266,311 | R--- | M] () -- C:\Documents and Settings\Daniel\Desktop\12_aldefluor.pdf
[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/19 05:44:36 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\Daniel\My Documents\spider.sav
< End of report >

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 16 April 2009 - 02:57 PM

Hello.

Err.. my computer freezes up a lot while shutting down, at the "Windows is shutting down..." screen. I also have that user profile hive thing that Microsoft recommends for lagging logoffs, but it doesnt seem to be helping

Can you elaborate on that Microsoft thing please? You can give me a screenshot to help me understand what exactly you are talking about. Also, when you said freezing does it mean your computer no longer shuts down or do you mean it takes a long period of time before the computer shuts down?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 dcheng116

dcheng116
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 17 April 2009 - 11:30 AM

After running the Super Anti Spyware scan, my computer very often wouldn't shut down. I think i waited up till an hour or more, but usually forced it to shut down earlier.

http://www.google.com/search?q=user+profil...lient=firefox-a
This is an often-recommended solution to hanging shut-down/log-off problems




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users