Ok here is the log from OTListIt2
OTListIt logfile created on: 5/21/2009 4:29:51 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 53.22% Memory free
3.60 Gb Paging File | 2.83 Gb Available in Paging File | 78.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 231.87 Gb Total Space | 201.95 Gb Free Space | 87.09% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RYAN
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - [2008/05/15 17:06:38 | 00,540,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/05/30 11:36:20 | 00,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/05/19 17:45:40 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/05/15 17:06:38 | 00,540,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/05/20 19:47:18 | 00,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/06/09 10:10:04 | 00,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\AccelerometerSt.Exe
PRC - [2008/06/02 12:57:32 | 00,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
PRC - [2008/03/27 13:28:50 | 01,040,384 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/04/15 16:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/05/14 13:26:06 | 00,177,456 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
PRC - [2008/04/04 10:09:56 | 01,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/05/11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/05/15 18:08:08 | 00,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/05/19 17:45:40 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/05/15 18:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/12/11 14:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/02/27 06:02:14 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2008/06/02 12:32:16 | 00,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/27 06:02:14 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2004/08/04 03:00:00 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2004/08/04 03:00:00 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2008/04/16 10:18:32 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2004/08/04 03:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009/02/06 04:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/02/27 06:02:14 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2009/02/27 06:02:14 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/05/11 23:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2008/04/11 11:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/04/03 13:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2007/07/17 13:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 13:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/02/06 04:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/03/06 20:23:10 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/04/28 17:19:07 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/21 16:29:23 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
========== Win32 Services (SafeList) ========== SRV - [2007/05/15 18:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca [Auto | Running])
SRV - [2007/12/11 14:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/05/20 19:42:40 | 00,111,888 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker [Auto | Running])
SRV - [2008/05/20 19:42:34 | 00,137,488 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel [Auto | Running])
SRV - [2005/09/23 09:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/05/15 17:06:38 | 00,540,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 09:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/03 13:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2009/02/27 06:02:14 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (EraserSvc10910 [Auto | Running])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/06/02 12:32:16 | 00,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service [Auto | Running])
SRV - [2008/05/30 11:36:20 | 00,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService [Auto | Running])
SRV - [2008/04/16 10:18:32 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/05/19 17:45:40 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2004/08/04 03:00:00 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ [Auto | Running])
SRV - [2004/08/04 03:00:00 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers [Auto | Running])
SRV - [2009/02/27 06:02:14 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (Norton AntiVirus [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ========== DRV - [2008/05/23 08:50:16 | 00,028,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/04/11 11:19:42 | 00,338,944 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2007/07/13 05:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])
DRV - [2008/02/29 18:13:38 | 01,202,560 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2008/05/27 08:55:48 | 00,174,600 | ---- | M] (AMD Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ahcix86.sys -- (ahcix86 [Boot | Running])
DRV - [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/03/12 10:43:26 | 00,015,416 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\Amddfltr.sys -- (Amddfltr [Boot | Running])
DRV - [2007/04/16 18:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdPPM.sys -- (AmdPPM [System | Running])
DRV - [2008/05/15 19:33:44 | 02,881,536 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/03/21 13:35:14 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2009/02/27 06:02:23 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/03/23 11:00:07 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009/02/25 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/04/29 18:10:18 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/28 17:22:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/05/23 08:51:02 | 00,024,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 19:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2005/03/07 23:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/03/07 23:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/03/07 23:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2009/01/29 16:50:18 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090508.002\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2009/05/19 17:45:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2004/08/04 03:00:00 | 00,072,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
DRV - [2009/04/29 18:10:18 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090517.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/04/29 18:10:18 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090517.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/08 07:28:49 | 00,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RMCast.sys -- (RMCAST [On_Demand | Running])
DRV - [2008/05/30 11:37:00 | 00,012,496 | ---- | M] (SafeBoot International) -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock [System | Running])
DRV - [2008/05/30 11:36:58 | 00,108,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot [Boot | Running])
DRV - [2008/05/30 11:37:06 | 00,051,376 | ---- | M] (SafeBoot N.V.) -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg [Boot | Running])
DRV - [2008/05/30 11:37:02 | 00,012,928 | ---- | M] (SafeBoot International) -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock [Boot | Running])
DRV - [2004/08/04 03:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/03/28 05:14:02 | 00,024,064 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO [Boot | Running])
DRV - [2001/08/17 14:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2008/04/10 18:27:34 | 01,804,160 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2009/02/27 06:02:23 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/02/27 06:02:23 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/02/27 06:02:23 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/03/23 11:00:27 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/27 06:02:23 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/27 06:02:23 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/27 06:02:15 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/27 06:02:15 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/02/27 06:02:23 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/27 06:02:23 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/03/27 13:14:06 | 00,224,672 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2009/05/18 15:31:55 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2008/04/03 16:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnbIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnbIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnbIE - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/IE - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\S-1-5-21-2598886194-1973112424-1328365974-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\S-1-5-21-2598886194-1973112424-1328365974-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/29 20:58:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/07 16:40:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 17:19:10 | 00,000,000 | ---D | M]
[2008/12/29 17:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2008/12/29 17:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/21 15:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\6h06w67h.default\extensions
[2009/04/26 22:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\6h06w67h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/21 15:27:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 17:19:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/29 20:58:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/26 20:41:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 17:19:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 17:19:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 03:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 03:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 03:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 03:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 03:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 03:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 03:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (302749 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10435 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" (ActivIdentity)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule (Bioscrypt Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2598886194-1973112424-1328365974-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 54 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2598886194-1973112424-1328365974-500\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.77,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{6BD6DA1A-107B-4500-A64F-53EEDF0B0274}\\NameServer = 85.255.112.77,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{AFF03994-6BAB-46B8-B0CB-C7CD15AD5E33}\\NameServer = 85.255.112.77,85.255.112.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - c:\WINDOWS\system32\ackpbsc.dll - c:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/21 10:38:03 | 00,000,364 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/21 10:38:04 | 00,000,411 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{7cac0dec-d631-11dd-867d-00210070d8f5}\Shell\AutoRun\command - "" = F:\wdsync.exe -- File not found
O33 - MountPoints2\{fa2db340-fece-11dd-868e-00210070d8f5}\Shell - "" = AutoRun
O33 - MountPoints2\{fa2db340-fece-11dd-868e-00210070d8f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa2db340-fece-11dd-868e-00210070d8f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/21 16:29:23 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files]
[2009/05/21 16:29:23 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/05/21 10:47:54 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/21 10:47:54 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/21 10:47:51 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/21 10:47:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/21 10:47:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/21 10:37:08 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/05/20 16:25:49 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/05/20 16:14:53 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/05/20 16:14:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/20 15:44:08 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2009/05/20 15:44:08 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/20 15:43:19 | 00,981,800 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup219_slim.exe
[2009/05/20 15:13:28 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/05/19 22:41:10 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/19 22:40:47 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/19 22:40:41 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/19 22:40:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/19 18:09:07 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/19 17:46:18 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/19 17:46:03 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/19 17:41:15 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/19 17:41:12 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/19 17:41:06 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/05/19 17:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/19 17:35:33 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareAE.exe
[2009/05/18 17:58:34 | 00,112,886 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2009/05/18 17:58:34 | 00,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2009/05/18 17:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Scans
[2009/05/18 17:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2009/05/18 15:32:15 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/18 15:26:24 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/17 16:45:16 | 00,000,364 | RHS- | C] () -- C:\autorun.inf
[2009/05/17 16:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\SeekingAlpha
[2009/05/12 12:25:56 | 00,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\References.docx
[2009/05/11 11:24:11 | 00,870,462 | ---- | C] () -- C:\WINDOWS\System32\oem5.inf
[2009/05/08 15:47:44 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Retail Resume.doc
[2009/05/08 12:39:45 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/08 12:39:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/05/08 12:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/05/07 15:34:59 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/07 15:34:59 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/05/07 15:34:59 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/05/07 15:34:58 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/07 15:34:58 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/07 15:34:58 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/07 15:34:58 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/07 15:34:56 | 00,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/07 15:34:56 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/07 15:31:37 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/07 15:31:06 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2009/04/22 22:03:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/04/22 22:03:09 | 00,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone Express.lnk
[2009/04/22 22:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009/04/22 22:02:00 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/04/22 22:00:49 | 00,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/04/22 21:58:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009/04/22 21:55:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/04/22 21:55:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/04/22 21:50:48 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/04/22 21:50:48 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/04/22 21:50:45 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/04/22 21:50:45 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/04/22 21:48:55 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/04/22 21:46:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HP
[2009/01/23 22:39:20 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/23 22:39:13 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/23 22:39:13 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/23 22:39:11 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/23 22:39:11 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/08 21:03:14 | 00,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/30 00:17:14 | 00,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/11/21 16:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 16:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 16:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 16:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/27 02:59:59 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/30 11:36:58 | 00,108,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2008/04/10 12:27:34 | 01,804,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/07/05 03:28:52 | 00,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2007/05/10 01:16:40 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2006/05/19 21:39:58 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005/04/03 17:30:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2004/08/07 08:19:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:12:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:03:10 | 00,000,637 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 00:53:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 03:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/05/06 22:10:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files]
[2009/05/21 16:29:23 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/05/21 10:47:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/21 10:45:49 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/05/21 10:45:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/05/21 10:45:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/21 10:45:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/21 10:45:06 | 18,757,59104 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/21 10:38:03 | 00,000,364 | RHS- | M] () -- C:\autorun.inf
[2009/05/21 10:37:18 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/05/20 23:43:23 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/20 16:25:50 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/05/20 16:14:53 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/05/20 15:44:08 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2009/05/20 15:43:20 | 00,981,800 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup219_slim.exe
[2009/05/20 15:13:28 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/05/19 17:46:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/19 17:45:56 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/19 17:45:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/19 17:41:12 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/19 17:39:34 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareAE.exe
[2009/05/18 18:14:16 | 00,112,886 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2009/05/18 18:13:31 | 00,000,637 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/18 16:59:59 | 00,302,749 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/18 15:31:55 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/18 11:24:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/18 10:04:13 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Resume2.doc
[2009/05/17 22:11:10 | 00,489,220 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 22:11:10 | 00,415,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 22:11:10 | 00,066,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/12 18:15:10 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Retail Resume.doc
[2009/05/12 12:25:56 | 00,012,364 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\References.docx
[2009/05/08 13:17:50 | 00,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/22 22:21:05 | 00,014,066 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Resume3.docx
[2009/04/22 22:03:09 | 00,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone Express.lnk
[2009/04/22 22:02:00 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/04/22 22:00:49 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
========== Alternate Data Streams ========== @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58B11540
< End of report >