Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen w/ Cursor on Startup


  • This topic is locked This topic is locked
36 replies to this topic

#1 slick8421

slick8421

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 28 April 2010 - 05:47 AM

Hello,

I'm having trouble booting up. I have a Dell Inspiron 6000 with XP SP3.

I had been using it without any problems for several months and suddenly a few weeks ago, my McAfee caught 2 viruses on a routine scan. I believe they were called 'Artemis'(?) I continued to run fine after that including running another full scan without picking up any viruses. The other day I got a blue screen of death but seemed to recover fine from that. Today, I just shut down my PC as usual before going out and when I tried to turn it on, I got the 'chkdsk' screen. It went throught the process and on the reboot it just stopped at a black screen with a cursor.

I've tried all versions of Safe Mode with no luck, still black screen with cursor and 'Safe Mode' in the corners. I've tried Ctrl-Alt-Del and nothing happens. The only thing I can seem to do is power off manually. Unfortunately, I don't have a Windows XP CD and I'm wondering if there's anything that can be done.

Any help and/or suggestions would be greatly appreciated.

Thank you!



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:22 AM

Posted 28 April 2010 - 07:47 AM

Hi smile.gif.

Try running the chkdsk /r command from the XP Recovery Console.

I believe that the Recovery Console is installed on Dells, along with info on how to access.

If you cannot access the RC on your system...then follow the directions in How to Create a Bootable XP Recovery Console CD - http://www.bleepingcomputer.com/forums/t/276527/how-to-create-a-bootable-xp-recovery-console-cd/

Louis

#3 slick8421

slick8421
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 29 April 2010 - 08:33 AM

Hi Louis,

Thanks for your quick reply.

I ended up making a boot disk from the link you provided and was able to access the Recovery Console.
I ran chkdsk /r and it said it fixed one or more problems and left me at a c: prompt. I attempted to reboot and I still get the black screen with cursor. In other words, it appears nothing has changed. Tried Safe Mode again as well and no change.

Anything else we can try?

Thanks again for your help,

Al

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:22 AM

Posted 29 April 2010 - 01:17 PM

So you are unable to get into Safe and Normal Mode?

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:22 AM

Posted 30 April 2010 - 07:12 AM

I would try running the fixmbr command from the Recovery Console.

Just follow the same procedures you did for the chkdsk /r command...but type fixmbr instead of chkdsk /r.

If a warning appears stating something about a non-standard mbr, just proceed.

Louis

#6 slick8421

slick8421
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 01 May 2010 - 10:03 AM

Hello,

Ok, I ran fixmbr at c:\windows prompt. I got the caution message and proceeded. It seemed to run really quickly, like one second and gave me the following message:

Writing new master book record on physical drive \Device\Harddisk0\Partition0
The new master boot record has been successfully written.

Again, left at the c:\windows prompt.
I rebooted and still have the same problem, black screen with cursor. I tried safe mode again and the same thing happens. It looks like a black screen with a larger cursor and the words 'Safe Mode' in each corner. A description of my Windows version appears to be written across the top overwriting the 'Safe Modes' in the upper corners.

Any other suggestions?

Thanks again!

Al

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 01 May 2010 - 02:04 PM

Hello Slick8421, please try to follow the steps below.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 slick8421

slick8421
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 01 May 2010 - 03:07 PM

Hi Elise,

Thank you so much for your reply.

I've run the OTL scan and here are the results from OTL.txt log file.


OTL logfile created on: 5/2/2010 5:42:31 AM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 6.56 Gb Free Space | 9.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 01:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/26 22:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 00:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/15 22:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/15 21:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/15 20:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 11:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 01:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/07 22:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 06:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/09/10 00:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/13 05:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/27 16:31:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 02:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/17 22:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/07 02:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 06:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/13 12:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/09/01 00:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/04/04 05:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 18:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 18:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 18:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2009/11/12 17:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/15 21:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/15 21:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/15 21:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/15 21:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/15 21:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/15 23:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 14:46:07 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/01 09:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/02/24 23:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 03:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/01 15:27:45 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/09/01 15:24:44 | 001,081,856 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2005/09/01 15:20:51 | 000,022,528 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/09/01 00:11:52 | 001,912,064 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/09/01 00:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/09/01 00:09:28 | 002,169,984 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/08/03 12:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/03/11 00:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 18:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 22:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/31 10:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/10 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/17 22:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 22:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 22:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Al_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Al_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\Al_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Al_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 04:27:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/28 10:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/28 10:19:41 | 000,000,000 | ---D | M]

[2010/03/31 21:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/02/19 12:01:17 | 000,296,543 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10268 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - €Aレ78D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Al_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Al_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Al_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlmanager.akamaitools.com.edgesuite...vex-2.0.4.4.cab (DownloadManager Control)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1162651392450 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/18 12:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\My Documents\Rich Dad Toolkit
[2007/03/03 09:27:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Al\Application Data\pcouffin.sys
[2006/09/18 08:10:46 | 000,064,544 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Al\MSSSerif96.fon
[2006/01/10 01:02:08 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Al\MSSSerif120.fon
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/01 10:53:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 23:02:51 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/27 23:02:51 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/27 23:02:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 23:02:12 | 000,055,633 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/27 23:02:09 | 011,534,336 | -H-- | M] () -- C:\Documents and Settings\Al\NTUSER.DAT
[2010/04/27 23:02:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Al\ntuser.ini
[2010/04/27 23:00:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/04/27 23:00:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/04/27 22:43:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 21:40:48 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE3C1414-9CFC-4447-9B26-1C0AA1AD6720}.job
[2010/04/27 14:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/04/27 14:47:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/04/27 13:22:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/04/27 13:22:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/04/27 12:55:13 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/27 12:10:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/04/27 12:10:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/04/27 10:52:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/04/27 10:52:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/04/27 09:18:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/04/27 09:18:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/27 09:15:33 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Trillian.lnk
[2010/04/26 22:22:54 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Shinagawa_Twins_map.doc
[2010/04/26 22:21:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/04/26 22:21:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/04/26 05:40:25 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Microsoft Office Word 2003.lnk
[2010/04/26 02:43:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 22:33:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/04/25 22:33:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/04/25 22:08:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\Emotional Intelligence vocab quiz.doc
[2010/04/25 21:40:25 | 006,160,384 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\My Money.mny
[2010/04/25 21:15:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/04/25 21:15:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/04/25 11:33:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/04/25 11:33:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/04/25 09:23:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/04/25 09:23:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/04/25 09:21:28 | 001,238,109 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-25_222124.mbf
[2010/04/24 21:32:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/04/24 21:32:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/04/24 13:28:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/04/24 13:28:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/04/24 09:38:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/04/24 09:38:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/04/24 09:25:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/04/24 09:25:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/24 00:30:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/24 00:30:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/23 20:53:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/04/23 20:53:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/04/23 14:16:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/23 14:15:22 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 13:05:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/04/23 13:05:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/04/23 10:43:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/04/23 10:43:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/04/23 10:33:21 | 001,192,169 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-23_233317.mbf
[2010/04/23 04:04:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/04/23 04:04:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/04/21 05:44:51 | 001,220,217 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-21_184447.mbf
[2010/04/15 20:51:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 17:21:13 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/14 17:19:27 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/13 09:07:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/11 07:41:47 | 000,192,595 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\f2555ez2009.pdf
[2010/04/11 07:41:24 | 000,323,510 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\f10402009.pdf
[2010/04/09 04:24:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 22:22:52 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Shinagawa_Twins_map.doc
[2010/04/25 22:08:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\Emotional Intelligence vocab quiz.doc
[2010/04/25 09:21:28 | 001,238,109 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-25_222124.mbf
[2010/04/23 10:33:21 | 001,192,169 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-23_233317.mbf
[2010/04/21 05:44:51 | 001,220,217 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-21_184447.mbf
[2009/03/17 12:39:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/28 13:39:52 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/28 13:39:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/25 10:07:51 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/03/20 12:14:19 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ARFolder.INI
[2008/03/16 20:03:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/25 09:52:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/21 13:46:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\hlp-fastamr.dll
[2008/02/18 14:15:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2008/02/18 14:15:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2008/01/09 02:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/09/03 03:38:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2007/09/03 03:38:37 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2007/09/03 03:38:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007/07/13 20:13:15 | 000,000,159 | ---- | C] () -- C:\WINDOWS\pdf2image.INI
[2007/03/04 04:27:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/03/03 09:28:06 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.log
[2007/03/03 09:27:43 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\ezpinst.exe
[2007/03/03 09:27:43 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.cat
[2007/03/03 09:27:43 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.inf
[2007/03/03 09:14:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/11/06 16:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/07/21 04:49:46 | 000,010,238 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/07/21 04:40:09 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/06/08 05:48:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MenuEditFree.INI
[2006/06/05 11:32:38 | 000,000,499 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2006/04/14 10:12:32 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Al\default.pls
[2006/04/14 10:08:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/07 23:12:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/06 04:26:19 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\147D722473.sys
[2006/01/04 05:43:16 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 05:53:27 | 000,040,126 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\FASTWiz.log
[2006/01/01 05:35:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/01 04:54:17 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\fusioncache.dat
[2006/01/01 04:54:16 | 011,534,336 | -H-- | C] () -- C:\Documents and Settings\Al\NTUSER.DAT
[2006/01/01 04:54:16 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Al\ntuser.dat.LOG
[2006/01/01 04:54:16 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Al\ntuser.ini
[2005/12/15 16:18:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 16:06:01 | 000,000,154 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 15:58:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/15 15:36:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2005/12/15 15:36:42 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2005/12/15 15:31:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/12/15 15:30:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/01 00:11:52 | 001,912,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/09/01 00:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/09/01 00:09:28 | 002,169,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/08/16 22:52:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/08/16 12:50:00 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/16 12:49:39 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2005/08/16 12:49:39 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2005/08/16 06:50:01 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/16 06:50:01 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/16 06:49:40 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2005/08/16 06:49:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2005/08/16 06:49:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2005/08/16 06:49:39 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:18:40 | 000,713,216 | ---- | C] () -- C:\WINDOWS\System32\sxs.dll
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/30 00:13:22 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/05 10:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[1999/01/27 00:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/12 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/03/17 23:59:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2006/01/01 05:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\acccore
[2006/03/11 05:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Alien Skin
[2010/04/27 15:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Any Video Converter
[2008/12/24 10:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\avidemux
[2009/12/31 14:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Azureus
[2008/09/07 12:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\com.adobe.example.NFL-Countdown.7AE105D383F287E7D49518EE19AFF40385BCDC49.1
[2007/05/05 01:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Flickr
[2008/03/25 11:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Grisoft
[2008/12/24 10:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\gtk-2.0
[2009/09/18 08:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ImgBurn
[2006/01/10 01:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Leadertech
[2009/04/06 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Moyea
[2007/05/04 10:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Opera
[2006/06/18 04:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Pegasys Inc
[2007/06/16 06:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Sony
[2007/03/04 13:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\STOIK
[2009/06/10 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2007/05/09 12:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Ulead Systems
[2007/04/01 10:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Viewpoint
[2010/02/22 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Vso
[2006/11/30 22:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Azureus
[2009/12/03 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/14 12:16:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/03/04 12:00:13 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/04/27 12:55:13 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/04/27 21:40:48 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE3C1414-9CFC-4447-9B26-1C0AA1AD6720}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/04/27 09:44:55 | 000,035,328 | ---- | M] ()(C:\Documents and Settings\Al\Desktop\???Calender.xls) -- C:\Documents and Settings\Al\Desktop\須藤様Calender.xls
[2010/04/27 09:44:51 | 000,035,328 | ---- | C] ()(C:\Documents and Settings\Al\Desktop\???Calender.xls) -- C:\Documents and Settings\Al\Desktop\須藤様Calender.xls
[2009/12/01 10:55:25 | 000,031,232 | ---- | M] ()(C:\Documents and Settings\Al\My Documents\???TransS...xls) -- C:\Documents and Settings\Al\My Documents\コピーTransS...xls
[2009/12/01 10:55:22 | 000,031,232 | ---- | C] ()(C:\Documents and Settings\Al\My Documents\???TransS...xls) -- C:\Documents and Settings\Al\My Documents\コピーTransS...xls
[2006/11/28 09:35:09 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Al\My Documents\??.doc) -- C:\Documents and Settings\Al\My Documents\香は.doc
[2006/11/28 09:32:42 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Al\My Documents\??.doc) -- C:\Documents and Settings\Al\My Documents\香は.doc
< End of report >


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 01 May 2010 - 03:20 PM

Hi, that looks pretty normal to me. Can you please tell me at what point the computer freezes? Do you still see the XP splash screen? Does it occur before or after the welcome screen?

Please rerun OTLPE and make sure Extra Registry is checked and under Standard Registry check ALL.

Post me the new OTL log and also extra.txt (this will be created as well now).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 slick8421

slick8421
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 01 May 2010 - 03:53 PM

I do get the XP splash screen as usual. It then goes black for a few seconds and a regular white cursor appears in the middle of the screen. It's movable however no key strokes work of any sort. I never get to the Welcome screen as it just hangs there.

I've run the new scan as instructed. Here are the logs, first OTL followed by Extras.


OTL logfile created on: 5/2/2010 7:38:05 AM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 3.83 Gb Free Space | 5.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 01:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/26 22:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 00:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/15 22:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/15 21:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/15 20:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 11:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 01:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/07 22:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 06:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/09/10 00:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/13 05:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/27 16:31:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 02:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/17 22:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/07 02:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 06:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/13 12:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/09/01 00:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/04/04 05:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 18:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 18:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 18:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2009/11/12 17:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/15 21:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/15 21:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/15 21:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/15 21:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/15 21:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/15 23:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 14:46:07 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/01 09:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/02/24 23:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 03:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/01 15:27:45 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/09/01 15:24:44 | 001,081,856 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2005/09/01 15:20:51 | 000,022,528 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/09/01 00:11:52 | 001,912,064 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/09/01 00:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/09/01 00:09:28 | 002,169,984 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/08/03 12:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/03/11 00:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 18:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 22:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/31 10:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/10 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/17 22:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 22:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 22:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Al_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Al_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Al_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\Al_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Al_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 04:27:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 14:00:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/21 22:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/28 10:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/28 10:19:41 | 000,000,000 | ---D | M]

[2010/03/31 21:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/23 05:15:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/19 23:42:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/09 00:16:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/11 07:19:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/09 08:48:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/08 04:35:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/21 22:46:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/21 08:16:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/09 09:26:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/04 10:39:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/03/31 21:38:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/01/23 05:15:20 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/23 05:15:20 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 04:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/03/08 15:28:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/11/21 17:45:04 | 001,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/11/21 17:45:26 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/01/23 05:15:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 06:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/02/07 10:57:13 | 000,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/03/28 10:19:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/03/28 10:19:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/02/07 10:57:26 | 000,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2006/02/07 10:57:04 | 000,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2010/01/23 05:15:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/23 05:15:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/23 05:15:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/23 05:15:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/23 05:15:32 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/23 05:15:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/23 05:15:32 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/02/19 12:01:17 | 000,296,543 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10268 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - €Aレ78D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Al_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Al_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Al_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Al_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Al_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlmanager.akamaitools.com.edgesuite...vex-2.0.4.4.cab (DownloadManager Control)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1162651392450 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/02 05:45:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/04/18 12:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\My Documents\Rich Dad Toolkit
[2007/03/03 09:27:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Al\Application Data\pcouffin.sys
[2006/09/18 08:10:46 | 000,064,544 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Al\MSSSerif96.fon
[2006/01/10 01:02:08 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Al\MSSSerif120.fon
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/02 06:15:49 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/01 17:28:35 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/01 17:28:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 23:02:51 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/27 23:02:51 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/27 23:02:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 23:02:12 | 000,055,633 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/27 23:02:09 | 011,534,336 | -H-- | M] () -- C:\Documents and Settings\Al\NTUSER.DAT
[2010/04/27 23:02:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Al\ntuser.ini
[2010/04/27 23:00:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/04/27 23:00:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/04/27 22:43:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 21:40:48 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE3C1414-9CFC-4447-9B26-1C0AA1AD6720}.job
[2010/04/27 14:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/04/27 14:47:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/04/27 13:22:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/04/27 13:22:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/04/27 12:55:13 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/27 12:10:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/04/27 12:10:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/04/27 10:52:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/04/27 10:52:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/04/27 09:18:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/04/27 09:18:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/27 09:15:33 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Trillian.lnk
[2010/04/26 22:22:54 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Shinagawa_Twins_map.doc
[2010/04/26 22:21:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/04/26 22:21:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/04/26 05:40:25 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Microsoft Office Word 2003.lnk
[2010/04/26 02:43:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 22:33:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/04/25 22:33:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/04/25 22:08:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\Emotional Intelligence vocab quiz.doc
[2010/04/25 21:40:25 | 006,160,384 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\My Money.mny
[2010/04/25 21:15:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/04/25 21:15:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/04/25 11:33:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/04/25 11:33:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/04/25 09:23:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/04/25 09:23:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/04/25 09:21:28 | 001,238,109 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-25_222124.mbf
[2010/04/24 21:32:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/04/24 21:32:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/04/24 13:28:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/04/24 13:28:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/04/24 09:38:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/04/24 09:38:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/04/24 09:25:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/04/24 09:25:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/24 00:30:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/24 00:30:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/23 20:53:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/04/23 20:53:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/04/23 14:16:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/23 14:15:22 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 13:05:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/04/23 13:05:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/04/23 10:43:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/04/23 10:43:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/04/23 10:33:21 | 001,192,169 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-23_233317.mbf
[2010/04/23 04:04:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/04/23 04:04:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/04/21 05:44:51 | 001,220,217 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-21_184447.mbf
[2010/04/15 20:51:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 17:21:13 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/14 17:19:27 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/13 09:07:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/11 07:41:47 | 000,192,595 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\f2555ez2009.pdf
[2010/04/11 07:41:24 | 000,323,510 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\f10402009.pdf
[2010/04/09 04:24:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/01 17:28:35 | 2138,505,216 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/26 22:22:52 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Shinagawa_Twins_map.doc
[2010/04/25 22:08:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\Emotional Intelligence vocab quiz.doc
[2010/04/25 09:21:28 | 001,238,109 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-25_222124.mbf
[2010/04/23 10:33:21 | 001,192,169 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-23_233317.mbf
[2010/04/21 05:44:51 | 001,220,217 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-21_184447.mbf
[2009/03/17 12:39:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/28 13:39:52 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/28 13:39:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/25 10:07:51 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/03/20 12:14:19 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ARFolder.INI
[2008/03/16 20:03:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/25 09:52:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/21 13:46:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\hlp-fastamr.dll
[2008/02/18 14:15:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2008/02/18 14:15:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2008/01/09 02:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/09/03 03:38:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2007/09/03 03:38:37 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2007/09/03 03:38:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007/07/13 20:13:15 | 000,000,159 | ---- | C] () -- C:\WINDOWS\pdf2image.INI
[2007/03/04 04:27:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/03/03 09:28:06 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.log
[2007/03/03 09:27:43 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\ezpinst.exe
[2007/03/03 09:27:43 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.cat
[2007/03/03 09:27:43 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.inf
[2007/03/03 09:14:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/11/06 16:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/07/21 04:49:46 | 000,010,238 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/07/21 04:40:09 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/06/08 05:48:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MenuEditFree.INI
[2006/06/05 11:32:38 | 000,000,499 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2006/04/14 10:12:32 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Al\default.pls
[2006/04/14 10:08:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/07 23:12:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/06 04:26:19 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\147D722473.sys
[2006/01/04 05:43:16 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 05:53:27 | 000,040,126 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\FASTWiz.log
[2006/01/01 05:35:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/01 04:54:17 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\fusioncache.dat
[2006/01/01 04:54:16 | 011,534,336 | -H-- | C] () -- C:\Documents and Settings\Al\NTUSER.DAT
[2006/01/01 04:54:16 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Al\ntuser.dat.LOG
[2006/01/01 04:54:16 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Al\ntuser.ini
[2005/12/15 16:18:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 16:06:01 | 000,000,154 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 15:58:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/15 15:36:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2005/12/15 15:36:42 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2005/12/15 15:31:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/12/15 15:30:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/01 00:11:52 | 001,912,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/09/01 00:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/09/01 00:09:28 | 002,169,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/08/16 22:52:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/08/16 12:50:00 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/16 12:49:39 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2005/08/16 12:49:39 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2005/08/16 06:50:01 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/16 06:50:01 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/16 06:49:40 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2005/08/16 06:49:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2005/08/16 06:49:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2005/08/16 06:49:39 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:18:40 | 000,713,216 | ---- | C] () -- C:\WINDOWS\System32\sxs.dll
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/30 00:13:22 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/05 10:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[1999/01/27 00:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/12 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/03/17 23:59:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2006/01/01 05:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\acccore
[2006/03/11 05:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Alien Skin
[2010/04/27 15:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Any Video Converter
[2008/12/24 10:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\avidemux
[2009/12/31 14:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Azureus
[2008/09/07 12:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\com.adobe.example.NFL-Countdown.7AE105D383F287E7D49518EE19AFF40385BCDC49.1
[2007/05/05 01:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Flickr
[2008/03/25 11:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Grisoft
[2008/12/24 10:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\gtk-2.0
[2009/09/18 08:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ImgBurn
[2006/01/10 01:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Leadertech
[2009/04/06 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Moyea
[2007/05/04 10:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Opera
[2006/06/18 04:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Pegasys Inc
[2007/06/16 06:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Sony
[2007/03/04 13:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\STOIK
[2009/06/10 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2007/05/09 12:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Ulead Systems
[2007/04/01 10:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Viewpoint
[2010/02/22 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Vso
[2006/11/30 22:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Azureus
[2009/12/03 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/14 12:16:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/03/04 12:00:13 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/04/27 12:55:13 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/04/27 21:40:48 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE3C1414-9CFC-4447-9B26-1C0AA1AD6720}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/04/27 09:44:55 | 000,035,328 | ---- | M] ()(C:\Documents and Settings\Al\Desktop\???Calender.xls) -- C:\Documents and Settings\Al\Desktop\須藤様Calender.xls
[2010/04/27 09:44:51 | 000,035,328 | ---- | C] ()(C:\Documents and Settings\Al\Desktop\???Calender.xls) -- C:\Documents and Settings\Al\Desktop\須藤様Calender.xls
[2009/12/01 10:55:25 | 000,031,232 | ---- | M] ()(C:\Documents and Settings\Al\My Documents\???TransS...xls) -- C:\Documents and Settings\Al\My Documents\コピーTransS...xls
[2009/12/01 10:55:22 | 000,031,232 | ---- | C] ()(C:\Documents and Settings\Al\My Documents\???TransS...xls) -- C:\Documents and Settings\Al\My Documents\コピーTransS...xls
[2006/11/28 09:35:09 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Al\My Documents\??.doc) -- C:\Documents and Settings\Al\My Documents\香は.doc
[2006/11/28 09:32:42 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Al\My Documents\??.doc) -- C:\Documents and Settings\Al\My Documents\香は.doc
< End of report >


OTL Extras logfile created on: 5/2/2010 7:38:05 AM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 3.83 Gb Free Space | 5.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"57943:TCP" = 57943:TCP:*:Enabled:PandoRest Listening Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0 Templates
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BC54817-EB7E-4C63-8A03-E4C2E7F3FFD1}" = PlayGear Skins 1.00
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A85C5601-E614-58D4-C4ED-E01A9D56D59D}" = MyFonts Order M2074256
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-5A76-5A64-7E8A45000001}" = Adobe Reader Japanese Fonts
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}" = Logitech QuickCam Software
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced PDF to IMAGE converter_is1" = Advanced PDF to IMAGE converter 1.9.9.5
"AIM_6.0" = AIM 6.0
"Any Video Converter_is1" = Any Video Converter 2.7.6
"Audacity_is1" = Audacity 1.2.2
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.2.1.0
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"F-CDテンプレートダウンロードソフト" = F-CDテンプレートダウンロードソフト
"FileZilla" = FileZilla (remove only)
"Flickr Uploadr" = Flickr Uploadr 2.5.0.14
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"LimeWire" = LimeWire 4.10.2
"Magic ISO Maker v5.1 (build 0185)" = Magic ISO Maker v5.1 (build 0185)
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006a" = MSN Money Investment Toolbox
"Money2008b" = Microsoft Money Plus
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Lite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"PremElem30" = Adobe Premiere Elements 3.0
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"ProInst" = Intel® PROSet/Wireless Software
"QcDrv" = Logitech Camera Driver
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = Skype 2.5
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.1
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Ripper Platinum" = Xilisoft DVD Ripper Platinum
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Draw 4 App" = Draw 4 App
"ESPN Java Check" = ESPN Java Check
"Move Media Player" = Move Media Player

< End of report >


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 02 May 2010 - 03:21 AM

Please rerun OTLPE. Copy and Paste the following code into the textbox. Do not include the word "Code"
CODE
netsvcs
msconfig
safebootminimal
safebootnetwork
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click Run Scan and post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 slick8421

slick8421
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 02 May 2010 - 05:22 AM


I pasted the code and ran another scan.
Here are the results...

OTL logfile created on: 5/2/2010 10:05:42 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 3.83 Gb Free Space | 5.49% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.83% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 01:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/26 22:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 00:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/15 22:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/15 21:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/15 20:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 11:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 01:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/07 22:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 06:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/09/10 00:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/13 05:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/27 16:31:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 02:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/17 22:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/07 02:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 06:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/13 12:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/09/01 00:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/04/04 05:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 18:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 18:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 18:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2009/11/12 17:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/15 21:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/15 21:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/15 21:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/15 21:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/15 21:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/15 23:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 14:46:07 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/01 09:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/02/24 23:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 03:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/01 15:27:45 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/09/01 15:24:44 | 001,081,856 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2005/09/01 15:20:51 | 000,022,528 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/09/01 00:11:52 | 001,912,064 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/09/01 00:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/09/01 00:09:28 | 002,169,984 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/08/03 12:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/03/11 00:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 18:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 22:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/31 10:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/10 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/17 22:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 22:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 22:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Al_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Al_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Al_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Al_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\Al_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Al_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 04:27:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 14:00:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/21 22:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/28 10:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/28 10:19:41 | 000,000,000 | ---D | M]

[2010/03/31 21:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/23 05:15:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/19 23:42:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/09 00:16:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/11 07:19:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/09 08:48:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/08 04:35:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/21 22:46:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/21 08:16:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/09 09:26:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/04 10:39:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/03/31 21:38:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/01/23 05:15:20 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/23 05:15:20 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 04:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/03/08 15:28:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/11/21 17:45:04 | 001,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/11/21 17:45:26 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/01/23 05:15:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 06:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/02/07 10:57:13 | 000,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/03/28 10:19:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/03/28 10:19:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/03/28 10:19:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/02/07 10:57:26 | 000,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2006/02/07 10:57:04 | 000,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2010/01/23 05:15:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/23 05:15:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/23 05:15:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/23 05:15:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/23 05:15:32 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/23 05:15:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/23 05:15:32 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/02/19 12:01:17 | 000,296,543 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10268 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - €Aレ78D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Al_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Al_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Al_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Al_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Al_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlmanager.akamaitools.com.edgesuite...vex-2.0.4.4.cab (DownloadManager Control)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1162651392450 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/01/01 06:01:55 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe - File not found
MsConfig - StartUpReg: Adobe Version Cue CS2 - hkey= - key= - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechCameraAssistant - hkey= - key= - C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechVideo[inspector] - hkey= - key= - C:\Program Files\Logitech\Video\InstallHelper.exe (Logitech Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MskAgentexe - hkey= - key= - C:\Program Files\McAfee\MSK\MskAgent.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PlaxoUpdate - hkey= - key= - C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe ()
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/02 05:45:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/04/18 12:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\My Documents\Rich Dad Toolkit
[2007/03/03 09:27:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Al\Application Data\pcouffin.sys
[2006/09/18 08:10:46 | 000,064,544 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Al\MSSSerif96.fon
[2006/01/10 01:02:08 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Al\MSSSerif120.fon
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/02 07:45:36 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/01 17:28:35 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/01 17:28:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 23:02:51 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/27 23:02:51 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/27 23:02:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 23:02:12 | 000,055,633 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/27 23:02:09 | 011,534,336 | -H-- | M] () -- C:\Documents and Settings\Al\NTUSER.DAT
[2010/04/27 23:02:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Al\ntuser.ini
[2010/04/27 23:00:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/04/27 23:00:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/04/27 22:43:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 21:40:48 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE3C1414-9CFC-4447-9B26-1C0AA1AD6720}.job
[2010/04/27 14:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/04/27 14:47:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/04/27 13:22:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/04/27 13:22:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/04/27 12:55:13 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/27 12:10:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/04/27 12:10:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/04/27 10:52:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/04/27 10:52:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/04/27 09:18:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/04/27 09:18:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/27 09:15:33 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Trillian.lnk
[2010/04/26 22:22:54 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Shinagawa_Twins_map.doc
[2010/04/26 22:21:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/04/26 22:21:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/04/26 05:40:25 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Microsoft Office Word 2003.lnk
[2010/04/26 02:43:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 22:33:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/04/25 22:33:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/04/25 22:08:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\Emotional Intelligence vocab quiz.doc
[2010/04/25 21:40:25 | 006,160,384 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\My Money.mny
[2010/04/25 21:15:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/04/25 21:15:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/04/25 11:33:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/04/25 11:33:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/04/25 09:23:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/04/25 09:23:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/04/25 09:21:28 | 001,238,109 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-25_222124.mbf
[2010/04/24 21:32:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/04/24 21:32:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/04/24 13:28:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/04/24 13:28:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/04/24 09:38:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/04/24 09:38:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/04/24 09:25:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/04/24 09:25:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/24 00:30:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/24 00:30:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/23 20:53:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/04/23 20:53:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/04/23 14:16:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/23 14:15:22 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 13:05:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/04/23 13:05:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/04/23 10:43:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/04/23 10:43:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/04/23 10:33:21 | 001,192,169 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-23_233317.mbf
[2010/04/23 04:04:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/04/23 04:04:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/04/21 05:44:51 | 001,220,217 | R--- | M] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-21_184447.mbf
[2010/04/15 20:51:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 17:21:13 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/14 17:19:27 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/13 09:07:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/11 07:41:47 | 000,192,595 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\f2555ez2009.pdf
[2010/04/11 07:41:24 | 000,323,510 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\f10402009.pdf
[2010/04/09 04:24:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/01 17:28:35 | 2138,505,216 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/26 22:22:52 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Shinagawa_Twins_map.doc
[2010/04/25 22:08:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\Emotional Intelligence vocab quiz.doc
[2010/04/25 09:21:28 | 001,238,109 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-25_222124.mbf
[2010/04/23 10:33:21 | 001,192,169 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-23_233317.mbf
[2010/04/21 05:44:51 | 001,220,217 | R--- | C] () -- C:\Documents and Settings\Al\My Documents\My Money Backup_2010-04-21_184447.mbf
[2009/03/17 12:39:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/28 13:39:52 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/28 13:39:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/25 10:07:51 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/03/20 12:14:19 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ARFolder.INI
[2008/03/16 20:03:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/25 09:52:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/21 13:46:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\hlp-fastamr.dll
[2008/02/18 14:15:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2008/02/18 14:15:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2008/01/09 02:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/09/03 03:38:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2007/09/03 03:38:37 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2007/09/03 03:38:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007/07/13 20:13:15 | 000,000,159 | ---- | C] () -- C:\WINDOWS\pdf2image.INI
[2007/03/04 04:27:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/03/03 09:28:06 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.log
[2007/03/03 09:27:43 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\ezpinst.exe
[2007/03/03 09:27:43 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.cat
[2007/03/03 09:27:43 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.inf
[2007/03/03 09:14:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/11/06 16:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/07/21 04:49:46 | 000,010,238 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/07/21 04:40:09 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/06/08 05:48:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MenuEditFree.INI
[2006/06/05 11:32:38 | 000,000,499 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2006/04/14 10:12:32 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Al\default.pls
[2006/04/14 10:08:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/07 23:12:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/06 04:26:19 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\147D722473.sys
[2006/01/04 05:43:16 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 05:53:27 | 000,040,126 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\FASTWiz.log
[2006/01/01 05:35:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/01 04:54:17 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\fusioncache.dat
[2006/01/01 04:54:16 | 011,534,336 | -H-- | C] () -- C:\Documents and Settings\Al\NTUSER.DAT
[2006/01/01 04:54:16 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Al\ntuser.dat.LOG
[2006/01/01 04:54:16 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Al\ntuser.ini
[2005/12/15 16:18:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 16:06:01 | 000,000,154 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 15:58:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/15 15:36:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2005/12/15 15:36:42 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2005/12/15 15:31:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/12/15 15:30:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/01 00:11:52 | 001,912,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/09/01 00:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/09/01 00:09:28 | 002,169,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/08/16 22:52:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/08/16 12:50:00 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/16 12:49:39 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2005/08/16 12:49:39 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2005/08/16 06:50:01 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/16 06:50:01 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/16 06:49:40 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2005/08/16 06:49:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2005/08/16 06:49:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2005/08/16 06:49:39 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:18:40 | 000,713,216 | ---- | C] () -- C:\WINDOWS\System32\sxs.dll
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/30 00:13:22 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/05 10:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[1999/01/27 00:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/12 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/03/17 23:59:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2006/01/01 05:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\acccore
[2006/03/11 05:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Alien Skin
[2010/04/27 15:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Any Video Converter
[2008/12/24 10:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\avidemux
[2009/12/31 14:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Azureus
[2008/09/07 12:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\com.adobe.example.NFL-Countdown.7AE105D383F287E7D49518EE19AFF40385BCDC49.1
[2007/05/05 01:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Flickr
[2008/03/25 11:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Grisoft
[2008/12/24 10:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\gtk-2.0
[2009/09/18 08:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ImgBurn
[2006/01/10 01:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Leadertech
[2009/04/06 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Moyea
[2007/05/04 10:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Opera
[2006/06/18 04:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Pegasys Inc
[2007/06/16 06:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Sony
[2007/03/04 13:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\STOIK
[2009/06/10 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2007/05/09 12:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Ulead Systems
[2007/04/01 10:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Viewpoint
[2010/02/22 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Vso
[2006/11/30 22:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Azureus
[2009/12/03 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/14 12:16:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/03/04 12:00:13 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/04/27 12:55:13 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/04/27 21:40:48 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE3C1414-9CFC-4447-9B26-1C0AA1AD6720}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/02/24 22:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Files - Unicode (All) ==========
[2010/04/27 09:44:55 | 000,035,328 | ---- | M] ()(C:\Documents and Settings\Al\Desktop\???Calender.xls) -- C:\Documents and Settings\Al\Desktop\須藤様Calender.xls
[2010/04/27 09:44:51 | 000,035,328 | ---- | C] ()(C:\Documents and Settings\Al\Desktop\???Calender.xls) -- C:\Documents and Settings\Al\Desktop\須藤様Calender.xls
[2009/12/01 10:55:25 | 000,031,232 | ---- | M] ()(C:\Documents and Settings\Al\My Documents\???TransS...xls) -- C:\Documents and Settings\Al\My Documents\コピーTransS...xls
[2009/12/01 10:55:22 | 000,031,232 | ---- | C] ()(C:\Documents and Settings\Al\My Documents\???TransS...xls) -- C:\Documents and Settings\Al\My Documents\コピーTransS...xls
[2006/11/28 09:35:09 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Al\My Documents\??.doc) -- C:\Documents and Settings\Al\My Documents\香は.doc
[2006/11/28 09:32:42 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Al\My Documents\??.doc) -- C:\Documents and Settings\Al\My Documents\香は.doc
< End of report >

OTL Extras logfile created on: 5/2/2010 10:05:42 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 3.83 Gb Free Space | 5.49% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.83% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"57943:TCP" = 57943:TCP:*:Enabled:PandoRest Listening Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0 Templates
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BC54817-EB7E-4C63-8A03-E4C2E7F3FFD1}" = PlayGear Skins 1.00
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A85C5601-E614-58D4-C4ED-E01A9D56D59D}" = MyFonts Order M2074256
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-5A76-5A64-7E8A45000001}" = Adobe Reader Japanese Fonts
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}" = Logitech QuickCam Software
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced PDF to IMAGE converter_is1" = Advanced PDF to IMAGE converter 1.9.9.5
"AIM_6.0" = AIM 6.0
"Any Video Converter_is1" = Any Video Converter 2.7.6
"Audacity_is1" = Audacity 1.2.2
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.2.1.0
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"F-CDテンプレートダウンロードソフト" = F-CDテンプレートダウンロードソフト
"FileZilla" = FileZilla (remove only)
"Flickr Uploadr" = Flickr Uploadr 2.5.0.14
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"LimeWire" = LimeWire 4.10.2
"Magic ISO Maker v5.1 (build 0185)" = Magic ISO Maker v5.1 (build 0185)
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006a" = MSN Money Investment Toolbox
"Money2008b" = Microsoft Money Plus
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Lite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"PremElem30" = Adobe Premiere Elements 3.0
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"ProInst" = Intel® PROSet/Wireless Software
"QcDrv" = Logitech Camera Driver
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = Skype 2.5
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.1
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Ripper Platinum" = Xilisoft DVD Ripper Platinum
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Draw 4 App" = Draw 4 App
"ESPN Java Check" = ESPN Java Check
"Move Media Player" = Move Media Player

< End of report >


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 02 May 2010 - 05:32 AM

Please copy/paste the following in OTLPE, click the None button (its located next to Run Scan) and then click Run scan.

Post me the resulting log (it will be short).

CODE
/md5start
svchost.exe
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 slick8421

slick8421
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 02 May 2010 - 05:52 AM

Hi Elise,

Thanks for the continued help.

Here is the new log...


OTL logfile created on: 5/2/2010 11:42:05 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 3.83 Gb Free Space | 5.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Custom Scans ==========



< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< End of report >


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 02 May 2010 - 06:08 AM

Did you try to boot in Last Known Good Configuration?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users