The Jotti Online Malware Scan finished with 1 out of 20 scanners reporting Malware:
SOPHOS reported "Sus/UnkPacker"
The OTS.Txt file follows:
- Code: Select all
OTS logfile created on: 6/15/2009 9:11:47 PM - Run 1 OTS by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\28YFV15L Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.09 Mb Total Physical Memory | 234.78 Mb Available Physical Memory | 46.03% Memory free 1.97 Gb Paging File | 1.57 Gb Available in Paging File | 79.95% Paging File free Paging file location(s): C:\pagefile.sys 1536 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.80 Gb Total Space | 32.46 Gb Free Space | 46.51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 465.76 Gb Total Space | 459.46 Gb Free Space | 98.65% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL_DESKOP Current User Name: Bruce Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/05/31 15:15:20 | 01,005,904 | ---- | M] (Lavasoft) aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/05/31 15:15:21 | 00,518,488 | ---- | M] (Lavasoft) alg.exe -> C:\WINDOWS\System32\alg.exe -> [2009/05/12 20:01:07 | 00,044,544 | ---- | M] () ati2evxx.exe -> C:\WINDOWS\System32\Ati2evxx.exe -> [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) bdagent.exe -> C:\Program Files\Softwin\BitDefender10\bdagent.exe -> [2007/03/26 14:49:46 | 00,069,632 | ---- | M] (SOFTWIN S.R.L.) bdss.exe -> C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -> [2007/01/19 15:12:56 | 00,081,920 | ---- | M] () ctfmon.exe -> C:\WINDOWS\System32\ctfmon.exe -> [2009/05/12 20:00:50 | 00,015,360 | ---- | M] () dllhost.exe -> C:\WINDOWS\System32\dllhost.exe -> [2009/05/15 04:19:47 | 00,005,120 | ---- | M] () dvzincmsgr.exe -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe -> [2009/05/12 20:00:43 | 00,028,672 | ---- | M] () ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2009/05/19 01:30:11 | 00,237,568 | ---- | M] () ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2009/05/15 04:18:12 | 00,102,912 | ---- | M] () explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2009/05/12 20:00:59 | 01,033,216 | ---- | M] (Microsoft Corporation) hotsync.exe -> C:\Program Files\palmOne\Hotsync.exe -> [2009/05/12 20:00:45 | 00,468,240 | ---- | M] () iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -> [2009/05/15 04:18:18 | 00,086,016 | ---- | M] () intuitupdateservice.exe -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/06/03 22:03:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/06/03 22:03:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) livesrv.exe -> C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -> [2008/07/11 16:55:40 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2009/05/15 04:19:43 | 00,099,328 | ---- | M] () mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] () ots[1].exe -> C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\28YFV15L\OTS[1].exe -> [2009/06/15 21:11:23 | 00,507,392 | ---- | M] (OldTimer Tools) quickdcf2.exe -> C:\Program Files\FinePixViewerS\QuickDCF2.exe -> [2007/01/30 12:02:28 | 00,303,104 | ---- | M] (FUJIFILM Corporation) spoolsv.exe -> C:\WINDOWS\System32\spoolsv.exe -> [2009/05/13 22:07:40 | 00,057,856 | ---- | M] () sprtcmd.exe -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2004/08/10 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) vsserv.exe -> C:\Program Files\Softwin\BitDefender10\vsserv.exe -> [2007/10/24 13:16:44 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.) wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/05/12 20:02:00 | 00,227,840 | ---- | M] () wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2004/08/10 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) xcommsvr.exe -> C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -> [2006/11/09 12:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) ybrwicon.exe -> C:\Program Files\Yahoo!\browser\ybrwicon.exe -> [2009/05/13 22:21:57 | 00,129,536 | ---- | M] () ycommon.exe -> C:\Program Files\Yahoo!\browser\ycommon.exe -> [2009/05/13 07:11:03 | 00,200,704 | ---- | M] () [Win32 Services - Safe List] (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> C:\WINDOWS\System32\alg.exe -> [2009/05/12 20:01:07 | 00,044,544 | ---- | M] () (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\Ati2evxx.exe -> [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) (bdss) BitDefender Scan Server [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -> [2007/01/19 15:12:56 | 00,081,920 | ---- | M] () (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (COMSysApp) COM+ System Application [Win32_Own | On_Demand | Running] -> C:\WINDOWS\System32\dllhost.exe -> [2009/05/15 04:19:47 | 00,005,120 | ---- | M] () (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () (ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Start_Pending] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2009/05/19 01:30:11 | 00,237,568 | ---- | M] () (ehSched) Media Center Scheduler Service [Win32_Own | Auto | Start_Pending] -> C:\WINDOWS\eHome\ehSched.exe -> [2009/05/15 04:18:12 | 00,102,912 | ---- | M] () (Fax) Fax [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\fxssvc.exe -> [2009/05/12 20:01:15 | 00,267,776 | ---- | M] () (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/10 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) (IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -> [2009/05/15 04:18:18 | 00,086,016 | ---- | M] () (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\imapi.exe -> [2009/05/12 20:01:16 | 00,150,016 | ---- | M] () (IntuitUpdateService) Intuit Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/06/03 22:03:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/05/31 15:15:20 | 01,005,904 | ---- | M] (Lavasoft) (LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -> [2008/07/11 16:55:40 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) (McrdSvc) Media Center Extender Service [Win32_Own | Auto | Start_Pending] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2009/05/15 04:19:43 | 00,099,328 | ---- | M] () (MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 03:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) (MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\msiexec.exe -> [2009/05/14 10:49:39 | 00,078,848 | ---- | M] () (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation) (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\HPZipm12.exe -> [2009/05/13 07:13:10 | 00,081,920 | R--- | M] () (RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\rsvp.exe -> [2009/05/13 07:13:45 | 00,132,608 | ---- | M] () (Spooler) Print Spooler [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\spoolsv.exe -> [2009/05/13 22:07:40 | 00,057,856 | ---- | M] () (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) (SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\dllhost.exe -> [2009/05/15 04:19:47 | 00,005,120 | ---- | M] () (VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> C:\Program Files\Softwin\BitDefender10\vsserv.exe -> [2007/10/24 13:16:44 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.) (WinDefend) Windows Defender [Win32_Own | Auto | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -> [2006/11/09 12:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) [Driver Services - Safe List] (2WIREPCP) 2Wire USB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\2WirePCP.sys -> [2003/04/17 20:48:09 | 00,068,672 | R--- | M] (2Wire, Inc.) (426f12d8) 426f12d8 [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\426f12d8.sys -> [2009/05/19 00:04:13 | 00,000,000 | ---- | M] () (AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\AFS2K.SYS -> [2004/10/07 18:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) (AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2004/08/03 22:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) (ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2005/11/29 16:43:13 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -> [2005/08/04 03:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) (drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) (drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\drvnddm.sys -> [2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) (DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) (dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -> [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\e100b325.sys -> [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\e1e5132.sys -> [2005/03/31 22:04:52 | 00,180,736 | ---- | M] (Intel Corporation) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -> [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) (grmnusb) grmnusb [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\grmnusb.sys -> [2003/09/23 08:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2004/08/12 16:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2003/03/09 13:31:00 | 00,051,024 | R--- | M] (HP) (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2003/03/09 13:31:02 | 00,016,080 | R--- | M] (HP) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2003/03/09 13:31:02 | 00,021,456 | R--- | M] (HP) (iastor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\iastor.sys -> [2005/06/17 11:33:40 | 00,872,064 | ---- | M] (Intel Corporation) (Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2009/05/24 15:15:15 | 00,064,160 | ---- | M] (Lavasoft AB) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) (nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\PalmUSBD.sys -> [2004/06/09 13:37:42 | 00,016,694 | ---- | M] (PalmSource, Inc.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) (Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2004/08/03 22:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) (sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\System32\drivers\sscdbhk5.sys -> [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) (ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\System32\drivers\ssrtln.sys -> [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) (STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\sthda.sys -> [2005/06/14 21:40:08 | 00,180,864 | ---- | M] (SigmaTel, Inc.) (symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) (tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnboio.sys -> [2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) (tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsncofs.sys -> [2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) (tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsndrct.sys -> [2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) (tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsndres.sys -> [2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) (tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnifs.sys -> [2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) (tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnopio.sys -> [2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) (tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnpool.sys -> [2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) (tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnudf.sys -> [2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnudfa.sys -> [2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) (ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell4me.com/myway -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://att.yahoo.com -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://att.yahoo.com -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> [2007/12/18 14:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.) HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: "ProxyOverride" -> *.local -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\firefox\extensions -> -> HKLM\software\mozilla\firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/06/03 22:03:04 | 00,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > (698 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/12/18 14:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.) {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated) {B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/06/03 22:03:02 | 00,041,368 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/06/03 22:03:04 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> [2007/12/18 14:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> [2007/12/18 14:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "2wSysTray" -> C:\Program Files\2Wire\2PortalMon.exe [C:\Program Files\2Wire\2PortalMon.exe] -> [2009/05/13 22:47:51 | 00,393,216 | ---- | M] () "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) "Ad-Watch" -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009/05/31 15:15:21 | 00,518,488 | ---- | M] (Lavasoft) "BDAgent" -> C:\Program Files\Softwin\BitDefender10\bdagent.exe ["C:\Program Files\Softwin\BitDefender10\bdagent.exe"] -> [2007/03/26 14:49:46 | 00,069,632 | ---- | M] (SOFTWIN S.R.L.) "dellsupportcenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter] -> [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) "SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/06/03 22:03:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ctfmon.exe" -> C:\WINDOWS\System32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> [2009/05/12 20:00:50 | 00,015,360 | ---- | M] () "MSMSGS" -> C:\Program Files\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] () < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe -> [2009/05/12 20:00:43 | 00,028,672 | ---- | M] () C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk -> C:\Program Files\FinePixViewerS\QuickDCF2.exe -> [2007/01/30 12:02:28 | 00,303,104 | ---- | M] (FUJIFILM Corporation) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk -> C:\Program Files\palmOne\Hotsync.exe -> [2009/05/12 20:00:45 | 00,468,240 | ---- | M] () C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [2009/05/14 10:06:42 | 00,065,536 | ---- | M] () < Annabelle.DELL_DESKOP Startup Folder > -> C:\Documents and Settings\Annabelle.DELL_DESKOP\Start Menu\Programs\Startup -> < Bruce Startup Folder > -> C:\Documents and Settings\Bruce\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Michelle Startup Folder > -> C:\Documents and Settings\Michelle\Start Menu\Programs\Startup -> < Olivia Startup Folder > -> C:\Documents and Settings\Olivia\Start Menu\Programs\Startup -> < Visitor Startup Folder > -> C:\Documents and Settings\Visitor\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found \\"NoCDBurning" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found \\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoFolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableRegistryTools" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoFolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableRegistryTools" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoFolderOptions" -> [0] -> File not found \\"NoDriveTypeAutoRun" -> [157] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"disableregistrytools" -> [0] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: AT&T Yahoo! Services] -> [2007/12/12 15:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2009/05/14 10:40:39 | 00,557,568 | ---- | M] () {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] () {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] () < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] () < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] () < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5499 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5499 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5499 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5500 domain(s) found. -> turbotax.com .[https] -> Trusted sites -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll [Installation Support] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [HKLM] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 172.16.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {02DBB3A0-21B7-406B-8735-83758AEB38E3}\\DhcpNameServer -> 172.16.0.1 (2Wire Gateway USB) -> {9AB9E80D-F409-4373-B0A1-CD3037B00D38}\\DhcpNameServer -> 172.16.0.1 (Intel(R) PRO/1000 PL Network Connection) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> c:\windows\system32\patayaru.dll -> C:\WINDOWS\System32\patayaru.dll -> File not found c:\windows\system32\vakimotu.dll -> C:\WINDOWS\System32\vakimotu.dll -> File not found c:\windows\system32\posuyele.dll -> C:\WINDOWS\System32\posuyele.dll -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2009/05/12 20:00:59 | 01,033,216 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\System32\userinit.exe -> [2009/05/12 20:01:35 | 00,024,576 | ---- | M] () *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2009/05/12 20:01:18 | 00,514,560 | ---- | M] () *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2009/05/14 10:40:39 | 00,557,568 | ---- | M] () "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/10 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2009/05/14 10:40:39 | 00,557,568 | ---- | M] () "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/10 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE" -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE [C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger] -> File not found "C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server] -> [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] () "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" -> C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe [C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2007/03/08 01:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe [C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/04/07 14:55:54 | 03,679,784 | ---- | M] (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" -> C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2008/03/05 23:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/10/22 18:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) "C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\System32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui] -> [2009/05/12 20:01:18 | 00,514,560 | ---- | M] () "C:\WINDOWS\system32\lsass.exe" -> C:\WINDOWS\System32\lsass.exe [C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass] -> [2004/08/10 04:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\System32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2004/08/10 04:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \E HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell \E\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\autorun \E\shell\autorun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\autorun\command \E\shell\autorun\command\\"" -> E:\CDSTART.EXE [E:\CDSTART.EXE] -> File not found \{0aa2cd6e-2cf7-11dd-b91d-00123f774b16} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell \{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\AutoRun \{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\AutoRun\command \{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found \{361ac05d-0e0d-11da-9aa9-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> File not found [Files/Folders - Created Within 30 Days] User's Guide.lnk -> C:\Documents and Settings\All Users\Desktop\User's Guide.lnk -> [2009/06/15 09:01:00 | 00,001,751 | ---- | C] () FinePixViewer S.lnk -> C:\Documents and Settings\All Users\Desktop\FinePixViewer S.lnk -> [2009/06/15 09:01:00 | 00,001,644 | ---- | C] () Exif Launcher S.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk -> [2009/06/15 09:00:28 | 00,000,563 | ---- | C] () FinePixViewerS -> C:\Program Files\FinePixViewerS -> [2009/06/15 09:00:17 | 00,000,000 | ---D | C] settings.dat -> C:\Documents and Settings\Bruce\Desktop\settings.dat -> [2009/06/10 10:28:51 | 00,000,000 | ---- | C] () Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage -> [2009/06/05 18:48:26 | 00,000,000 | ---D | C] cmd.execf -> C:\WINDOWS\System32\cmd.execf -> [2009/06/04 19:36:32 | 00,388,608 | ---- | C] () 32788R22FWJFW -> C:\32788R22FWJFW -> [2009/06/04 19:36:25 | 00,000,000 | ---D | C] Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2009/06/03 21:57:39 | 00,001,729 | ---- | C] () Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [2009/06/03 21:57:08 | 00,000,000 | ---D | C] Config.Msi -> C:\Config.Msi -> [2009/06/03 21:49:26 | 00,000,000 | -HSD | C] RootRepeal.exe -> C:\Documents and Settings\Bruce\Desktop\RootRepeal.exe -> [2009/05/31 17:39:44 | 00,458,240 | ---- | C] ( ) HostsXpert -> C:\Documents and Settings\Bruce\My Documents\HostsXpert -> [2009/05/25 20:56:43 | 00,000,000 | ---D | C] HostsXpert.zip -> C:\Documents and Settings\Bruce\My Documents\HostsXpert.zip -> [2009/05/25 20:55:38 | 00,353,485 | ---- | C] () AT&T Yahoo! for Michelle (durepos@sbcglobal.net).lnk -> C:\Documents and Settings\Bruce\Desktop\AT&T Yahoo! for Michelle (durepos@sbcglobal.net).lnk -> [2009/05/25 19:38:37 | 00,001,788 | ---- | C] () fixcpl.reg -> C:\Documents and Settings\Bruce\My Documents\fixcpl.reg -> [2009/05/25 10:07:47 | 00,000,496 | ---- | C] () Debugging Tools for Windows (x86) -> C:\Program Files\Debugging Tools for Windows (x86) -> [2009/05/25 08:29:33 | 00,000,000 | ---D | C] lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2009/05/25 07:32:54 | 00,015,688 | ---- | C] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/05/24 15:16:12 | 00,000,472 | ---- | C] () Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2009/05/24 15:16:04 | 00,064,160 | ---- | C] (Lavasoft AB) {83C91755-2546-441D-AC40-9A6B4B860800} -> C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} -> [2009/05/24 15:12:08 | 00,000,000 | -H-D | C] Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/05/24 15:12:05 | 00,000,867 | ---- | C] () Lavasoft -> C:\Program Files\Lavasoft -> [2009/05/24 15:11:36 | 00,000,000 | ---D | C] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2009/05/24 15:11:36 | 00,000,000 | ---D | C] Bitdefender -> C:\Documents and Settings\Bruce\Application Data\Bitdefender -> [2009/05/24 14:34:16 | 00,000,000 | ---D | C] bdod.bin -> C:\WINDOWS\System32\bdod.bin -> [2009/05/24 11:00:56 | 00,081,984 | ---- | C] () BitDefender Free Edition v10.lnk -> C:\Documents and Settings\All Users\Desktop\BitDefender Free Edition v10.lnk -> [2009/05/24 10:55:21 | 00,001,795 | ---- | C] () BitDefender -> C:\Documents and Settings\All Users\Application Data\BitDefender -> [2009/05/24 10:54:54 | 00,000,000 | ---D | C] Softwin -> C:\Program Files\Softwin -> [2009/05/24 10:54:53 | 00,000,000 | ---D | C] Softwin -> C:\Program Files\Common Files\Softwin -> [2009/05/24 10:52:30 | 00,000,000 | ---D | C] pss -> C:\WINDOWS\pss -> [2009/05/23 22:56:29 | 00,000,000 | ---D | C] Recent -> C:\Documents and Settings\Bruce\Recent -> [2009/05/23 21:53:22 | 00,000,000 | RH-D | C] CCleaner.lnk -> C:\Documents and Settings\Bruce\Desktop\CCleaner.lnk -> [2009/05/23 19:31:35 | 00,001,548 | ---- | C] () CCleaner -> C:\Program Files\CCleaner -> [2009/05/23 19:31:31 | 00,000,000 | ---D | C] Uniblue -> C:\Documents and Settings\Bruce\Application Data\Uniblue -> [2009/05/23 15:48:51 | 00,000,000 | ---D | C] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/05/20 07:20:48 | 00,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\Bruce\Application Data\Malwarebytes -> [2009/05/19 20:23:17 | 00,000,000 | ---D | C] mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/05/19 20:23:09 | 00,019,096 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/05/19 20:23:09 | 00,000,696 | ---- | C] () mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/05/19 20:23:06 | 00,040,160 | ---- | C] (Malwarebytes Corporation) Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/05/19 20:23:05 | 00,000,000 | ---D | C] Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/05/19 20:23:04 | 00,000,000 | ---D | C] procexp.exe -> C:\Documents and Settings\Bruce\Desktop\procexp.exe -> [2009/05/19 19:29:05 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) Utilities -> C:\Utilities -> [2009/05/19 19:28:33 | 00,000,000 | ---D | C] Windows Defender -> C:\Program Files\Windows Defender -> [2009/05/19 07:15:54 | 00,000,000 | ---D | C] hiberfil.sys -> C:\hiberfil.sys -> [2009/05/19 07:03:54 | 53,494,1696 | -HS- | C] () 426f12d8.sys -> C:\WINDOWS\System32\drivers\426f12d8.sys -> [2009/05/12 13:31:22 | 00,000,000 | ---- | C] () msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2007/05/28 15:09:50 | 00,000,002 | ---- | C] () QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2007/03/31 14:17:59 | 00,000,214 | ---- | C] () xreglib.dll -> C:\WINDOWS\System32\xreglib.dll -> [2007/01/31 13:50:32 | 00,913,408 | ---- | C] () EAC7C21228.sys -> C:\WINDOWS\System32\EAC7C21228.sys -> [2006/05/05 07:50:19 | 00,000,056 | RHS- | C] () mdm.ini -> C:\WINDOWS\mdm.ini -> [2006/03/12 20:02:24 | 00,000,063 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/01/08 09:44:34 | 00,000,376 | ---- | C] () YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2005/12/11 16:24:00 | 00,065,536 | ---- | C] () KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2005/12/11 15:50:29 | 00,004,392 | -HS- | C] () 7BE1B12C1D.sys -> C:\WINDOWS\System32\7BE1B12C1D.sys -> [2005/12/11 15:50:29 | 00,000,056 | RHS- | C] () hpotscl.dll -> C:\WINDOWS\System32\hpotscl.dll -> [2005/12/11 15:26:07 | 00,561,152 | R--- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005/11/29 16:53:17 | 00,000,061 | ---- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/11/29 16:45:07 | 00,004,178 | ---- | C] () OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/11/29 16:20:48 | 00,000,387 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/08/16 03:37:24 | 00,001,793 | ---- | C] () win.ini -> C:\WINDOWS\win.ini -> [2005/08/16 03:18:43 | 00,000,709 | ---- | C] () SYSTEM.INI -> C:\WINDOWS\SYSTEM.INI -> [2005/08/16 03:18:41 | 00,000,231 | ---- | C] () psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 13:01:54 | 00,235,008 | ---- | C] () px.ini -> C:\WINDOWS\System32\px.ini -> [2005/04/09 16:04:54 | 00,000,000 | ---- | C] () patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2003/07/14 12:30:28 | 00,197,120 | ---- | C] () MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 11:46:58 | 00,065,536 | ---- | C] () [Files/Folders - Modified Within 30 Days] 34 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 44 C:\Documents and Settings\Bruce\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Bruce\Local Settings\Temp\*.tmp -> 128 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> bdod.bin -> C:\WINDOWS\System32\bdod.bin -> [2009/06/15 19:58:58 | 00,081,984 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/06/15 15:15:24 | 00,000,472 | ---- | M] () AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/06/15 11:54:03 | 00,000,284 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/06/15 09:05:41 | 00,002,206 | ---- | M] () Perflib_Perfdata_5e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat -> [2009/06/15 09:03:39 | 00,016,384 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/06/15 09:03:26 | 00,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/06/15 09:03:24 | 00,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2009/06/15 09:03:22 | 53,494,1696 | -HS- | M] () ntuser.dat -> C:\Documents and Settings\Bruce\ntuser.dat -> [2009/06/15 09:02:41 | 06,815,744 | -H-- | M] () ntuser.ini -> C:\Documents and Settings\Bruce\ntuser.ini -> [2009/06/15 09:02:09 | 00,000,278 | -HS- | M] () User's Guide.lnk -> C:\Documents and Settings\All Users\Desktop\User's Guide.lnk -> [2009/06/15 09:01:00 | 00,001,751 | ---- | M] () FinePixViewer S.lnk -> C:\Documents and Settings\All Users\Desktop\FinePixViewer S.lnk -> [2009/06/15 09:01:00 | 00,001,644 | ---- | M] () Exif Launcher S.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk -> [2009/06/15 09:00:28 | 00,000,563 | ---- | M] () settings.dat -> C:\Documents and Settings\Bruce\Desktop\settings.dat -> [2009/06/10 10:28:51 | 00,000,000 | ---- | M] () RootRepeal.exe -> C:\Documents and Settings\Bruce\Desktop\RootRepeal.exe -> [2009/06/10 10:28:06 | 00,458,240 | ---- | M] ( ) iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009/06/06 13:10:10 | 00,002,137 | ---- | M] () cmd.execf -> C:\WINDOWS\System32\cmd.execf -> [2009/06/04 19:36:32 | 00,388,608 | ---- | M] () Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2009/06/03 21:57:39 | 00,001,729 | ---- | M] () lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2009/05/31 15:16:01 | 00,015,688 | ---- | M] () hpfr3420.xml -> C:\hpfr3420.xml -> [2009/05/30 15:08:39 | 00,000,522 | ---- | M] () mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/05/25 20:58:29 | 00,000,698 | R--- | M] () HostsXpert.zip -> C:\Documents and Settings\Bruce\My Documents\HostsXpert.zip -> [2009/05/25 20:55:41 | 00,353,485 | ---- | M] () AT&T Yahoo! for Michelle (durepos@sbcglobal.net).lnk -> C:\Documents and Settings\Bruce\Desktop\AT&T Yahoo! for Michelle (durepos@sbcglobal.net).lnk -> [2009/05/25 19:38:37 | 00,001,788 | ---- | M] () fixcpl.reg -> C:\Documents and Settings\Bruce\My Documents\fixcpl.reg -> [2009/05/25 10:07:51 | 00,000,496 | ---- | M] () Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2009/05/24 15:15:15 | 00,064,160 | ---- | M] (Lavasoft AB) Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/05/24 15:12:05 | 00,000,867 | ---- | M] () Perflib_Perfdata_1f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f4.dat -> [2009/05/24 14:19:57 | 00,016,384 | ---- | M] () BitDefender Free Edition v10.lnk -> C:\Documents and Settings\All Users\Desktop\BitDefender Free Edition v10.lnk -> [2009/05/24 10:55:21 | 00,001,795 | ---- | M] () CCleaner.lnk -> C:\Documents and Settings\Bruce\Desktop\CCleaner.lnk -> [2009/05/23 19:31:35 | 00,001,548 | ---- | M] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/05/23 11:53:53 | 00,004,178 | ---- | M] () IconCache.db -> C:\Documents and Settings\Bruce\Local Settings\Application Data\IconCache.db -> [2009/05/20 20:38:08 | 03,267,502 | -H-- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/05/19 20:23:09 | 00,000,696 | ---- | M] () index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/05/19 19:27:34 | 00,081,920 | ---- | M] () index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2009/05/19 19:27:34 | 00,032,768 | ---- | M] () index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2009/05/19 19:27:34 | 00,032,768 | ---- | M] () 426f12d8.sys -> C:\WINDOWS\System32\drivers\426f12d8.sys -> [2009/05/19 00:04:13 | 00,000,000 | ---- | M] () hosts.20090520-194324.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20090520-194324.backup -> [2009/05/18 23:18:42 | 00,000,003 | ---- | M] () regedit.exe -> C:\WINDOWS\regedit.exe -> [2009/05/18 23:04:53 | 00,146,432 | ---- | M] () mplay32.exe -> C:\WINDOWS\System32\mplay32.exe -> [2009/05/18 23:04:35 | 00,123,392 | ---- | M] () clipbrd.exe -> C:\WINDOWS\System32\clipbrd.exe -> [2009/05/18 23:04:10 | 00,102,912 | ---- | M] () tourstart.exe -> C:\WINDOWS\System32\tourstart.exe -> [2009/05/18 22:55:59 | 00,347,136 | ---- | M] () reg.exe -> C:\WINDOWS\System32\reg.exe -> [2009/05/18 22:33:36 | 00,050,176 | ---- | M] () xcrashdump.dat -> C:\xcrashdump.dat -> [2009/05/18 21:17:48 | 00,000,166 | ---- | M] () mshta.exe -> C:\WINDOWS\System32\mshta.exe -> [2009/05/18 21:08:57 | 00,045,568 | ---- | M] (Microsoft Corporation) DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/05/18 21:06:00 | 00,007,680 | ---- | M] () rcimlby.exe -> C:\WINDOWS\System32\rcimlby.exe -> [2009/05/18 20:59:16 | 00,035,840 | ---- | M] () defrag.exe -> C:\WINDOWS\System32\defrag.exe -> [2009/05/18 20:46:11 | 00,025,088 | ---- | M] () winhlp32.exe -> C:\WINDOWS\winhlp32.exe -> [2009/05/18 20:45:31 | 00,283,648 | ---- | M] () UNWISE.EXE -> C:\WINDOWS\UNWISE.EXE -> [2009/05/18 20:45:24 | 00,149,504 | ---- | M] () twunk_32.exe -> C:\WINDOWS\twunk_32.exe -> [2009/05/18 20:45:21 | 00,025,600 | ---- | M] () TASKMAN.EXE -> C:\WINDOWS\TASKMAN.EXE -> [2009/05/18 20:45:19 | 00,015,360 | ---- | M] () setpwrcg.exe -> C:\WINDOWS\setpwrcg.exe -> [2009/05/18 20:45:15 | 00,067,728 | ---- | M] () qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/11 13:14:22 | 00,004,232 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/11 13:14:17 | 00,006,104 | ---- | M] () index.dat -> C:\Documents and Settings\Bruce\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2007/07/07 07:20:19 | 00,032,768 | ---- | M] () index.dat -> C:\Documents and Settings\Bruce\Local Settings\Temp\History\History.IE5\index.dat -> [2007/07/07 07:20:19 | 00,016,384 | ---- | M] () index.dat -> C:\Documents and Settings\Bruce\Local Settings\Temp\Cookies\index.dat -> [2007/07/07 07:20:19 | 00,016,384 | ---- | M] () ISSetup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{4659BBF6-C48D-4C4A-809A-CAFF9209D6CE}\ISSetup.dll -> [2007/03/08 04:15:00 | 00,552,214 | R--- | M] (Macrovision Corporation) ISSetup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{E13447B8-383A-42F6-A319-8EBB7DD207CF}\ISSetup.dll -> [2006/10/27 17:25:37 | 00,552,214 | R--- | M] (Macrovision Corporation) ISSetup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{5911AA60-E7DC-400B-B594-339016C8BBE2}\ISSetup.dll -> [2006/10/27 17:25:37 | 00,552,214 | R--- | M] (Macrovision Corporation) _isC3.exe -> C:\Documents and Settings\Bruce\Local Settings\Temp\_isC3.exe -> [2006/10/27 17:25:36 | 00,455,600 | R--- | M] (Macrovision Corporation) _isC0.exe -> C:\Documents and Settings\Bruce\Local Settings\Temp\_isC0.exe -> [2006/10/27 17:25:36 | 00,455,600 | R--- | M] (Macrovision Corporation) _Setup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{E13447B8-383A-42F6-A319-8EBB7DD207CF}\_Setup.dll -> [2006/10/27 17:25:36 | 00,164,784 | R--- | M] (Macrovision Corporation) _Setup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{5911AA60-E7DC-400B-B594-339016C8BBE2}\_Setup.dll -> [2006/10/27 17:25:36 | 00,164,784 | R--- | M] (Macrovision Corporation) _isC.exe -> C:\Documents and Settings\Bruce\Local Settings\Temp\_isC.exe -> [2006/05/24 19:10:00 | 00,455,600 | R--- | M] (Macrovision Corporation) _Setup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{4659BBF6-C48D-4C4A-809A-CAFF9209D6CE}\_Setup.dll -> [2006/05/17 18:21:00 | 00,385,968 | R--- | M] (Macrovision Corporation) [Alternate Data Streams] @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\reg.exe:SummaryInformation < End of report >