Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Need to enable many basic windows functions.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Need to enable many basic windows functions.

Unread postby NeedMalHelp » June 16th, 2009, 12:20 am

Thanks again!

The Jotti Online Malware Scan finished with 1 out of 20 scanners reporting Malware:
SOPHOS reported "Sus/UnkPacker"

The OTS.Txt file follows:

Code: Select all
OTS logfile created on: 6/15/2009 9:11:47 PM - Run 1
OTS by OldTimer - Version 3.0.5.3     Folder = C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\28YFV15L
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.09 Mb Total Physical Memory | 234.78 Mb Available Physical Memory | 46.03% Memory free
1.97 Gb Paging File | 1.57 Gb Available in Paging File | 79.95% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 32.46 Gb Free Space | 46.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 459.46 Gb Free Space | 98.65% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DELL_DESKOP
Current User Name: Bruce
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/05/31 15:15:20 | 01,005,904 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/05/31 15:15:21 | 00,518,488 | ---- | M] (Lavasoft)
alg.exe -> C:\WINDOWS\System32\alg.exe -> [2009/05/12 20:01:07 | 00,044,544 | ---- | M] ()
ati2evxx.exe -> C:\WINDOWS\System32\Ati2evxx.exe -> [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.)
bdagent.exe -> C:\Program Files\Softwin\BitDefender10\bdagent.exe -> [2007/03/26 14:49:46 | 00,069,632 | ---- | M] (SOFTWIN S.R.L.)
bdss.exe -> C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -> [2007/01/19 15:12:56 | 00,081,920 | ---- | M] ()
ctfmon.exe -> C:\WINDOWS\System32\ctfmon.exe -> [2009/05/12 20:00:50 | 00,015,360 | ---- | M] ()
dllhost.exe -> C:\WINDOWS\System32\dllhost.exe -> [2009/05/15 04:19:47 | 00,005,120 | ---- | M] ()
dvzincmsgr.exe -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe -> [2009/05/12 20:00:43 | 00,028,672 | ---- | M] ()
ehrecvr.exe -> C:\WINDOWS\eHome\ehRecvr.exe -> [2009/05/19 01:30:11 | 00,237,568 | ---- | M] ()
ehsched.exe -> C:\WINDOWS\eHome\ehSched.exe -> [2009/05/15 04:18:12 | 00,102,912 | ---- | M] ()
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2009/05/12 20:00:59 | 01,033,216 | ---- | M] (Microsoft Corporation)
hotsync.exe -> C:\Program Files\palmOne\Hotsync.exe -> [2009/05/12 20:00:45 | 00,468,240 | ---- | M] ()
iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -> [2009/05/15 04:18:18 | 00,086,016 | ---- | M] ()
intuitupdateservice.exe -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/06/03 22:03:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/06/03 22:03:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
livesrv.exe -> C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -> [2008/07/11 16:55:40 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.)
mcrdsvc.exe -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2009/05/15 04:19:43 | 00,099,328 | ---- | M] ()
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] ()
ots[1].exe -> C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\28YFV15L\OTS[1].exe -> [2009/06/15 21:11:23 | 00,507,392 | ---- | M] (OldTimer Tools)
quickdcf2.exe -> C:\Program Files\FinePixViewerS\QuickDCF2.exe -> [2007/01/30 12:02:28 | 00,303,104 | ---- | M] (FUJIFILM Corporation)
spoolsv.exe -> C:\WINDOWS\System32\spoolsv.exe -> [2009/05/13 22:07:40 | 00,057,856 | ---- | M] ()
sprtcmd.exe -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2004/08/10 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
vsserv.exe -> C:\Program Files\Softwin\BitDefender10\vsserv.exe -> [2007/10/24 13:16:44 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/05/12 20:02:00 | 00,227,840 | ---- | M] ()
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2004/08/10 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
xcommsvr.exe -> C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -> [2006/11/09 12:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L)
ybrwicon.exe -> C:\Program Files\Yahoo!\browser\ybrwicon.exe -> [2009/05/13 22:21:57 | 00,129,536 | ---- | M] ()
ycommon.exe -> C:\Program Files\Yahoo!\browser\ycommon.exe -> [2009/05/13 07:11:03 | 00,200,704 | ---- | M] ()
 
[Win32 Services - Safe List]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> C:\WINDOWS\System32\alg.exe -> [2009/05/12 20:01:07 | 00,044,544 | ---- | M] ()
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\Ati2evxx.exe -> [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.)
(bdss) BitDefender Scan Server [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -> [2007/01/19 15:12:56 | 00,081,920 | ---- | M] ()
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Running] -> C:\WINDOWS\System32\dllhost.exe -> [2009/05/15 04:19:47 | 00,005,120 | ---- | M] ()
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/07 15:47:46 | 00,076,848 | ---- | M] ()
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Start_Pending] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2009/05/19 01:30:11 | 00,237,568 | ---- | M] ()
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Start_Pending] -> C:\WINDOWS\eHome\ehSched.exe -> [2009/05/15 04:18:12 | 00,102,912 | ---- | M] ()
(Fax) Fax [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\fxssvc.exe -> [2009/05/12 20:01:15 | 00,267,776 | ---- | M] ()
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/10 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -> [2009/05/15 04:18:18 | 00,086,016 | ---- | M] ()
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\imapi.exe -> [2009/05/12 20:01:16 | 00,150,016 | ---- | M] ()
(IntuitUpdateService) Intuit Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/06/03 22:03:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/05/31 15:15:20 | 01,005,904 | ---- | M] (Lavasoft)
(LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -> [2008/07/11 16:55:40 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Start_Pending] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2009/05/15 04:19:43 | 00,099,328 | ---- | M] ()
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 03:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\msiexec.exe -> [2009/05/14 10:49:39 | 00,078,848 | ---- | M] ()
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\HPZipm12.exe -> [2009/05/13 07:13:10 | 00,081,920 | R--- | M] ()
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\rsvp.exe -> [2009/05/13 07:13:45 | 00,132,608 | ---- | M] ()
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\spoolsv.exe -> [2009/05/13 22:07:40 | 00,057,856 | ---- | M] ()
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.)
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\dllhost.exe -> [2009/05/15 04:19:47 | 00,005,120 | ---- | M] ()
(VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> C:\Program Files\Softwin\BitDefender10\vsserv.exe -> [2007/10/24 13:16:44 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.)
(WinDefend) Windows Defender [Win32_Own | Auto | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -> [2006/11/09 12:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L)
 
[Driver Services - Safe List]
(2WIREPCP) 2Wire USB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\2WirePCP.sys -> [2003/04/17 20:48:09 | 00,068,672 | R--- | M] (2Wire, Inc.)
(426f12d8) 426f12d8 [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\426f12d8.sys -> [2009/05/19 00:04:13 | 00,000,000 | ---- | M] ()
(AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\AFS2K.SYS -> [2004/10/07 18:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2004/08/03 22:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2005/11/29 16:43:13 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -> [2005/08/04 03:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\drvnddm.sys -> [2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -> [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\e100b325.sys -> [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\e1e5132.sys -> [2005/03/31 22:04:52 | 00,180,736 | ---- | M] (Intel Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -> [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(grmnusb) grmnusb [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\grmnusb.sys -> [2003/09/23 08:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2004/08/12 16:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2003/03/09 13:31:00 | 00,051,024 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2003/03/09 13:31:02 | 00,016,080 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2003/03/09 13:31:02 | 00,021,456 | R--- | M] (HP)
(iastor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\iastor.sys -> [2005/06/17 11:33:40 | 00,872,064 | ---- | M] (Intel Corporation)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2009/05/24 15:15:15 | 00,064,160 | ---- | M] (Lavasoft AB)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\PalmUSBD.sys -> [2004/06/09 13:37:42 | 00,016,694 | ---- | M] (PalmSource, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2004/08/03 22:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\System32\drivers\sscdbhk5.sys -> [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\System32\drivers\ssrtln.sys -> [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions)
(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\sthda.sys -> [2005/06/14 21:40:08 | 00,180,864 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnboio.sys -> [2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsncofs.sys -> [2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsndrct.sys -> [2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsndres.sys -> [2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnifs.sys -> [2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnopio.sys -> [2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnpool.sys -> [2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnudf.sys -> [2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnudfa.sys -> [2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> 
HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell4me.com/myway -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://att.yahoo.com -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> 
HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell4me.com/myway -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://att.yahoo.com -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> [2007/12/18 14:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\firefox\extensions ->  -> 
HKLM\software\mozilla\firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/06/03 22:03:04 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (698 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/12/18 14:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/06/03 22:03:02 | 00,041,368 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/06/03 22:03:04 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> [2007/12/18 14:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> [2007/12/18 14:49:22 | 00,817,936 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"2wSysTray" -> C:\Program Files\2Wire\2PortalMon.exe [C:\Program Files\2Wire\2PortalMon.exe] -> [2009/05/13 22:47:51 | 00,393,216 | ---- | M] ()
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"Ad-Watch" -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009/05/31 15:15:21 | 00,518,488 | ---- | M] (Lavasoft)
"BDAgent" -> C:\Program Files\Softwin\BitDefender10\bdagent.exe ["C:\Program Files\Softwin\BitDefender10\bdagent.exe"] -> [2007/03/26 14:49:46 | 00,069,632 | ---- | M] (SOFTWIN S.R.L.)
"dellsupportcenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter] -> [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/06/03 22:03:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ctfmon.exe" -> C:\WINDOWS\System32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> [2009/05/12 20:00:50 | 00,015,360 | ---- | M] ()
"MSMSGS" -> C:\Program Files\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] ()
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe -> [2009/05/12 20:00:43 | 00,028,672 | ---- | M] ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk -> C:\Program Files\FinePixViewerS\QuickDCF2.exe -> [2007/01/30 12:02:28 | 00,303,104 | ---- | M] (FUJIFILM Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk -> C:\Program Files\palmOne\Hotsync.exe -> [2009/05/12 20:00:45 | 00,468,240 | ---- | M] ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [2009/05/14 10:06:42 | 00,065,536 | ---- | M] ()
< Annabelle.DELL_DESKOP Startup Folder > -> C:\Documents and Settings\Annabelle.DELL_DESKOP\Start Menu\Programs\Startup -> 
< Bruce Startup Folder > -> C:\Documents and Settings\Bruce\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Michelle Startup Folder > -> C:\Documents and Settings\Michelle\Start Menu\Programs\Startup -> 
< Olivia Startup Folder > -> C:\Documents and Settings\Olivia\Start Menu\Programs\Startup -> 
< Visitor Startup Folder > -> C:\Documents and Settings\Visitor\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoFolderOptions" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoFolderOptions" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoFolderOptions" ->  [0] -> File not found
\\"NoDriveTypeAutoRun" ->  [157] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"disableregistrytools" ->  [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: AT&T Yahoo! Services] -> [2007/12/12 15:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2009/05/14 10:40:39 | 00,557,568 | ---- | M] ()
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] ()
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] ()
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] ()
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] ()
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5499 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5499 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5499 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5500 domain(s) found. -> 
turbotax.com .[https] -> Trusted sites -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\] > -> HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1194957621-4126817976-2335153994-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll [Installation Support] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [HKLM] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 172.16.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{02DBB3A0-21B7-406B-8735-83758AEB38E3}\\DhcpNameServer -> 172.16.0.1   (2Wire Gateway USB) -> 
{9AB9E80D-F409-4373-B0A1-CD3037B00D38}\\DhcpNameServer -> 172.16.0.1   (Intel(R) PRO/1000 PL Network Connection) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
c:\windows\system32\patayaru.dll -> C:\WINDOWS\System32\patayaru.dll -> File not found
c:\windows\system32\vakimotu.dll -> C:\WINDOWS\System32\vakimotu.dll -> File not found
c:\windows\system32\posuyele.dll -> C:\WINDOWS\System32\posuyele.dll -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2009/05/12 20:00:59 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\System32\userinit.exe -> [2009/05/12 20:01:35 | 00,024,576 | ---- | M] ()
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2009/05/12 20:01:18 | 00,514,560 | ---- | M] ()
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2009/05/14 10:40:39 | 00,557,568 | ---- | M] ()
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/10 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2009/05/14 10:40:39 | 00,557,568 | ---- | M] ()
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/10 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE" -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE [C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger] -> File not found
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server] -> [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2009/05/14 10:06:35 | 01,694,208 | ---- | M] ()
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" -> C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe [C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2007/03/08 01:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe [C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/04/07 14:55:54 | 03,679,784 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" -> C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2008/03/05 23:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/10/22 18:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\System32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui] -> [2009/05/12 20:01:18 | 00,514,560 | ---- | M] ()
"C:\WINDOWS\system32\lsass.exe" -> C:\WINDOWS\System32\lsass.exe [C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass] -> [2004/08/10 04:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\System32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2004/08/10 04:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/08/16 03:43:04 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell
\E\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\autorun
\E\shell\autorun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\autorun\command
\E\shell\autorun\command\\"" -> E:\CDSTART.EXE [E:\CDSTART.EXE] -> File not found
\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell
\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\AutoRun
\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\AutoRun\command
\{0aa2cd6e-2cf7-11dd-b91d-00123f774b16}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{361ac05d-0e0d-11da-9aa9-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell
\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun
\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command
\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
User's Guide.lnk -> C:\Documents and Settings\All Users\Desktop\User's Guide.lnk -> [2009/06/15 09:01:00 | 00,001,751 | ---- | C] ()
FinePixViewer S.lnk -> C:\Documents and Settings\All Users\Desktop\FinePixViewer S.lnk -> [2009/06/15 09:01:00 | 00,001,644 | ---- | C] ()
Exif Launcher S.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk -> [2009/06/15 09:00:28 | 00,000,563 | ---- | C] ()
FinePixViewerS -> C:\Program Files\FinePixViewerS -> [2009/06/15 09:00:17 | 00,000,000 | ---D | C]
settings.dat -> C:\Documents and Settings\Bruce\Desktop\settings.dat -> [2009/06/10 10:28:51 | 00,000,000 | ---- | C] ()
Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage -> [2009/06/05 18:48:26 | 00,000,000 | ---D | C]
cmd.execf -> C:\WINDOWS\System32\cmd.execf -> [2009/06/04 19:36:32 | 00,388,608 | ---- | C] ()
32788R22FWJFW -> C:\32788R22FWJFW -> [2009/06/04 19:36:25 | 00,000,000 | ---D | C]
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2009/06/03 21:57:39 | 00,001,729 | ---- | C] ()
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [2009/06/03 21:57:08 | 00,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2009/06/03 21:49:26 | 00,000,000 | -HSD | C]
RootRepeal.exe -> C:\Documents and Settings\Bruce\Desktop\RootRepeal.exe -> [2009/05/31 17:39:44 | 00,458,240 | ---- | C] ( )
HostsXpert -> C:\Documents and Settings\Bruce\My Documents\HostsXpert -> [2009/05/25 20:56:43 | 00,000,000 | ---D | C]
HostsXpert.zip -> C:\Documents and Settings\Bruce\My Documents\HostsXpert.zip -> [2009/05/25 20:55:38 | 00,353,485 | ---- | C] ()
AT&T Yahoo! for Michelle (durepos@sbcglobal.net).lnk -> C:\Documents and Settings\Bruce\Desktop\AT&T Yahoo! for Michelle (durepos@sbcglobal.net).lnk -> [2009/05/25 19:38:37 | 00,001,788 | ---- | C] ()
fixcpl.reg -> C:\Documents and Settings\Bruce\My Documents\fixcpl.reg -> [2009/05/25 10:07:47 | 00,000,496 | ---- | C] ()
Debugging Tools for Windows (x86) -> C:\Program Files\Debugging Tools for Windows (x86) -> [2009/05/25 08:29:33 | 00,000,000 | ---D | C]
lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2009/05/25 07:32:54 | 00,015,688 | ---- | C] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/05/24 15:16:12 | 00,000,472 | ---- | C] ()
Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2009/05/24 15:16:04 | 00,064,160 | ---- | C] (Lavasoft AB)
{83C91755-2546-441D-AC40-9A6B4B860800} -> C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} -> [2009/05/24 15:12:08 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/05/24 15:12:05 | 00,000,867 | ---- | C] ()
Lavasoft -> C:\Program Files\Lavasoft -> [2009/05/24 15:11:36 | 00,000,000 | ---D | C]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2009/05/24 15:11:36 | 00,000,000 | ---D | C]
Bitdefender -> C:\Documents and Settings\Bruce\Application Data\Bitdefender -> [2009/05/24 14:34:16 | 00,000,000 | ---D | C]
bdod.bin -> C:\WINDOWS\System32\bdod.bin -> [2009/05/24 11:00:56 | 00,081,984 | ---- | C] ()
BitDefender Free Edition v10.lnk -> C:\Documents and Settings\All Users\Desktop\BitDefender Free Edition v10.lnk -> [2009/05/24 10:55:21 | 00,001,795 | ---- | C] ()
BitDefender -> C:\Documents and Settings\All Users\Application Data\BitDefender -> [2009/05/24 10:54:54 | 00,000,000 | ---D | C]
Softwin -> C:\Program Files\Softwin -> [2009/05/24 10:54:53 | 00,000,000 | ---D | C]
Softwin -> C:\Program Files\Common Files\Softwin -> [2009/05/24 10:52:30 | 00,000,000 | ---D | C]
pss -> C:\WINDOWS\pss -> [2009/05/23 22:56:29 | 00,000,000 | ---D | C]
Recent -> C:\Documents and Settings\Bruce\Recent -> [2009/05/23 21:53:22 | 00,000,000 | RH-D | C]
CCleaner.lnk -> C:\Documents and Settings\Bruce\Desktop\CCleaner.lnk -> [2009/05/23 19:31:35 | 00,001,548 | ---- | C] ()
CCleaner -> C:\Program Files\CCleaner -> [2009/05/23 19:31:31 | 00,000,000 | ---D | C]
Uniblue -> C:\Documents and Settings\Bruce\Application Data\Uniblue -> [2009/05/23 15:48:51 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/05/20 07:20:48 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Bruce\Application Data\Malwarebytes -> [2009/05/19 20:23:17 | 00,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/05/19 20:23:09 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/05/19 20:23:09 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/05/19 20:23:06 | 00,040,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/05/19 20:23:05 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/05/19 20:23:04 | 00,000,000 | ---D | C]
procexp.exe -> C:\Documents and Settings\Bruce\Desktop\procexp.exe -> [2009/05/19 19:29:05 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com)
Utilities -> C:\Utilities -> [2009/05/19 19:28:33 | 00,000,000 | ---D | C]
Windows Defender -> C:\Program Files\Windows Defender -> [2009/05/19 07:15:54 | 00,000,000 | ---D | C]
hiberfil.sys -> C:\hiberfil.sys -> [2009/05/19 07:03:54 | 53,494,1696 | -HS- | C] ()
426f12d8.sys -> C:\WINDOWS\System32\drivers\426f12d8.sys -> [2009/05/12 13:31:22 | 00,000,000 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2007/05/28 15:09:50 | 00,000,002 | ---- | C] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2007/03/31 14:17:59 | 00,000,214 | ---- | C] ()
xreglib.dll -> C:\WINDOWS\System32\xreglib.dll -> [2007/01/31 13:50:32 | 00,913,408 | ---- | C] ()
EAC7C21228.sys -> C:\WINDOWS\System32\EAC7C21228.sys -> [2006/05/05 07:50:19 | 00,000,056 | RHS- | C] ()
mdm.ini -> C:\WINDOWS\mdm.ini -> [2006/03/12 20:02:24 | 00,000,063 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/01/08 09:44:34 | 00,000,376 | ---- | C] ()
YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2005/12/11 16:24:00 | 00,065,536 | ---- | C] ()
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2005/12/11 15:50:29 | 00,004,392 | -HS- | C] ()
7BE1B12C1D.sys -> C:\WINDOWS\System32\7BE1B12C1D.sys -> [2005/12/11 15:50:29 | 00,000,056 | RHS- | C] ()
hpotscl.dll -> C:\WINDOWS\System32\hpotscl.dll -> [2005/12/11 15:26:07 | 00,561,152 | R--- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005/11/29 16:53:17 | 00,000,061 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/11/29 16:45:07 | 00,004,178 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/11/29 16:20:48 | 00,000,387 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/08/16 03:37:24 | 00,001,793 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2005/08/16 03:18:43 | 00,000,709 | ---- | C] ()
SYSTEM.INI -> C:\WINDOWS\SYSTEM.INI -> [2005/08/16 03:18:41 | 00,000,231 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 13:01:54 | 00,235,008 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/04/09 16:04:54 | 00,000,000 | ---- | C] ()
patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2003/07/14 12:30:28 | 00,197,120 | ---- | C] ()
MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 11:46:58 | 00,065,536 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
34 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> 
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
44 C:\Documents and Settings\Bruce\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Bruce\Local Settings\Temp\*.tmp -> 
128 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
bdod.bin -> C:\WINDOWS\System32\bdod.bin -> [2009/06/15 19:58:58 | 00,081,984 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/06/15 15:15:24 | 00,000,472 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/06/15 11:54:03 | 00,000,284 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/06/15 09:05:41 | 00,002,206 | ---- | M] ()
Perflib_Perfdata_5e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat -> [2009/06/15 09:03:39 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/06/15 09:03:26 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/06/15 09:03:24 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/06/15 09:03:22 | 53,494,1696 | -HS- | M] ()
ntuser.dat -> C:\Documents and Settings\Bruce\ntuser.dat -> [2009/06/15 09:02:41 | 06,815,744 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Bruce\ntuser.ini -> [2009/06/15 09:02:09 | 00,000,278 | -HS- | M] ()
User's Guide.lnk -> C:\Documents and Settings\All Users\Desktop\User's Guide.lnk -> [2009/06/15 09:01:00 | 00,001,751 | ---- | M] ()
FinePixViewer S.lnk -> C:\Documents and Settings\All Users\Desktop\FinePixViewer S.lnk -> [2009/06/15 09:01:00 | 00,001,644 | ---- | M] ()
Exif Launcher S.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk -> [2009/06/15 09:00:28 | 00,000,563 | ---- | M] ()
settings.dat -> C:\Documents and Settings\Bruce\Desktop\settings.dat -> [2009/06/10 10:28:51 | 00,000,000 | ---- | M] ()
RootRepeal.exe -> C:\Documents and Settings\Bruce\Desktop\RootRepeal.exe -> [2009/06/10 10:28:06 | 00,458,240 | ---- | M] ( )
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009/06/06 13:10:10 | 00,002,137 | ---- | M] ()
cmd.execf -> C:\WINDOWS\System32\cmd.execf -> [2009/06/04 19:36:32 | 00,388,608 | ---- | M] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2009/06/03 21:57:39 | 00,001,729 | ---- | M] ()
lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2009/05/31 15:16:01 | 00,015,688 | ---- | M] ()
hpfr3420.xml -> C:\hpfr3420.xml -> [2009/05/30 15:08:39 | 00,000,522 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation)
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/05/25 20:58:29 | 00,000,698 | R--- | M] ()
HostsXpert.zip -> C:\Documents and Settings\Bruce\My Documents\HostsXpert.zip -> [2009/05/25 20:55:41 | 00,353,485 | ---- | M] ()
AT&T Yahoo! for Michelle (durepos@sbcglobal.net).lnk -> C:\Documents and Settings\Bruce\Desktop\AT&T Yahoo! for Michelle (durepos@sbcglobal.net).lnk -> [2009/05/25 19:38:37 | 00,001,788 | ---- | M] ()
fixcpl.reg -> C:\Documents and Settings\Bruce\My Documents\fixcpl.reg -> [2009/05/25 10:07:51 | 00,000,496 | ---- | M] ()
Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2009/05/24 15:15:15 | 00,064,160 | ---- | M] (Lavasoft AB)
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/05/24 15:12:05 | 00,000,867 | ---- | M] ()
Perflib_Perfdata_1f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f4.dat -> [2009/05/24 14:19:57 | 00,016,384 | ---- | M] ()
BitDefender Free Edition v10.lnk -> C:\Documents and Settings\All Users\Desktop\BitDefender Free Edition v10.lnk -> [2009/05/24 10:55:21 | 00,001,795 | ---- | M] ()
CCleaner.lnk -> C:\Documents and Settings\Bruce\Desktop\CCleaner.lnk -> [2009/05/23 19:31:35 | 00,001,548 | ---- | M] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/05/23 11:53:53 | 00,004,178 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Bruce\Local Settings\Application Data\IconCache.db -> [2009/05/20 20:38:08 | 03,267,502 | -H-- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/05/19 20:23:09 | 00,000,696 | ---- | M] ()
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/05/19 19:27:34 | 00,081,920 | ---- | M] ()
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2009/05/19 19:27:34 | 00,032,768 | ---- | M] ()
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2009/05/19 19:27:34 | 00,032,768 | ---- | M] ()
426f12d8.sys -> C:\WINDOWS\System32\drivers\426f12d8.sys -> [2009/05/19 00:04:13 | 00,000,000 | ---- | M] ()
hosts.20090520-194324.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20090520-194324.backup -> [2009/05/18 23:18:42 | 00,000,003 | ---- | M] ()
regedit.exe -> C:\WINDOWS\regedit.exe -> [2009/05/18 23:04:53 | 00,146,432 | ---- | M] ()
mplay32.exe -> C:\WINDOWS\System32\mplay32.exe -> [2009/05/18 23:04:35 | 00,123,392 | ---- | M] ()
clipbrd.exe -> C:\WINDOWS\System32\clipbrd.exe -> [2009/05/18 23:04:10 | 00,102,912 | ---- | M] ()
tourstart.exe -> C:\WINDOWS\System32\tourstart.exe -> [2009/05/18 22:55:59 | 00,347,136 | ---- | M] ()
reg.exe -> C:\WINDOWS\System32\reg.exe -> [2009/05/18 22:33:36 | 00,050,176 | ---- | M] ()
xcrashdump.dat -> C:\xcrashdump.dat -> [2009/05/18 21:17:48 | 00,000,166 | ---- | M] ()
mshta.exe -> C:\WINDOWS\System32\mshta.exe -> [2009/05/18 21:08:57 | 00,045,568 | ---- | M] (Microsoft Corporation)
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/05/18 21:06:00 | 00,007,680 | ---- | M] ()
rcimlby.exe -> C:\WINDOWS\System32\rcimlby.exe -> [2009/05/18 20:59:16 | 00,035,840 | ---- | M] ()
defrag.exe -> C:\WINDOWS\System32\defrag.exe -> [2009/05/18 20:46:11 | 00,025,088 | ---- | M] ()
winhlp32.exe -> C:\WINDOWS\winhlp32.exe -> [2009/05/18 20:45:31 | 00,283,648 | ---- | M] ()
UNWISE.EXE -> C:\WINDOWS\UNWISE.EXE -> [2009/05/18 20:45:24 | 00,149,504 | ---- | M] ()
twunk_32.exe -> C:\WINDOWS\twunk_32.exe -> [2009/05/18 20:45:21 | 00,025,600 | ---- | M] ()
TASKMAN.EXE -> C:\WINDOWS\TASKMAN.EXE -> [2009/05/18 20:45:19 | 00,015,360 | ---- | M] ()
setpwrcg.exe -> C:\WINDOWS\setpwrcg.exe -> [2009/05/18 20:45:15 | 00,067,728 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/11 13:14:22 | 00,004,232 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/11 13:14:17 | 00,006,104 | ---- | M] ()
index.dat -> C:\Documents and Settings\Bruce\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2007/07/07 07:20:19 | 00,032,768 | ---- | M] ()
index.dat -> C:\Documents and Settings\Bruce\Local Settings\Temp\History\History.IE5\index.dat -> [2007/07/07 07:20:19 | 00,016,384 | ---- | M] ()
index.dat -> C:\Documents and Settings\Bruce\Local Settings\Temp\Cookies\index.dat -> [2007/07/07 07:20:19 | 00,016,384 | ---- | M] ()
ISSetup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{4659BBF6-C48D-4C4A-809A-CAFF9209D6CE}\ISSetup.dll -> [2007/03/08 04:15:00 | 00,552,214 | R--- | M] (Macrovision Corporation)
ISSetup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{E13447B8-383A-42F6-A319-8EBB7DD207CF}\ISSetup.dll -> [2006/10/27 17:25:37 | 00,552,214 | R--- | M] (Macrovision Corporation)
ISSetup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{5911AA60-E7DC-400B-B594-339016C8BBE2}\ISSetup.dll -> [2006/10/27 17:25:37 | 00,552,214 | R--- | M] (Macrovision Corporation)
_isC3.exe -> C:\Documents and Settings\Bruce\Local Settings\Temp\_isC3.exe -> [2006/10/27 17:25:36 | 00,455,600 | R--- | M] (Macrovision Corporation)
_isC0.exe -> C:\Documents and Settings\Bruce\Local Settings\Temp\_isC0.exe -> [2006/10/27 17:25:36 | 00,455,600 | R--- | M] (Macrovision Corporation)
_Setup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{E13447B8-383A-42F6-A319-8EBB7DD207CF}\_Setup.dll -> [2006/10/27 17:25:36 | 00,164,784 | R--- | M] (Macrovision Corporation)
_Setup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{5911AA60-E7DC-400B-B594-339016C8BBE2}\_Setup.dll -> [2006/10/27 17:25:36 | 00,164,784 | R--- | M] (Macrovision Corporation)
_isC.exe -> C:\Documents and Settings\Bruce\Local Settings\Temp\_isC.exe -> [2006/05/24 19:10:00 | 00,455,600 | R--- | M] (Macrovision Corporation)
_Setup.dll -> C:\Documents and Settings\Bruce\Local Settings\Temp\{4659BBF6-C48D-4C4A-809A-CAFF9209D6CE}\_Setup.dll -> [2006/05/17 18:21:00 | 00,385,968 | R--- | M] (Macrovision Corporation)
 
[Alternate Data Streams]
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\reg.exe:SummaryInformation
< End of report >
NeedMalHelp
Active Member
 
Posts: 10
Joined: May 25th, 2009, 11:41 pm
Top
Advertisement
Register to Remove

Re: Need to enable many basic windows functions.

Unread postby Wi[k]! » June 16th, 2009, 11:32 am

Click on start > run > type in: gpedit.msc and press enter.
Click on User Configuration > expand Administrative Templates > click on System to highlight it.
Then right click on System while it is highlighted and click export list. Save it to a convenient place and post in your next reply.
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am
Top

Re: Need to enable many basic windows functions.

Unread postby NeedMalHelp » June 21st, 2009, 11:03 pm

Like most commands that I have tried through the Start/Run menu, there is no response.

Also, I am starting to see more activity on my Process Explorer screen of the Ehrec.exe program (just and FYI).

Thanks!
NeedMalHelp
Active Member
 
Posts: 10
Joined: May 25th, 2009, 11:41 pm
Top

Re: Need to enable many basic windows functions.

Unread postby Wi[k]! » June 22nd, 2009, 2:01 pm

Hello,

Download the file here and save it to your Desktop. Double click on the file to run it and after running it see if you can use the task manager, regedit or other prompts through the run menu.

Next:

Malwarebytes have released a very big update, so update the program once again and run another scan. If it finds anything and you are unable to open the log, manually type what the program is finding.

Next:

  • Please download TFC to your desktop
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
--------------------------------------------------

Delete any copies of combofix you may have downloaded. Download a new copy from here

Now, disable every security program you have so they do not interfere with combofix. In your case disable: Bitdefender, windows defender, Ad-Aware. Instructions on disabling these type of programs can be found in this topic

Then after making sure they are disabled, double click on combofix and follow the prompts on screen.
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am
Top

Re: Need to enable many basic windows functions.

Unread postby NonSuch » June 30th, 2009, 7:59 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 137 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index