redirected to fake AV scan. Mother f-

View previous topic View next topic Go down

redirected to fake AV scan. Mother f-

Post by Aprius on Sun Feb 28, 2010 8:02 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:29 PM, on 2/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Help\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Slawdog Smart Shutdown] C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11498 bytes


[You must be registered and logged in to see this link.]

Aprius
Intermediate
Intermediate

Posts Posts : 90
Joined Joined : 2009-11-10
Gender Gender : Male
OS OS : Windows 7 64Bit
Protection Protection : Hijack This!, Ccleaner, MalwareBytes,Avast!
Points Points : 26372
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirected to fake AV scan. Mother f-

Post by Belahzur on Sun Feb 28, 2010 8:27 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: redirected to fake AV scan. Mother f-

Post by Aprius on Sun Feb 28, 2010 11:36 pm

OTL logfile created on: 2/28/2010 11:28:45 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Pat\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 431.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 5.77 Gb Free Space | 10.94% Space Free | Partition Type: NTFS
Drive D: | 17.69 Gb Total Space | 17.62 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
Drive E: | 574.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 699.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 633.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: DGB02PB1
Current User Name: Pat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/28 23:27:15 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pat\My Documents\Downloads\OTL.exe
PRC - [2010/02/21 20:09:37 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Pat\Desktop\uTorrent.exe
PRC - [2010/02/18 17:57:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/14 19:04:10 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/30 06:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/05/21 21:54:18 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/15 18:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/11/15 18:42:22 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/09/20 08:32:16 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/09/09 05:50:27 | 000,446,464 | ---- | M] (Slawdog E-Solutions, Inc.) -- C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/28 23:27:15 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pat\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/28 05:59:26 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3647.dll -- (Akamai)
SRV - [2010/01/06 11:58:00 | 003,482,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/12/01 19:43:02 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2003/12/17 13:59:48 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 21:55:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/11 12:39:37 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/03/19 15:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/05 22:59:00 | 000,036,864 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/01 06:32:21 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/11/01 06:32:20 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/11/01 06:32:20 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/03/29 02:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/20 09:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/14 17:13:14 | 000,104,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/22 17:08:40 | 000,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/02/02 04:33:18 | 000,026,752 | R--- | M] (IC Plus Corp. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/10 14:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&btnG=Google+Search"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.11.6
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:1.3.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/20 17:27:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 17:58:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 17:58:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/01/29 21:31:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/01/29 21:30:49 | 000,000,000 | ---D | M]

[2009/11/11 15:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\Mozilla\Extensions
[2010/02/28 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\g5azpq5e.default\extensions
[2009/11/15 00:34:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\g5azpq5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/21 18:40:58 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\g5azpq5e.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/01/21 18:45:22 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\g5azpq5e.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010/01/21 18:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\g5azpq5e.default\extensions\piclens@cooliris.com
[2010/02/28 22:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/12/11 15:49:28 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/01/03 19:11:16 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BigSeekPro Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Pat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe File not found
O4 - HKCU..\Run: [Slawdog Smart Shutdown] C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe (Slawdog E-Solutions, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Pat\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: download.com ([]https in Trusted sites)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} [You must be registered and logged in to see this link.] (CBSTIEPrint Class)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} [You must be registered and logged in to see this link.] (FujifilmUploader Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} [You must be registered and logged in to see this link.] (Pixami Drag/Drop Upload UI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.154.1.67 24.154.1.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Pat\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pat\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/30 20:04:20 | 000,434,176 | R--- | M] (Microsoft Corp.) - E:\AUTOCO_1.EXE -- [ CDFS ]
O32 - AutoRun File - [2002/09/21 17:07:56 | 000,000,214 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/09/24 11:18:36 | 000,000,194 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1999/06/28 11:51:54 | 000,155,703 | R--- | M] () - H:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1998/05/13 11:58:42 | 000,000,049 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0223f382-8c97-11dd-a37e-00167680f7d3}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{48f86784-d96e-11de-a418-0008a1c353df}\Shell - "" = AutoRun
O33 - MountPoints2\{48f86784-d96e-11de-a418-0008a1c353df}\Shell\addons\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{48f86784-d96e-11de-a418-0008a1c353df}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{48f86784-d96e-11de-a418-0008a1c353df}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2002/10/17 23:38:02 | 000,614,458 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48f86784-d96e-11de-a418-0008a1c353df}\Shell\setup\command - "" = F:\SETUP.EXE -- [2002/10/17 23:38:02 | 000,614,458 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5fa2b816-3d33-11db-a272-00167680f7d3}\Shell - "" = AutoRun
O33 - MountPoints2\{5fa2b816-3d33-11db-a272-00167680f7d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5fa2b816-3d33-11db-a272-00167680f7d3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{be96ae02-eece-11db-a2b2-00167680f7d3}\Shell - "" = AutoRun
O33 - MountPoints2\{be96ae02-eece-11db-a2b2-00167680f7d3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be96ae02-eece-11db-a2b2-00167680f7d3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 21:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Desktop\THOUSAND FOOT KRUTCH - DISCOGRAPHY [CHANNEL NEO]
[2010/02/28 18:15:59 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/02/28 03:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Desktop\RP
[2010/02/28 00:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Desktop\mc
[2010/02/27 17:06:30 | 001,347,584 | ---- | C] (CheatHappens) -- C:\Documents and Settings\Pat\Desktop\Mechwarriors 4 Mercenaries MekTek Promo Trainer.exe
[2010/02/25 22:08:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pat\Recent
[2010/02/25 19:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Desktop\3pg
[2010/02/24 23:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Local Settings\Application Data\Temp
[2010/02/22 17:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/02/22 17:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Application Data\SystemRequirementsLab
[2010/02/21 02:21:29 | 001,818,678 | ---- | C] (Silicon Valley Software) -- C:\Documents and Settings\Pat\Desktop\Anim8or.exe
[2010/02/21 02:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Makehuman
[2010/02/20 23:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Application Data\gtk-2.0
[2010/02/20 23:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\.thumbnails
[2010/02/20 23:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\.gimp-2.6
[2010/02/20 23:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\My Documents\gegl-0.0
[2010/02/20 23:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/02/20 22:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/02/19 22:51:43 | 000,000,000 | ---D | C] -- C:\FALCOM
[2010/02/19 22:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Application Data\FALCOM
[2010/02/19 22:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Desktop\YSf
[2010/02/18 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Eufloria
[2010/02/17 17:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Local Settings\Application Data\TechSmith
[2010/02/17 17:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/02/17 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/15 16:15:44 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2010/02/15 16:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010/02/15 13:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/02/14 17:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/02/14 16:32:23 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/02/14 16:32:23 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/02/14 16:32:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/02/10 23:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\psx emulation cheater
[2010/02/10 00:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Application Data\fltk.org
[2010/02/09 20:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\NovaLogic
[2010/02/07 22:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\Desktop\Roms
[2010/02/07 22:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2010/02/07 18:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Utherverse Digital Inc
[2010/02/07 12:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\GALA-NET
[2010/02/06 22:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\SnailWeb
[2010/02/06 22:09:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Temp
[2010/02/06 21:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\AOA
[2010/02/06 15:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat\My Documents\RanOnline
[2010/02/06 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Min Communications
[2010/02/02 20:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hero Editor
[2010/02/02 20:19:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/02/02 20:19:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/01/31 18:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2010/01/29 23:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microprose
[2009/11/13 23:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/09/23 20:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2008/03/05 09:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/14 20:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/30 21:27:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/09/04 13:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/31 20:33:54 | 000,092,672 | ---- | C] ( ) -- C:\WINDOWS\System32\DVDRead.dll
[2004/08/10 13:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 12:57:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/28 23:22:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/28 23:05:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3374271169-819670458-1283874064-1007UA.job
[2010/02/28 23:05:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3374271169-819670458-1283874064-1007Core.job
[2010/02/28 22:36:33 | 009,096,037 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\06 Rammstein - Amerika.mp3
[2010/02/28 22:35:39 | 000,008,428 | -HS- | M] () -- C:\Documents and Settings\Pat\Desktop\Folder.jpg
[2010/02/28 22:35:39 | 000,008,428 | -HS- | M] () -- C:\Documents and Settings\Pat\Desktop\AlbumArt_{A789DAF1-6557-4A20-B6FD-F9253FDD3439}_Large.jpg
[2010/02/28 22:35:39 | 000,002,229 | -HS- | M] () -- C:\Documents and Settings\Pat\Desktop\AlbumArtSmall.jpg
[2010/02/28 22:35:39 | 000,002,229 | -HS- | M] () -- C:\Documents and Settings\Pat\Desktop\AlbumArt_{A789DAF1-6557-4A20-B6FD-F9253FDD3439}_Small.jpg
[2010/02/28 19:46:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/28 19:45:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 19:45:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 19:43:44 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Pat\ntuser.dat
[2010/02/28 19:43:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Pat\ntuser.ini
[2010/02/28 19:43:32 | 002,112,246 | -H-- | M] () -- C:\Documents and Settings\Pat\Local Settings\Application Data\IconCache.db
[2010/02/28 19:43:11 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\MechCommander 2.lnk
[2010/02/28 18:23:39 | 000,000,258 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/02/28 01:50:08 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\cm-mc2tr.lnk
[2010/02/27 21:05:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/26 22:21:28 | 000,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2010/02/25 22:25:07 | 000,041,355 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\yoshij.jpg
[2010/02/24 23:01:10 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\Google Chrome.lnk
[2010/02/24 18:00:23 | 000,000,684 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/23 16:22:50 | 000,013,456 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\yoshi.jpg
[2010/02/22 17:19:21 | 000,004,192 | ---- | M] () -- C:\Documents and Settings\Pat\.recently-used.xbel
[2010/02/21 21:11:42 | 000,089,686 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\Vulture.jpg
[2010/02/21 20:09:37 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Pat\Desktop\uTorrent.exe
[2010/02/21 19:49:13 | 000,052,767 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\3143029f[1].gif
[2010/02/21 19:44:19 | 000,036,714 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\3136306f[1].gif
[2010/02/21 02:10:48 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\Makehuman.lnk
[2010/02/21 01:59:23 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk
[2010/02/20 23:39:58 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/02/20 22:13:04 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2010/02/20 22:06:24 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\CCleaner.lnk
[2010/02/20 21:57:44 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\Jing.lnk
[2010/02/19 23:11:35 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\YsF.lnk
[2010/02/19 23:11:35 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\YsF Setup.lnk
[2010/02/19 22:57:13 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\YsF ݒ.lnk
[2010/02/18 21:29:40 | 000,037,332 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\2010-02-18_2129.png
[2010/02/18 19:19:54 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Eufloria.lnk
[2010/02/18 00:01:36 | 160,789,766 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\Resident Evil Survivor [U] [SLUS-01087].rar
[2010/02/15 16:16:12 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Pat\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/02/15 16:16:12 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\MagicDisc.lnk
[2010/02/15 13:44:01 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\MagicISO.lnk
[2010/02/09 20:10:49 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\Delta Force Black Hawk Down.lnk
[2010/02/09 17:08:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
[2010/02/09 17:07:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/02/05 18:04:43 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Pat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 20:19:51 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/02/02 20:19:49 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/02/01 19:31:58 | 000,089,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Pat\MSSSerif120.fon
[2010/01/31 22:01:03 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/01/31 22:01:03 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/01/31 22:01:03 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/01/31 19:02:50 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\Pat\My Documents\Diablo II.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 22:22:36 | 000,008,428 | -HS- | C] () -- C:\Documents and Settings\Pat\Desktop\Folder.jpg
[2010/02/28 22:22:36 | 000,008,428 | -HS- | C] () -- C:\Documents and Settings\Pat\Desktop\AlbumArt_{A789DAF1-6557-4A20-B6FD-F9253FDD3439}_Large.jpg
[2010/02/28 22:22:36 | 000,002,229 | -HS- | C] () -- C:\Documents and Settings\Pat\Desktop\AlbumArtSmall.jpg
[2010/02/28 22:22:36 | 000,002,229 | -HS- | C] () -- C:\Documents and Settings\Pat\Desktop\AlbumArt_{A789DAF1-6557-4A20-B6FD-F9253FDD3439}_Small.jpg
[2010/02/28 19:43:11 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\MechCommander 2.lnk
[2010/02/28 01:49:29 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\cm-mc2tr.lnk
[2010/02/26 22:21:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2010/02/26 15:21:22 | 009,096,037 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\06 Rammstein - Amerika.mp3
[2010/02/25 22:25:07 | 000,041,355 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\yoshij.jpg
[2010/02/24 23:01:10 | 000,002,268 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\Google Chrome.lnk
[2010/02/24 23:00:12 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3374271169-819670458-1283874064-1007UA.job
[2010/02/24 23:00:12 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3374271169-819670458-1283874064-1007Core.job
[2010/02/23 16:22:49 | 000,013,456 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\yoshi.jpg
[2010/02/22 17:19:21 | 000,004,192 | ---- | C] () -- C:\Documents and Settings\Pat\.recently-used.xbel
[2010/02/21 21:11:37 | 000,089,686 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\Vulture.jpg
[2010/02/21 19:49:27 | 000,052,767 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\3143029f[1].gif
[2010/02/21 19:45:02 | 000,036,714 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\3136306f[1].gif
[2010/02/21 02:10:48 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\Makehuman.lnk
[2010/02/21 01:59:23 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk
[2010/02/20 23:39:58 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/02/20 22:13:04 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2010/02/19 23:11:35 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\YsF Setup.lnk
[2010/02/19 22:57:13 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\YsF ݒ.lnk
[2010/02/19 22:57:13 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\YsF.lnk
[2010/02/18 21:29:40 | 000,037,332 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\2010-02-18_2129.png
[2010/02/18 19:19:54 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Eufloria.lnk
[2010/02/17 23:50:46 | 160,789,766 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\Resident Evil Survivor [U] [SLUS-01087].rar
[2010/02/17 17:21:06 | 000,002,375 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\Jing.lnk
[2010/02/15 16:16:12 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Pat\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/02/15 16:16:12 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\MagicDisc.lnk
[2010/02/15 13:44:01 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\MagicISO.lnk
[2010/02/09 20:10:49 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\Delta Force Black Hawk Down.lnk
[2010/02/09 17:08:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
[2010/02/09 17:07:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/01/31 19:03:56 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/01/31 19:03:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/01/31 19:03:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/01/31 19:02:50 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\Pat\My Documents\Diablo II.lnk
[2010/01/03 18:27:16 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/22 18:59:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/12/20 00:25:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/12/03 22:44:06 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/11/25 15:29:52 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/24 21:52:00 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/16 00:32:19 | 000,751,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/16 00:25:52 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Pat\Application Data\PnkBstrK.sys
[2009/11/16 00:19:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2009/11/14 17:08:58 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/11/08 19:56:18 | 000,000,033 | ---- | C] () -- C:\WINDOWS\EasyRip.ini
[2008/12/28 16:30:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\123Movies2IPOD.INI
[2008/03/09 23:38:55 | 000,003,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/25 18:34:23 | 000,001,269 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/30 17:46:59 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DRAGDR~1.INI
[2007/03/30 21:24:22 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/03/30 20:56:05 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Pat\Application Data\$_hpcst$.hpc
[2007/03/23 05:07:29 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/18 18:48:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/03/01 18:53:42 | 000,012,832 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/29 19:25:33 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Pat\Application Data\dvd.bmk
[2006/09/15 20:27:58 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2006/09/08 20:07:57 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Pat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/07 19:29:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/09/06 18:03:46 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8C86B7F25A.sys
[2006/09/06 18:03:45 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/05 18:13:47 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2006/09/04 14:01:26 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Pat\Application Data\wklnhst.dat
[2006/09/04 13:41:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/04 13:36:18 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Pat\Local Settings\Application Data\fusioncache.dat
[2006/08/25 15:58:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/25 15:51:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/25 15:45:04 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/25 15:39:34 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/25 15:09:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/08/25 15:09:40 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Unicode (All) ==========
[2009/12/31 22:04:02 | 000,000,000 | ---D | M](C:\Documents and Settings\Pat\My Documents\?????) -- C:\Documents and Settings\Pat\My Documents\跑跑卡丁车
[2009/12/31 22:04:02 | 000,000,000 | ---D | C](C:\Documents and Settings\Pat\My Documents\?????) -- C:\Documents and Settings\Pat\My Documents\跑跑卡丁车
< End of report >


[You must be registered and logged in to see this link.]

Aprius
Intermediate
Intermediate

Posts Posts : 90
Joined Joined : 2009-11-10
Gender Gender : Male
OS OS : Windows 7 64Bit
Protection Protection : Hijack This!, Ccleaner, MalwareBytes,Avast!
Points Points : 26372
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirected to fake AV scan. Mother f-

Post by Belahzur on Mon Mar 01, 2010 5:32 pm

Hello.

How is the machine running now? the logs look okay.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: redirected to fake AV scan. Mother f-

Post by Aprius on Mon Mar 01, 2010 8:25 pm

I'm not sure. It did it once or twice since I posted it, but I figured something was causing it. Granted, It's not doing it, I was just makin' sure. Sorry for troubling you Bel.


[You must be registered and logged in to see this link.]

Aprius
Intermediate
Intermediate

Posts Posts : 90
Joined Joined : 2009-11-10
Gender Gender : Male
OS OS : Windows 7 64Bit
Protection Protection : Hijack This!, Ccleaner, MalwareBytes,Avast!
Points Points : 26372
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirected to fake AV scan. Mother f-

Post by Belahzur on Tue Mar 02, 2010 8:45 am

No problem, let me know if it comes back.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum