OTListIt OTListIt logfile created on: 12/31/2008 4:31:50 PM - Run OTListIt2 by OldTimer - Version 1.0.1.1 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.53 Mb Total Physical Memory | 119.95 Mb Available Physical Memory | 46.94% Memory free 616.68 Mb Paging File | 492.09 Mb Available in Paging File | 79.80% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.85 Gb Total Space | 4.56 Gb Free Space | 13.89% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 216.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-318RUQZ03Z Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2001/08/16 19:15:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe [2008/12/21 20:29:05 | 03,080,704 | -HS- | M] () -- C:\Documents and Settings\Owner\nview.exe [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rundll32.exe [2008/12/31 16:30:12 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe ========== (O23) Win32 Services (SafeList) ========== [2003/04/16 22:14:00 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007/03/19 19:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped]) [2007/04/13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2007/04/13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/10/06 09:18:06 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped]) [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) File not found -- -- (NMIndexingService [On_Demand | Stopped]) [2001/08/16 19:15:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2003/10/22 09:19:22 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped]) File not found -- -- (Potcedewgrf [Disabled | Stopped]) [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== [2001/08/17 13:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running]) [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\amdagp.sys -- (amdagp [boot | Running]) [2008/04/13 12:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\dot4.sys -- (Dot4 [On_Demand | Stopped]) [2001/08/17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped]) [2003/07/21 03:01:04 | 00,016,800 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\drivers\Hppaufd0.sys -- (dot4ufd [On_Demand | Stopped]) [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum [On_Demand | Running]) [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2001/08/08 07:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x [On_Demand | Stopped]) [2001/08/08 07:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped]) [2001/08/08 07:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped]) [2001/08/08 07:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped]) [2001/08/08 07:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped]) [2001/08/08 07:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped]) [2001/08/08 07:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped]) [2001/08/08 07:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped]) [2001/08/08 07:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped]) [2001/08/08 07:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped]) [2001/08/17 13:05:44 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\Icam3.sys -- (ICAM3NT5 [On_Demand | Stopped]) [2003/03/31 13:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running]) [2007/11/02 13:36:10 | 00,018,176 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\drivers\motccgp.sys -- (motccgp [On_Demand | Stopped]) [2007/01/23 18:03:44 | 00,007,680 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\drivers\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped]) [2007/06/18 13:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped]) [2007/06/18 13:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\drivers\motport.sys -- (motport [On_Demand | Stopped]) [2001/08/17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) [2004/02/09 11:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\SYSTEM32\drivers\NetMotCM.sys -- (ndiscm [On_Demand | Stopped]) [2001/08/16 19:15:00 | 00,818,873 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv4 [On_Demand | Running]) [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\SYSTEM32\drivers\pavboot.sys -- (pavboot [boot | Running]) [2001/06/04 08:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2 [On_Demand | Running]) [2001/08/17 14:49:58 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/07/26 17:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2001/08/17 14:57:38 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running]) [2004/08/03 23:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped]) [2001/08/07 11:07:20 | 00,109,664 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB [On_Demand | Stopped]) [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) [2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/ HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = file://C:/HP/REGION/start.html HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = file://C:/HP/REGION/start.html HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/ HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKU\S-1-5-21-670770235-2681017343-4103935507-1003\S-1-5-21-670770235-2681017343-4103935507-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-670770235-2681017343-4103935507-1003\S-1-5-21-670770235-2681017343-4103935507-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [Computer Alarm Clock] File not found O4 - HKLM..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe () O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe () O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe () O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 14:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: www.pandasecurity.com (http in Trusted sites) O15 - HKCU\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\..Trusted Sites: www.pandasecurity.com (http in Trusted sites) O15 - HKU\S-1-5-21-670770235-2681017343-4103935507-1003\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1175931880888 (WUWebControl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1175974085015 (MUWebControl Class) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamespyarcade.com/software/launch/alaunch.cab (GSDACtl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (Java Plug-in 1.6.0_01) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2001/08/29 03:48:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{111203cb-5797-11dc-86f9-00e01834e7b5}\Shell\Auto\command] "" = G:\Start.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{111203cb-5797-11dc-86f9-00e01834e7b5}\Shell\AutoRun] "" = Auto&Play ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2008/12/31 16:30:11 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe [2008/12/31 11:31:03 | 00,000,000 | ---D | C] -- C:\_OTMoveIt [2008/12/31 11:29:39 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe [2008/12/26 11:05:21 | 00,001,299 | ---- | C] () -- C:\avexport.bat [2008/12/26 11:02:26 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avenger.exe [2008/12/26 04:52:14 | 00,000,000 | ---D | C] -- C:\Lop SD [2008/12/26 04:51:37 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LopSD.exe [2008/12/24 19:07:46 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2008/12/23 22:55:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2008/12/23 22:33:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\taskkill.exe [2008/12/23 21:46:58 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2008/12/23 21:46:58 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008/12/23 21:46:58 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008/12/23 21:46:58 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2008/12/23 21:46:58 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008/12/23 21:46:58 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2008/12/23 21:46:58 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2008/12/23 21:46:58 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2008/12/23 21:46:58 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2008/12/23 21:46:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2008/12/23 21:46:51 | 00,000,000 | ---D | C] -- C:\Qoobox [2008/12/23 21:46:30 | 02,885,786 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2008/12/23 21:25:06 | 00,000,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fix.bat [2008/12/22 20:24:16 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk [2008/12/22 20:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2008/12/22 20:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/12/22 20:19:42 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2008/12/22 20:19:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2008/12/22 07:27:47 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2008/12/22 07:27:30 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/12/22 07:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits [2008/12/22 07:00:09 | 00,379,392 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\subinacl.msi [2008/12/22 06:57:36 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FixPolicies.exe [2008/12/22 06:55:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FixPolicies [2008/12/22 06:35:57 | 00,335,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dial-a-fix-v0.60.0.24.zip [2008/12/22 06:33:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Dial-a-fix-v0.60.0.24 [2008/12/22 05:24:52 | 00,000,453 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\allowtsk.reg [2008/12/22 04:31:29 | 00,000,000 | ---D | C] -- C:\Avenger [2008/12/22 03:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2008/12/22 00:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/12/21 23:31:15 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/12/21 23:31:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/12/21 23:30:51 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/12/21 23:30:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/12/21 23:30:44 | 00,000,000 | ---D | C] -- C:\Program Files\MSCANNER [2008/12/21 23:28:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\copy me to desktop [2008/12/21 23:09:35 | 26,801,3568 | -HS- | C] () -- C:\hiberfil.sys [2008/12/21 21:46:31 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2008/12/21 20:29:59 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat [2008/12/21 20:29:08 | 00,000,002 | ---- | C] () -- C:\1952709024 [2008/12/21 20:28:49 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\eozlijwa.job [2008/12/21 20:28:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\cap2 [2008/12/21 20:28:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ain [2008/12/21 20:28:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\whSLD02 [2008/12/15 05:59:59 | 00,051,200 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SOAPS5.doc [2008/12/15 04:46:32 | 17,861,030 | ---- | C] (XeroBank) -- C:\Documents and Settings\Owner\Desktop\XeroBank_Installer.exe [2008/12/09 20:09:01 | 07,299,698 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Xmas_tresures.eps [2008/12/09 19:32:47 | 00,059,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\polar bear card.jpg [2008/12/08 19:29:18 | 01,234,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\anais y mario.jpg [2008/12/08 03:10:32 | 01,454,434 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\snowflakes_brushes_by_hawksmont.abr [2008/12/08 02:58:02 | 04,207,394 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ChristmasPresent.eps [2008/12/06 14:52:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Protothea.wad [2008/12/05 00:45:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Copy of Copy of RUUE [2008/12/04 18:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Copy of RUUE [2008/12/04 18:09:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RUUE [2008/12/04 17:45:14 | 00,450,560 | ---- | C] (Game-Hackers.com) -- C:\Documents and Settings\Owner\Desktop\ACToolkit.exe [2008/12/03 23:07:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Pkmn Box [2008/12/03 22:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Pando Packages [2008/12/03 22:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Pando [2008/12/03 22:23:21 | 00,002,391 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pando.lnk [2008/12/03 22:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2008/12/03 22:20:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{7326CE9D-C0D2-433A-8A57-B7934EA13EC8} [2008/12/03 21:26:42 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/12/03 21:21:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2008/12/03 20:20:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2008/12/03 20:20:47 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2008/12/01 17:16:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc [2008/12/01 17:13:22 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2008/12/31 16:30:12 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe [2008/12/31 12:00:00 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\eozlijwa.job [2008/12/31 11:47:52 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FixPolicies.exe [2008/12/31 11:33:51 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/12/31 11:33:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/12/31 11:33:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/12/31 11:33:21 | 26,801,3568 | -HS- | M] () -- C:\hiberfil.sys [2008/12/31 11:29:40 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe [2008/12/26 11:05:21 | 00,001,299 | ---- | M] () -- C:\avexport.bat [2008/12/26 04:51:38 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LopSD.exe [2008/12/23 22:34:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/12/23 22:33:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\taskkill.exe [2008/12/23 22:32:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/12/23 21:42:01 | 02,885,786 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2008/12/23 21:25:06 | 00,000,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fix.bat [2008/12/23 19:55:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2008/12/22 20:24:16 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk [2008/12/22 20:19:42 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2008/12/22 07:01:06 | 00,379,392 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\subinacl.msi [2008/12/22 06:35:48 | 00,335,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dial-a-fix-v0.60.0.24.zip [2008/12/22 05:25:29 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/12/22 05:24:52 | 00,000,453 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\allowtsk.reg [2008/12/21 21:46:34 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2008/12/21 20:29:59 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat [2008/12/21 20:29:15 | 00,000,002 | ---- | M] () -- C:\1952709024 [2008/12/21 20:28:21 | 00,212,480 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/21 02:21:09 | 00,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pando.lnk [2008/12/20 18:09:33 | 00,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/12/17 00:18:18 | 00,450,560 | ---- | M] (Game-Hackers.com) -- C:\Documents and Settings\Owner\Desktop\ACToolkit.exe [2008/12/15 06:00:00 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SOAPS5.doc [2008/12/15 04:46:32 | 17,861,030 | ---- | M] (XeroBank) -- C:\Documents and Settings\Owner\Desktop\XeroBank_Installer.exe [2008/12/13 00:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2008/12/13 00:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2008/12/10 03:19:52 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/12/10 03:17:48 | 00,000,792 | ---- | M] () -- C:\WINDOWS\win.ini [2008/12/09 19:32:47 | 00,059,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\polar bear card.jpg [2008/12/09 17:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/12/08 19:29:55 | 01,234,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\anais y mario.jpg [2008/12/06 12:19:24 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/12/03 20:43:02 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2008/12/03 19:54:08 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/12/03 19:54:04 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/12/02 07:49:22 | 02,114,812 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2008/12/01 17:13:22 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk ========== Alternate Data Streams ========== @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable < End of report >