Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Mebroot Trojan


  • This topic is locked This topic is locked
54 replies to this topic

#1 L Dub

L Dub

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 September 2009 - 08:33 PM

Hello!

I was asked to post this in the HJT forum per garmanma:

http://www.bleepingcomputer.com/forums/t/260812/win32mebroot-trojan/

After a few recommendations the only .exe file I was able to run successfully was the OTL report (logs posted below).

Here's brief description of my problem:
ESET Smart Security 4 is saying there's a threat by the Win32/Mebroot Trojan but it's unable to clean it. I've tried running Malwarebytes but it only runs for about 5 seconds and then freezes. I've tried renaming the mbam.exe to stopzilla.exe, xxxx.exe but that didn't work.

I'm unable to connect to the internet (only in safe mode) and my CPU won't even shut down unless I power down manually.


Here are the OTL logs:


OTL.txt

OTL logfile created on: 9/29/2009 6:54:00 PM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 116.52 Mb Available Physical Memory | 22.80% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 36.21 Gb Free Space | 32.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.45 Gb Free Space | 77.76% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/12/20 21:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/12/20 21:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/02/05 18:44:39 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1107754144\ee\AOLSoftware.exe
PRC - [2006/10/23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2006/09/14 08:55:52 | 00,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/10/23 00:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/10/31 13:23:06 | 00,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2009/05/13 22:05:36 | 00,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2007/07/17 12:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
PRC - [2008/10/31 13:23:06 | 00,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2009/04/11 14:17:36 | 00,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe
PRC - [2006/10/05 11:51:04 | 02,242,120 | ---- | M] (Kontiki Inc.) -- C:\WINDOWS\kdx\KHost.exe
PRC - [2006/07/20 20:22:01 | 00,144,448 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/10/24 09:14:36 | 00,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/08/04 02:56:48 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
PRC - [2007/07/17 12:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2006/09/14 08:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2006/10/23 02:40:14 | 00,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2007/12/20 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe
PRC - [2007/10/16 21:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/29 18:52:06 | 00,009,728 | ---- | M] () -- C:\WINDOWS\Temp\wpv371254169113.exe
PRC - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
PRC - [2009/04/11 14:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
PRC - [2009/09/29 18:47:18 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
PRC - [2006/10/23 00:23:54 | 00,308,864 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/09/14 08:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0 [Auto | Running])
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/12/20 21:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/12/20 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stop_Pending])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/16 21:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/01/19 16:15:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - File not found -- -- (MCVSRte [Auto | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2001/08/06 15:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Start_Pending])
SRV - [2009/04/11 14:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Start_Pending])
SRV - [2009/04/11 14:17:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2009/04/11 14:17:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Stopped])
SRV - [2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/04/30 10:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running])
DRV - [2004/04/30 10:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running])
DRV - [2005/02/05 18:44:46 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2004/08/04 00:59:42 | 00,095,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2007/12/20 22:53:20 | 02,843,136 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/10/11 06:20:56 | 00,024,960 | ---- | M] (America Online) -- C:\WINDOWS\System32\drivers\ATWPKT2.SYS -- (ATWPKT2 [On_Demand | Stopped])
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2002/09/03 13:28:22 | 00,186,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2002/12/09 13:19:50 | 00,493,568 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2002/12/04 14:35:44 | 00,298,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2002/09/03 13:30:00 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2002/12/09 13:20:20 | 00,134,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2003/01/20 09:46:50 | 00,140,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/05/14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2009/05/14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2009/09/25 14:25:56 | 00,021,760 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Temp\EMebDrv.sys -- (EMebDrv [On_Demand | Stopped])
DRV - [2002/12/09 13:20:32 | 00,115,936 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2009/05/14 15:49:22 | 00,133,000 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfw.sys -- (epfw [Auto | Running])
DRV - [2009/05/14 15:49:26 | 00,033,096 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\Epfwndis.sys -- (Epfwndis [On_Demand | Running])
DRV - [2009/05/14 15:49:26 | 00,055,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdi.sys -- (epfwtdi [System | Running])
DRV - [2002/11/26 14:31:36 | 00,816,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2002/11/26 14:30:32 | 00,135,728 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2009/03/20 13:30:58 | 00,008,832 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\km_filter.sys -- (km_filter [On_Demand | Running])
DRV - [2001/08/17 08:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2000/10/03 17:18:24 | 00,006,942 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (Msikbd2k [On_Demand | Running])
DRV - [2004/10/30 16:45:40 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2009/03/20 13:37:06 | 00,009,088 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx [On_Demand | Running])
DRV - [2009/03/20 13:36:48 | 00,021,888 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt [Boot | Running])
DRV - [2009/03/20 13:36:04 | 00,014,336 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi [System | Running])
DRV - [2001/08/22 10:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2002/12/09 13:20:02 | 00,117,120 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2002/10/09 04:09:58 | 00,010,477 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/05/13 06:19:36 | 00,079,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004/05/13 08:00:04 | 00,111,808 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2003/09/06 07:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2002/09/03 11:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/05/20 18:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2009/01/09 16:18:02 | 00,027,136 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2002/09/03 11:56:37 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Stopped])
DRV - [2005/03/03 12:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2003/12/01 10:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2005/02/23 10:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 05:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2004/08/04 01:04:32 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2002/10/15 16:32:16 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2004/08/04 01:15:21 | 00,140,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys -- (Ws2_u3 [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\S-1-5-21-484763869-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.affilorama.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 12:55:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 18:56:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/30 18:56:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/04/10 03:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Extensions
[2009/04/10 03:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/06 23:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\zlsfajs9.default\extensions
[2009/08/09 13:06:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\zlsfajs9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/10 03:53:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/30 18:56:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/30 18:55:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/30 18:55:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/03 16:31:04 | 00,180,224 | ---- | M] (The Nielsen Company) -- C:\Program Files\mozilla firefox\components\nsgkff30_meter2.dll
[2009/06/30 18:55:47 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/03/26 13:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 13:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 13:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 13:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 13:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 13:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 13:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (150 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 alarm-security.microsoft.com
O1 - Hosts: 209.44.111.57 inetantivirus.com
O1 - Hosts: 209.44.111.57 www.inetantivirus.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (IeMonitorBho Class) - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll (Conceiva Pty Ltd)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&DownloadStudio) - {CB789373-04D5-4EF4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (Conceiva Pty Ltd)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107754144\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\tool1.exe File not found
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe File not found
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [areslite] C:\Program Files\Ares Lite Edition\AresLite.exe File not found
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [mserv] C:\Documents and Settings\Larry\Application Data\svcst.exe File not found
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe File not found
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\RunOnce: [DelayShred] C:\Program Files\McAfee\McAfee Shared Components\Shredder\SHRED32.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe File not found
O4 - Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\mhbupd32.exe (Htcyhay Hagwutjnwad)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm ()
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm ()
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm ()
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (Conceiva Pty. Ltd.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (Conceiva Pty Ltd)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://sd1.ccisd.net/crystalreportviewers/...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://portal.ccisd.net/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} http://cdn.digitalcity.com/video/kdx.cab (Secure Delivery)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab (GpcContainer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\Documents and Settings\Larry\Local Settings\Temp\shell32.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (sneakerpimp.com - The most exclusive kicks worldwide) - http://www.sneakerpimp.com/jordan.shtml
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll File not found
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/23 10:35:53 | 00,000,040 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2004/12/22 17:00:53 | 00,000,040 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2067/02/24 17:21:18 | 00,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
[2009/09/29 18:53:11 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2009/09/28 15:48:02 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\tatertot.scr.sys
[2009/09/28 15:44:46 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/27 04:08:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\HijackThis.lnk
[2009/09/27 04:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/27 02:50:46 | 00,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 01:22:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\CCleaner.lnk
[2009/09/27 01:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/25 12:27:08 | 00,000,000 | ---- | C] () -- C:\backup.reg
[2009/09/25 12:27:07 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009/09/25 12:27:07 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\amjhflrc.sys
[2009/09/25 12:27:07 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009/09/25 12:27:07 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009/09/25 09:34:34 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/25 09:34:34 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/25 09:34:34 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/25 09:34:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/25 09:34:21 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/09/25 09:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\PC Tools
[2009/09/25 09:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/25 08:46:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/25 08:46:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/25 01:45:11 | 00,018,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pogezixeli.bin
[2009/09/25 01:45:11 | 00,016,811 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ipizyre.sys
[2009/09/25 01:45:11 | 00,016,199 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\aherafys.ban
[2009/09/25 01:45:11 | 00,015,433 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\gylaku.db
[2009/09/25 01:45:11 | 00,013,791 | ---- | C] () -- C:\Program Files\Common Files\hagyr.sys
[2009/09/25 01:45:10 | 00,019,509 | ---- | C] () -- C:\Program Files\Common Files\eqalyj._sy
[2009/09/25 01:45:10 | 00,019,450 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ebem._sy
[2009/09/25 01:45:10 | 00,019,219 | ---- | C] () -- C:\Program Files\Common Files\asyqir.dl
[2009/09/25 01:45:10 | 00,018,559 | ---- | C] () -- C:\Program Files\Common Files\uxivyvina._dl
[2009/09/25 01:45:10 | 00,017,169 | ---- | C] () -- C:\WINDOWS\System32\daqo.lib
[2009/09/25 01:45:10 | 00,015,386 | ---- | C] () -- C:\WINDOWS\tepexovu.exe
[2009/09/25 01:45:10 | 00,014,472 | ---- | C] () -- C:\WINDOWS\System32\kaqyg.com
[2009/09/25 01:45:10 | 00,014,346 | ---- | C] () -- C:\WINDOWS\System32\ebititaka.vbs
[2009/09/25 01:45:10 | 00,012,142 | ---- | C] () -- C:\WINDOWS\ubiladylig.pif
[2009/09/25 01:45:10 | 00,011,692 | ---- | C] () -- C:\WINDOWS\System32\omunogo.inf
[2009/09/25 01:45:09 | 00,018,866 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bizo.dl
[2009/09/25 01:45:09 | 00,018,600 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ixyfukog.sys
[2009/09/25 01:45:09 | 00,016,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zudenubyru.ban
[2009/09/25 01:45:09 | 00,011,444 | ---- | C] () -- C:\WINDOWS\ivaceba._dl
[2009/09/25 01:45:09 | 00,011,304 | ---- | C] () -- C:\WINDOWS\juvyfev.reg
[2009/09/25 01:45:08 | 00,017,994 | ---- | C] () -- C:\WINDOWS\ozyl.reg
[2009/09/25 01:45:08 | 00,011,670 | ---- | C] () -- C:\WINDOWS\System32\ybuwele.vbs
[2009/09/25 01:45:08 | 00,011,428 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\uqarybiqow.dll
[2009/09/25 01:43:25 | 00,230,000 | ---- | C] (TheBestSoft Corporation) -- C:\Documents and Settings\Larry\Application Data\lizkavd.exe
[2009/09/25 01:38:45 | 00,264,704 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\seres.exe
[2009/09/22 20:28:52 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2009/09/22 20:28:51 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\The Authority Loophole.lnk
[2009/09/22 20:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\The Authority Loophole
[2009/09/17 16:17:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Desktop\ESET Trial
[2009/09/12 17:25:37 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 01:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/09/07 01:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/09/07 01:04:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009/09/07 01:04:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/09/07 01:04:30 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2009/09/07 00:42:01 | 00,027,136 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2009/09/07 00:37:14 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/09/07 00:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/09/07 00:34:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/09/07 00:34:14 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/09/07 00:00:47 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/09/07 00:00:47 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/05/09 23:36:04 | 00,000,085 | ---- | C] () -- C:\WINDOWS\aebconfig.ini
[2008/05/03 16:19:40 | 00,000,223 | ---- | C] () -- C:\WINDOWS\EXEHtml.INI
[2008/04/19 17:21:15 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/18 14:13:07 | 00,011,164 | ---- | C] () -- C:\WINDOWS\msvrc20.dll
[2007/05/18 19:57:09 | 00,000,032 | ---- | C] () -- C:\WINDOWS\WebsiteHeadlineWizard.INI
[2007/05/18 19:28:02 | 00,000,077 | ---- | C] () -- C:\WINDOWS\WHLWizard.ini
[2007/04/06 11:38:03 | 00,001,156 | ---- | C] () -- C:\WINDOWS\WCWizard.INI
[2006/08/06 00:44:26 | 00,000,057 | ---- | C] () -- C:\WINDOWS\seoWSB-backup.ini
[2006/07/17 22:02:10 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/01 21:16:14 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/02/11 22:35:22 | 00,000,850 | ---- | C] () -- C:\WINDOWS\seoSiteBuilder.ini
[2006/01/27 22:06:19 | 00,000,319 | ---- | C] () -- C:\WINDOWS\wtanalyzer.ini
[2005/08/13 01:05:13 | 00,000,212 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2005/08/13 01:05:13 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2005/08/13 01:05:13 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2005/06/20 18:03:02 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/02/23 11:57:35 | 00,971,776 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2005/02/18 23:18:30 | 00,010,856 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/02/18 23:15:06 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E8197BF28A.sys
[2005/01/20 22:55:52 | 03,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2005/01/20 22:55:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2005/01/20 22:55:51 | 00,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2004/12/29 13:46:51 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2004/12/29 13:46:51 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2004/12/23 20:09:22 | 00,000,456 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2004/12/23 18:22:23 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/12/21 10:09:53 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/12/19 03:25:03 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\cwmdtl50a.dll
[2004/12/18 20:12:19 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl37.dll
[2004/12/18 18:04:59 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2004/12/18 18:04:59 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2004/12/18 18:04:58 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl25a.dll
[2004/12/04 16:28:17 | 00,001,161 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2004/12/01 19:17:36 | 00,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/30 20:15:26 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2004/11/30 20:15:26 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2004/11/24 16:11:00 | 00,000,032 | ---- | C] () -- C:\WINDOWS\pwcd.INI
[2004/11/24 16:10:14 | 00,000,073 | ---- | C] () -- C:\WINDOWS\PasswordTools.INI
[2004/11/15 20:57:07 | 00,000,644 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/11/04 21:06:47 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/03 22:00:38 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll.bak
[2004/09/30 16:39:50 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p3now.sys
[2004/08/19 18:38:20 | 00,000,480 | ---- | C] () -- C:\WINDOWS\WEBEDIT.INI
[2004/08/19 18:33:42 | 00,000,277 | ---- | C] () -- C:\WINDOWS\ssce.ini
[2004/08/15 03:06:32 | 00,129,080 | ---- | C] () -- C:\WINDOWS\logow.sys
[2004/08/15 03:06:32 | 00,129,078 | ---- | C] () -- C:\WINDOWS\logos.sys
[2004/06/16 20:25:12 | 00,270,718 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/13 23:41:33 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2004/06/12 16:10:23 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\AolIPInterfaceHistory.ini
[2004/06/12 14:13:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2004/06/12 14:10:49 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/12 14:10:49 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/06/12 12:20:05 | 00,000,020 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/12 05:22:01 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/12 05:02:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/06/12 05:01:59 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/06/12 05:01:18 | 00,060,034 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/06/12 05:01:18 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/06/12 05:01:08 | 00,298,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\ctdvda2k.sys
[2004/06/12 05:01:07 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/06/12 05:01:04 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/06/12 05:01:04 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/06/12 04:40:19 | 00,000,301 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2004/06/12 04:40:19 | 00,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/06/12 04:40:18 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/06/12 04:40:18 | 00,005,606 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/06/12 03:48:13 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2004/06/12 03:47:49 | 00,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2004/06/12 03:47:49 | 00,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2004/06/12 03:47:49 | 00,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
[2004/06/12 03:47:49 | 00,004,256 | ---- | C] () -- C:\WINDOWS\System32\LMStatus.ini
[2004/06/12 03:47:49 | 00,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
[2004/06/12 03:47:49 | 00,002,552 | ---- | C] () -- C:\WINDOWS\Ssds32.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew05.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew04.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew03.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew02.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
[2004/06/12 03:47:49 | 00,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
[2004/06/12 03:47:49 | 00,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
[2004/06/12 03:47:49 | 00,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2004/01/22 14:00:28 | 00,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2002/09/03 12:11:56 | 00,000,826 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/03 12:06:05 | 00,000,399 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/03 11:27:33 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[1997/07/11 02:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 02:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/09/29 18:52:00 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/09/29 18:51:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/29 18:51:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/29 18:51:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/29 18:47:18 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2009/09/28 15:48:02 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\tatertot.scr.sys
[2009/09/28 15:44:46 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/27 04:08:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\HijackThis.lnk
[2009/09/27 02:55:19 | 00,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 02:53:39 | 04,240,744 | -H-- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\IconCache.db
[2009/09/27 02:48:11 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/09/27 02:48:11 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/09/27 02:48:11 | 00,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/09/27 02:48:11 | 00,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/09/27 02:48:11 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/09/27 02:48:11 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/09/27 02:48:11 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.dat
[2009/09/27 02:48:11 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10031102}.dat
[2009/09/27 01:22:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\CCleaner.lnk
[2009/09/25 12:27:08 | 00,000,000 | ---- | M] () -- C:\backup.reg
[2009/09/25 12:27:07 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009/09/25 12:27:07 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\amjhflrc.sys
[2009/09/25 12:27:07 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/09/25 12:27:07 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009/09/25 01:45:11 | 00,018,004 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pogezixeli.bin
[2009/09/25 01:45:11 | 00,016,811 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\ipizyre.sys
[2009/09/25 01:45:11 | 00,016,199 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\aherafys.ban
[2009/09/25 01:45:11 | 00,015,433 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\gylaku.db
[2009/09/25 01:45:11 | 00,013,791 | ---- | M] () -- C:\Program Files\Common Files\hagyr.sys
[2009/09/25 01:45:10 | 00,019,509 | ---- | M] () -- C:\Program Files\Common Files\eqalyj._sy
[2009/09/25 01:45:10 | 00,019,450 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\ebem._sy
[2009/09/25 01:45:10 | 00,019,219 | ---- | M] () -- C:\Program Files\Common Files\asyqir.dl
[2009/09/25 01:45:10 | 00,018,559 | ---- | M] () -- C:\Program Files\Common Files\uxivyvina._dl
[2009/09/25 01:45:10 | 00,017,169 | ---- | M] () -- C:\WINDOWS\System32\daqo.lib
[2009/09/25 01:45:10 | 00,015,386 | ---- | M] () -- C:\WINDOWS\tepexovu.exe
[2009/09/25 01:45:10 | 00,014,472 | ---- | M] () -- C:\WINDOWS\System32\kaqyg.com
[2009/09/25 01:45:10 | 00,014,346 | ---- | M] () -- C:\WINDOWS\System32\ebititaka.vbs
[2009/09/25 01:45:10 | 00,012,142 | ---- | M] () -- C:\WINDOWS\ubiladylig.pif
[2009/09/25 01:45:10 | 00,011,692 | ---- | M] () -- C:\WINDOWS\System32\omunogo.inf
[2009/09/25 01:45:09 | 00,018,866 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bizo.dl
[2009/09/25 01:45:09 | 00,018,600 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\ixyfukog.sys
[2009/09/25 01:45:09 | 00,016,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zudenubyru.ban
[2009/09/25 01:45:09 | 00,011,444 | ---- | M] () -- C:\WINDOWS\ivaceba._dl
[2009/09/25 01:45:09 | 00,011,304 | ---- | M] () -- C:\WINDOWS\juvyfev.reg
[2009/09/25 01:45:08 | 00,017,994 | ---- | M] () -- C:\WINDOWS\ozyl.reg
[2009/09/25 01:45:08 | 00,011,670 | ---- | M] () -- C:\WINDOWS\System32\ybuwele.vbs
[2009/09/25 01:45:08 | 00,011,428 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\uqarybiqow.dll
[2009/09/25 01:43:25 | 00,230,000 | ---- | M] (TheBestSoft Corporation) -- C:\Documents and Settings\Larry\Application Data\lizkavd.exe
[2009/09/25 01:38:42 | 00,264,704 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\seres.exe
[2009/09/22 20:28:52 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\The Authority Loophole.lnk
[2009/09/17 19:10:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/17 15:18:42 | 00,092,424 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/17 15:01:37 | 00,334,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/07 00:37:15 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >




------------------------------------------------------------------------------------------------




Extras.txt

OTL Extras logfile created on: 9/29/2009 6:54:00 PM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 116.52 Mb Available Physical Memory | 22.80% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 36.21 Gb Free Space | 32.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.45 Gb Free Space | 77.76% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = aol_htm] -- C:\Program Files\AOL\Explorer\AOLExplorer.exe (AOL LLC)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Classes\]
.html [@ = aol_htm] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\AOL\Explorer\AOLExplorer.exe" -u "%1" (AOL LLC)
https [open] -- "C:\Program Files\AOL\Explorer\AOLExplorer.exe" -u "%1" (AOL LLC)
jsfile [edit] -- Reg Error: Key error.
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ABC\abc.exe" = C:\Program Files\ABC\abc.exe:*:Enabled:abc -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe:*:Enabled:PDP RPC Server -- (DeviceGuys)
"C:\Program Files\eDonkey2000\EDONKEY2000_.EXE" = C:\Program Files\eDonkey2000\EDONKEY2000_.EXE:*:Enabled:EDONKEY2000_ -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\Coding Workshop Polyphonic Wizard\cwpolywz.exe" = C:\Program Files\Coding Workshop Polyphonic Wizard\cwpolywz.exe:*:Enabled:Coding Workshop Polyphonic Wizard -- File not found
"C:\Program Files\Coding Workshop Ringtone Converter\cwtone.exe" = C:\Program Files\Coding Workshop Ringtone Converter\cwtone.exe:*:Enabled:Coding Workshop Ringtone Convertor -- File not found
"C:\Program Files\Conceiva\SurfStream\SurfStream.exe" = C:\Program Files\Conceiva\SurfStream\SurfStream.exe:*:Enabled:SurfStream -- File not found
"C:\Program Files\UBISOFT\Prince Of Persia - The Sands Of Time\POP.exe" = C:\Program Files\UBISOFT\Prince Of Persia - The Sands Of Time\POP.exe:*:Enabled:POP -- File not found
"C:\Program Files\Singles\singles.exe" = C:\Program Files\Singles\singles.exe:*:Enabled:singles -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 8.0\waol.exe" = C:\Program Files\America Online 8.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1107754144\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1107754144\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Anti-Leech\ALIE\alhlp.exe" = C:\Program Files\Anti-Leech\ALIE\alhlp.exe:*:Enabled:Anti-Leech plugin helper program -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\SEO Website Builder\SEOSiteBuilder.exe" = C:\Program Files\SEO Website Builder\SEOSiteBuilder.exe:*:Enabled:SEO Site Builder -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher -- (SupportSoft, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1107754144\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1107754144\EE\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1107754144\EE\AOLOpenRide.exe" = C:\Program Files\Common Files\AOL\1107754144\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide -- File not found
"C:\WINDOWS\kdx\khost.exe" = C:\WINDOWS\kdx\khost.exe:*:Enabled:Delivery Manager -- (Kontiki Inc.)
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1107754144\EE\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1107754144\EE\AOLDesktop.exe:*:Enabled:AOL Desktop -- File not found
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D2E169-5307-4626-81BC-4A2B0BFBA3F4}" = Keyword Research Pro
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A06D517-BEE7-2D03-9792-CF1A30E29A70}" = Skins
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1481D8E3-EA17-7697-3738-F5AA7784C902}" = ccc-utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4C0F15CA-2032-5D72-F209-A89E02A5FE0F}" = CCC Help English
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{59A67AEF-CABF-32CA-5407-55049E899A11}" = Catalyst Control Center Graphics Light
"{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}" = Diskeeper 2008 Pro Premier
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88739060-F683-11D3-B761-00105AD153C1}" = Lexmark X125
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{901A5511-070B-20DF-2F5A-5FA29C302C2A}" = Catalyst Control Center Graphics Full Existing
"{943803CB-20FA-F4EB-E4A6-A3B055A1DC2E}" = ccc-core-preinstall
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9EE5A621-A673-37C4-E31A-A7D5696B6F29}" = Catalyst Control Center Graphics Previews Common
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2F6B336-798D-77C2-21C9-392D4B0188F9}" = Catalyst Control Center Core Implementation
"{B474E72D-F65C-4CCD-BA5E-941DC43399A1}" = DownloadStudio
"{B78EAA23-2D9B-CD91-6ABF-B96EC49BBA37}" = ccc-core-static
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D9758C4B-CDD0-536F-D90E-9D74AFC3A35E}" = Catalyst Control Center Graphics Full New
"{E1981A20-DA8A-11DB-6784-00378DDC18BE}" = WebsiteHeadlineWizard
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}" = Zune
"{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"6F128087AFFFF5D4F4FEE6429736470CD5C1E4E2" = Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Deskbar" = AOL Deskbar
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BitLord" = BitLord 1.1
"BlackBerry_{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"ColorPic" = ColorPic
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Real Audio Codec" = dBpowerAMP Real Audio Codec
"dBPowerAMP Real Audio Encoder R3" = dBPowerAMP Real Audio Encoder R3
"DE273599-96B0-4836-97C2-B2025C625F81" = The Authority Loophole
"DFX for MUSICMATCH" = DFX for MUSICMATCH
"Domain Name Analyzer_is1" = Domain Name Analyzer v3.2.022303
"Easy Real Converter_is1" = Easy Real Converter V1.40
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.0.9.1
"Grand Theft Auto" = Grand Theft Auto
"Indeo® Software" = Indeo® Software
"InstallShield_{95633EBE-216B-48B5-B103-0C9919787F46}" = Obscure
"kdx_aolhqvprod" = AOL Hi-Q Video
"Keyword Results Analyzer version 2 2.0.1.3." = Keyword Results Analyzer version 2 2.0.1.3.
"KRA Pro_is1" = KRA Pro v4
"KRA V4.0.0.33. manual upgrade_is1" = KRA v4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSN Toolbar" = MSN Toolbar
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetSight" = Nielsen//NetRatings
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"PLR Dashboard_is1" = PLR Dashboard 1.0
"PROSet" = Intel® PRO Ethernet Adapter and Software
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Search Automator Pro" = Search Automator Pro 2.0
"SEO Website Builder 1.6.19" = SEO Website Builder 1.6.19
"SoftICE" = NuMega SoftICE
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SWF Opener" = SWF Opener
"TurboTax 2008" = TurboTax 2008
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebDesigner" = Microsoft Expression Web
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenu_is1" = Xenu's Link Sleuth
"YInstHelper" = Yahoo! Install Manager
"YNAB_Pro_is1" = YNAB Pro version 2.9.4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.190

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2009 4:53:41 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/28/2009 5:31:29 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/28/2009 5:33:40 PM | Computer Name = BART | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 6:38:48 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/28/2009 6:41:12 PM | Computer Name = BART | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 6:47:31 PM | Computer Name = BART | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 7:35:50 PM | Computer Name = BART | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 10:02:23 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/28/2009 10:18:42 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/29/2009 7:52:03 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

[ OSession Events ]
Error - 11/29/2007 9:05:31 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 86
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/17/2008 2:52:20 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2139
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 3/9/2008 12:10:36 AM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 96
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/3/2008 1:48:35 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 199
seconds with 120 seconds of active time. This session ended with a crash.

Error - 7/12/2008 5:31:02 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1378413
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 7/13/2008 3:28:53 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/13/2008 3:29:20 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/9/2008 5:34:38 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 83
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/5/2008 8:15:32 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1151920
seconds with 6300 seconds of active time. This session ended with a crash.

Error - 6/13/2009 6:32:56 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1053
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/28/2009 6:32:47 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/28/2009 6:33:14 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/28/2009 6:38:32 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/28/2009 6:39:00 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/28/2009 10:02:12 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/28/2009 10:02:41 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/28/2009 10:18:27 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/28/2009 10:18:54 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/29/2009 7:51:44 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/29/2009 7:52:10 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 PM

Posted 18 October 2009 - 11:59 AM

Hello L Dub

Welcome to Welcome to BleepingComputer :(
=====================
Please download and run MBR.exe by GMER:

http://www2.gmer.net/mbr/mbr.exe

It will produce a brief log, mbr.txt in the same directory as the program. Please copy/paste that log here.
============
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 18 October 2009 - 09:26 PM

Hi kahdah!

Here are the results of the MBR log (could only run in safe mode):

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 PM

Posted 18 October 2009 - 10:50 PM

Hi see if you can get this to run.

Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 19 October 2009 - 09:41 PM

I couldn't get GMER to run in normal mode. It was running fine in normal mode for about 4 hours before it froze! :(

Quick question. I don't have any antivirus or firewall protection on my CPU at the moment. I was using the ESET Smart Security 30 day trial when this whole trojan headache began so decided to uninstall (I've been downloading the files from a laptop and transferring via a flash drive).

I plan to install Avast and Comodo but wasn't sure if this is a waste since the trojan/viruses might not allow updates or even install for that matter. Should I try to install these apps to see if they're able to clean anything?

Thanks again for taking the time to help me out! :(

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 PM

Posted 20 October 2009 - 06:32 AM

Yes right now that would be a waste of time.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - [2009/09/29 18:52:06 | 00,009,728 | ---- | M] () -- C:\WINDOWS\Temp\wpv371254169113.exe
    O1 - Hosts: 209.44.111.57 alarm-security.microsoft.com
    O1 - Hosts: 209.44.111.57 inetantivirus.com
    O1 - Hosts: 209.44.111.57 www.inetantivirus.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [mserv] C:\Documents and Settings\Larry\Application Data\svcst.exe File not found
    O4 - Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\mhbupd32.exe (Htcyhay Hagwutjnwad)
    [2009/09/25 12:27:07 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\amjhflrc.sys
    [2009/09/25 12:27:07 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
    [2009/09/25 12:27:07 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
    [2009/09/25 01:45:11 | 00,018,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pogezixeli.bin
    [2009/09/25 01:45:11 | 00,016,811 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ipizyre.sys
    [2009/09/25 01:45:11 | 00,016,199 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\aherafys.ban
    [2009/09/25 01:45:11 | 00,015,433 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\gylaku.db
    [2009/09/25 01:45:11 | 00,013,791 | ---- | C] () -- C:\Program Files\Common Files\hagyr.sys
    [2009/09/25 01:45:10 | 00,019,509 | ---- | C] () -- C:\Program Files\Common Files\eqalyj._sy
    [2009/09/25 01:45:10 | 00,019,450 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ebem._sy
    [2009/09/25 01:45:10 | 00,019,219 | ---- | C] () -- C:\Program Files\Common Files\asyqir.dl
    [2009/09/25 01:45:10 | 00,018,559 | ---- | C] () -- C:\Program Files\Common Files\uxivyvina._dl
    [2009/09/25 01:45:10 | 00,017,169 | ---- | C] () -- C:\WINDOWS\System32\daqo.lib
    [2009/09/25 01:45:10 | 00,015,386 | ---- | C] () -- C:\WINDOWS\tepexovu.exe
    [2009/09/25 01:45:10 | 00,014,472 | ---- | C] () -- C:\WINDOWS\System32\kaqyg.com
    [2009/09/25 01:45:10 | 00,014,346 | ---- | C] () -- C:\WINDOWS\System32\ebititaka.vbs
    [2009/09/25 01:45:10 | 00,012,142 | ---- | C] () -- C:\WINDOWS\ubiladylig.pif
    [2009/09/25 01:45:10 | 00,011,692 | ---- | C] () -- C:\WINDOWS\System32\omunogo.inf
    [2009/09/25 01:45:09 | 00,018,866 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bizo.dl
    [2009/09/25 01:45:09 | 00,018,600 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ixyfukog.sys
    [2009/09/25 01:45:09 | 00,016,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zudenubyru.ban
    [2009/09/25 01:45:09 | 00,011,444 | ---- | C] () -- C:\WINDOWS\ivaceba._dl
    [2009/09/25 01:45:09 | 00,011,304 | ---- | C] () -- C:\WINDOWS\juvyfev.reg
    [2009/09/25 01:45:08 | 00,017,994 | ---- | C] () -- C:\WINDOWS\ozyl.reg
    [2009/09/25 01:45:08 | 00,011,670 | ---- | C] () -- C:\WINDOWS\System32\ybuwele.vbs
    [2009/09/25 01:45:08 | 00,011,428 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\uqarybiqow.dll
    [2009/09/25 01:43:25 | 00,230,000 | ---- | C] (TheBestSoft Corporation) -- C:\Documents and Settings\Larry\Application Data\lizkavd.exe
    [2009/09/25 01:38:45 | 00,264,704 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\seres.exe
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
====================
First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 20 October 2009 - 07:16 PM

Hi Kahdah!

I've copied|pasted the code into OTL and clicked Run Scan. The bottom status says it's emptying temp folders. DO NOT INTERRUPT...

The progress bar only has one green "tick".

It's been like this for about 10min. Should I abort it and continue with the Combofix step?

Larry

Edited by L Dub, 20 October 2009 - 07:19 PM.


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 PM

Posted 20 October 2009 - 09:38 PM

Yes manually power the system down then restart and proceed with combofix.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 20 October 2009 - 10:13 PM

Hi Kahdah!

I manually powered down the PC and tried to run the kahdah.exe and Combofix freezes the moment it runs. The little tan colored box pops up with the words Combofix and it just sits there (frozen).

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 PM

Posted 20 October 2009 - 10:24 PM

Try it is Safe Mode please/
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 20 October 2009 - 10:39 PM

I ran CF in safe mode and while running it detected the presence of rootkit activity and needed to reboot. Upon reboot I chose safe mode. When I logged into my desktop via safe mode nothing happened (waited 5+ minutes).

I restarted the CPU from safe mode and let it reboot in normal mode. I logged in to my desktop and the CF box popped up with the prompt saying: Please wait... Combofix is preparing to run.

So far it's been at least 5 minutes and the prompt with the message is sitting there with an empty desktop background.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 PM

Posted 20 October 2009 - 10:42 PM

Yes that is normal.
Let it finish it can take a bit to finish up.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 21 October 2009 - 05:38 PM

Hi Kahdah!

It's been 18+ hours and the prompt: Please wait. Combofix is preparing to run... is still there with an empty desktop background.

Is that the norm? I'll leave everything as is until I hear back from you.

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:10 PM

Posted 22 October 2009 - 05:36 AM

Try the following please.
Hit cntrl+alt+delete on your key board and that will open task manger.
The click on the processes tab and then see what processes is sticking (using the cpu) then right click on it and choose end proccess and then see if it unsticks it.
If it doesn't then just hit the x at the blue Command prompt window to close Combofix.

After that post a fresh OTL log please unless Combofix produces a log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 22 October 2009 - 01:03 PM

Nothing ever happened with Combofix (i.e. no log report). Below are the 2 OTL logs:

OTL logfile created on: 10/22/2009 12:26:12 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 149.96 Mb Available Physical Memory | 29.35% Memory free
1.22 Gb Paging File | 0.86 Gb Available in Paging File | 70.50% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 36.36 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.33 Gb Free Space | 71.07% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/20 19:04:32 | 03,350,921 | R--- | M] () -- C:\Documents and Settings\Larry\Desktop\kahdah.exe
PRC - [2009/10/20 18:41:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
PRC - [2009/05/13 22:05:36 | 00,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/04/11 14:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
PRC - [2009/04/11 14:17:36 | 00,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2008/10/31 13:23:06 | 00,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2008/10/24 09:14:36 | 00,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2007/12/20 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe
PRC - [2007/12/20 21:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
PRC - [2007/10/16 21:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1107754144\ee\AOLSoftware.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/07/17 12:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
PRC - [2007/07/17 12:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe
PRC - [2006/10/23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2006/10/23 00:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2006/10/05 11:51:04 | 02,242,120 | ---- | M] (Kontiki Inc.) -- C:\WINDOWS\kdx\KHost.exe
PRC - [2006/09/14 08:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 08:55:52 | 00,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/07/20 20:22:01 | 00,144,448 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
PRC - [2005/02/05 18:44:39 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/08/04 02:56:57 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2004/08/04 02:56:48 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
PRC - [2004/08/04 02:56:48 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dumprep.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (MCVSRte [Auto | Stopped])
SRV - [2009/04/11 14:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Start_Pending])
SRV - [2009/04/11 14:17:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2009/04/11 14:17:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/01/19 16:15:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/12/20 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stop_Pending])
SRV - [2007/12/20 21:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Start_Pending])
SRV - [2007/10/16 21:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2006/09/14 08:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0 [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/06/12 03:18:09 | 00,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv32.dll -- (TermService [Auto | Stopped])
SRV - [2001/08/06 15:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv [Disabled | Stopped])
SRV - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/03/20 13:37:06 | 00,009,088 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx [On_Demand | Stopped])
DRV - [2009/03/20 13:36:48 | 00,021,888 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt [Boot | Running])
DRV - [2009/03/20 13:36:04 | 00,014,336 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi [System | Running])
DRV - [2009/03/20 13:30:58 | 00,008,832 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\km_filter.sys -- (km_filter [On_Demand | Running])
DRV - [2009/01/09 16:18:02 | 00,027,136 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2008/05/20 18:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/12/20 22:53:20 | 02,843,136 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Stopped])
DRV - [2007/10/11 06:20:56 | 00,024,960 | ---- | M] (America Online) -- C:\WINDOWS\System32\drivers\ATWPKT2.SYS -- (ATWPKT2 [On_Demand | Stopped])
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/03/03 12:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/02/23 10:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/02/05 18:44:46 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2004/12/03 05:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2004/10/30 16:45:40 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2004/08/04 01:15:21 | 00,140,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys -- (Ws2_u3 [Disabled | Stopped])
DRV - [2004/08/04 01:04:32 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2004/08/04 00:59:42 | 00,095,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2004/05/13 08:00:04 | 00,111,808 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2004/05/13 06:19:36 | 00,079,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004/04/30 10:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running])
DRV - [2004/04/30 10:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running])
DRV - [2003/12/01 10:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2003/09/06 07:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2003/01/20 09:46:50 | 00,140,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2002/12/09 13:20:32 | 00,115,936 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2002/12/09 13:20:20 | 00,134,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2002/12/09 13:20:02 | 00,117,120 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2002/12/09 13:19:50 | 00,493,568 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2002/12/04 14:35:44 | 00,298,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2002/11/26 14:31:36 | 00,816,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2002/11/26 14:30:32 | 00,135,728 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2002/10/15 16:32:16 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2002/10/09 04:09:58 | 00,010,477 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2002/09/03 13:30:00 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2002/09/03 13:28:22 | 00,186,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2002/09/03 11:56:37 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2002/09/03 11:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/22 10:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2001/08/17 08:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2000/10/03 17:18:24 | 00,006,942 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (Msikbd2k [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\S-1-5-21-484763869-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.affilorama.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 12:55:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 18:56:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/30 18:56:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/04/10 03:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Extensions
[2009/04/10 03:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/16 14:24:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\zlsfajs9.default\extensions
[2009/08/09 13:06:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\zlsfajs9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/10 03:53:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/30 18:56:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/30 18:55:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/30 18:55:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/03 16:31:04 | 00,180,224 | ---- | M] (The Nielsen Company) -- C:\Program Files\mozilla firefox\components\nsgkff30_meter2.dll
[2009/06/30 18:55:47 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/03/26 13:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 13:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 13:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 13:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 13:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 13:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 13:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (IeMonitorBho Class) - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll (Conceiva Pty Ltd)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&DownloadStudio) - {CB789373-04D5-4EF4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (Conceiva Pty Ltd)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [combofix] C:\kahdah\CF11823.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107754144\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm ()
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm ()
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm ()
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (Conceiva Pty. Ltd.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (Conceiva Pty Ltd)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://sd1.ccisd.net/crystalreportviewers/...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://portal.ccisd.net/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} http://cdn.digitalcity.com/video/kdx.cab (Secure Delivery)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab (GpcContainer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (sneakerpimp.com - The most exclusive kicks worldwide) - http://www.sneakerpimp.com/jordan.shtml
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/23 10:35:53 | 00,000,040 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2004/12/22 17:00:53 | 00,000,040 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/09/25 09:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/25 09:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\PC Tools
[2009/10/14 15:12:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\Research In Motion
[2009/09/25 09:34:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/27 01:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/22 20:28:52 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2009/10/16 23:09:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/22 20:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\The Authority Loophole
[2009/09/27 04:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/22 12:21:38 | 00,000,000 | ---D | C] -- C:\rsit
[2009/10/22 12:02:03 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/10/20 22:28:55 | 00,000,000 | --SD | C] -- C:\kahdah
[2009/10/20 19:10:52 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/20 18:41:15 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2009/10/16 23:09:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/16 23:09:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/12 21:04:51 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\46843651.sys
[2009/10/10 18:50:05 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19693.exe
[2009/10/09 03:08:42 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/10/08 23:18:37 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7296.exe
[2009/10/07 00:12:33 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9404.exe
[2009/10/06 22:58:59 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3254.exe
[2009/10/06 22:46:23 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF14671.exe
[2009/10/06 22:04:03 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29098.exe
[2009/10/06 22:02:13 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF6786.exe
[2009/10/04 13:43:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Desktop\CPU Protection & Maintenance
[2009/10/04 13:36:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/04 13:33:15 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\68941397.sys
[2009/10/03 20:12:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/03 20:08:35 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/03 18:59:23 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/02 02:54:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/02 02:54:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/02 02:54:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/02 02:54:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/02 02:54:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/01 22:26:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/25 09:34:34 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/25 09:34:34 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/25 09:34:21 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2004/12/29 13:46:51 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2004/12/29 13:46:51 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2004/12/23 19:56:52 | 03,120,640 | ---- | C] (ScummVM Team) -- C:\Program Files\scummvm.exe
[2004/06/12 05:01:07 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/22 12:20:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/22 12:20:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/22 12:09:38 | 04,240,744 | -H-- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\IconCache.db
[2009/10/22 12:07:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/22 11:53:16 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\RSIT.exe
[2009/10/20 19:04:32 | 03,350,921 | R--- | M] () -- C:\Documents and Settings\Larry\Desktop\kahdah.exe
[2009/10/20 18:41:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2009/10/20 16:37:41 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/10/17 14:25:37 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/10/17 08:48:58 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/10/17 08:48:58 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/10/17 08:48:58 | 00,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/10/17 08:48:58 | 00,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/10/17 08:48:58 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/17 08:48:58 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/17 08:48:58 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.dat
[2009/10/17 08:48:58 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10031102}.dat
[2009/10/16 23:09:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/10 18:49:57 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/10/10 18:49:57 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19693.exe
[2009/10/08 23:18:25 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7296.exe
[2009/10/07 00:12:24 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9404.exe
[2009/10/06 22:58:49 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3254.exe
[2009/10/06 22:46:14 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF14671.exe
[2009/10/06 22:03:03 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29098.exe
[2009/10/06 22:02:04 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF6786.exe
[2009/10/03 20:08:52 | 00,000,399 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/02 03:08:52 | 00,000,027 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/28 15:48:02 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\tatertot.scr.sys
[2009/09/27 04:08:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\HijackThis.lnk
[2009/09/27 01:22:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\CCleaner.lnk
[2009/09/25 12:27:08 | 00,000,000 | ---- | M] () -- C:\backup.reg
[2009/09/25 12:27:07 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009/09/22 20:28:52 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\The Authority Loophole.lnk

========== Files - No Company Name ==========
[2067/02/24 17:21:18 | 00,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
[2009/10/22 12:08:45 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\RSIT.exe
[2009/10/20 19:09:37 | 03,350,921 | R--- | C] () -- C:\Documents and Settings\Larry\Desktop\kahdah.exe
[2009/10/17 02:14:13 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/10/16 23:09:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/03 18:59:33 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/03 18:59:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/02 02:54:30 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/02 02:54:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/02 02:54:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/02 02:54:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/28 15:48:02 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\tatertot.scr.sys
[2009/09/27 04:08:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\HijackThis.lnk
[2009/09/27 01:22:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\CCleaner.lnk
[2009/09/25 12:27:08 | 00,000,000 | ---- | C] () -- C:\backup.reg
[2009/09/25 12:27:07 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009/09/25 09:34:34 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/25 01:38:52 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\iniasd.txt
[2009/09/22 20:28:51 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\The Authority Loophole.lnk
[2008/05/09 23:36:04 | 00,000,085 | ---- | C] () -- C:\WINDOWS\aebconfig.ini
[2008/05/03 16:19:40 | 00,000,223 | ---- | C] () -- C:\WINDOWS\EXEHtml.INI
[2008/04/19 17:29:05 | 00,006,222 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\PrimoPDFSet.xml
[2008/04/19 17:29:03 | 00,000,310 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\APUSet.xml
[2008/04/19 17:21:15 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/05/18 19:57:09 | 00,000,032 | ---- | C] () -- C:\WINDOWS\WebsiteHeadlineWizard.INI
[2007/05/18 19:28:02 | 00,000,077 | ---- | C] () -- C:\WINDOWS\WHLWizard.ini
[2007/04/06 11:38:03 | 00,001,156 | ---- | C] () -- C:\WINDOWS\WCWizard.INI
[2006/08/06 00:44:26 | 00,000,057 | ---- | C] () -- C:\WINDOWS\seoWSB-backup.ini
[2006/07/17 22:02:10 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/01 21:16:14 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/02/19 18:19:34 | 00,000,157 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ntl.ini
[2006/02/19 17:20:51 | 00,002,223 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ntl.nws
[2006/02/11 22:35:22 | 00,000,850 | ---- | C] () -- C:\WINDOWS\seoSiteBuilder.ini
[2006/01/27 22:06:19 | 00,000,319 | ---- | C] () -- C:\WINDOWS\wtanalyzer.ini
[2005/08/29 19:41:06 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\fusioncache.dat
[2005/06/20 18:03:02 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/02/23 11:57:35 | 00,971,776 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2005/02/18 23:18:30 | 00,010,856 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/02/18 23:15:06 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E8197BF28A.sys
[2005/01/20 22:55:52 | 03,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2005/01/20 22:55:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2005/01/20 22:55:51 | 00,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2004/12/23 20:09:22 | 00,000,456 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2004/12/23 19:56:52 | 00,229,376 | ---- | C] () -- C:\Program Files\SDL.dll
[2004/12/23 19:56:52 | 00,051,881 | ---- | C] () -- C:\Program Files\readme.txt
[2004/12/23 19:56:52 | 00,018,454 | ---- | C] () -- C:\Program Files\copying.txt
[2004/12/23 19:56:52 | 00,007,696 | ---- | C] () -- C:\Program Files\news.txt
[2004/12/23 19:56:52 | 00,000,438 | ---- | C] () -- C:\Program Files\README-SDL.txt
[2004/12/23 18:22:23 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/12/21 10:09:53 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/12/19 03:25:03 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\cwmdtl50a.dll
[2004/12/18 20:12:19 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl37.dll
[2004/12/18 18:04:59 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2004/12/18 18:04:59 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2004/12/18 18:04:58 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl25a.dll
[2004/12/04 16:28:17 | 00,001,161 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2004/12/01 19:17:36 | 00,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/30 20:15:26 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2004/11/30 20:15:26 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2004/11/30 19:26:04 | 04,289,024 | ---- | C] () -- C:\Program Files\trial_setup.msi
[2004/11/30 19:26:04 | 00,040,448 | ---- | C] () -- C:\Program Files\trial_setup.exe
[2004/11/30 19:26:04 | 00,000,777 | ---- | C] () -- C:\Program Files\trial_setup.ini
[2004/11/24 16:11:00 | 00,000,032 | ---- | C] () -- C:\WINDOWS\pwcd.INI
[2004/11/24 16:10:14 | 00,000,073 | ---- | C] () -- C:\WINDOWS\PasswordTools.INI
[2004/11/15 20:57:07 | 00,000,644 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/11/04 21:06:47 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/03 22:00:38 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll.bak
[2004/10/29 19:55:10 | 00,092,424 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/09/30 16:39:50 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p3now.sys
[2004/08/19 18:38:20 | 00,000,480 | ---- | C] () -- C:\WINDOWS\WEBEDIT.INI
[2004/08/19 18:33:42 | 00,000,277 | ---- | C] () -- C:\WINDOWS\ssce.ini
[2004/08/15 03:06:32 | 00,129,080 | ---- | C] () -- C:\WINDOWS\logow.sys
[2004/08/15 03:06:32 | 00,129,078 | ---- | C] () -- C:\WINDOWS\logos.sys
[2004/07/03 12:56:08 | 00,000,268 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\LMCPaper.dat
[2004/06/16 20:25:12 | 00,270,718 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/15 23:03:17 | 00,003,932 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\LMLayout.dat
[2004/06/14 00:11:11 | 00,211,968 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/13 23:41:33 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2004/06/12 16:10:23 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\AolIPInterfaceHistory.ini
[2004/06/12 14:13:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2004/06/12 14:10:49 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/12 14:10:49 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/06/12 12:20:05 | 00,000,020 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/12 05:22:01 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/12 05:02:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/06/12 05:01:59 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/06/12 05:01:18 | 00,060,034 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/06/12 05:01:18 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/06/12 05:01:08 | 00,298,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\ctdvda2k.sys
[2004/06/12 05:01:04 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/06/12 05:01:04 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/06/12 04:40:19 | 00,000,301 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2004/06/12 04:40:19 | 00,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/06/12 04:40:18 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/06/12 04:40:18 | 00,005,606 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/06/12 04:13:06 | 04,240,744 | -H-- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\IconCache.db
[2004/06/12 03:48:13 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2004/06/12 03:47:49 | 00,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2004/06/12 03:47:49 | 00,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2004/06/12 03:47:49 | 00,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
[2004/06/12 03:47:49 | 00,004,256 | ---- | C] () -- C:\WINDOWS\System32\LMStatus.ini
[2004/06/12 03:47:49 | 00,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
[2004/06/12 03:47:49 | 00,002,552 | ---- | C] () -- C:\WINDOWS\Ssds32.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew05.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew04.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew03.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew02.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
[2004/06/12 03:47:49 | 00,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
[2004/06/12 03:47:49 | 00,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
[2004/06/12 03:47:49 | 00,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2004/06/12 03:42:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Larry\Application Data\desktop.ini
[2004/06/11 20:10:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/01/22 14:00:28 | 00,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2002/09/03 12:11:56 | 00,000,826 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/03 12:06:05 | 00,000,399 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/03 11:27:33 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[1997/07/11 02:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 02:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users