Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Infected with X-force generator.exe


  • This topic is locked This topic is locked
42 replies to this topic

#1 saudades

saudades

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:sometimes houston sometimes rio
  • Local time:07:18 PM

Posted 25 October 2009 - 12:11 AM

Hi..

Two days ago my computer was attacked by a downloaded file called x-force generator.exe. Since then both firefox and ie redirect me to different sites. It doesn't seem to affect the computer in any other way and I can reboot without any problems and no blue screens so far. I ran several malware products to no avail. I was then redirected to this forum for help. I'm running vista.

Please, if you get a chance, take a look at my logs and lend me a hand. I really could use some help on this one.

Thank you so much.

DDS (Ver_09-10-24.03) - NTFSx86
Run by Bia at 23:55:37.98 on Sat 10/24/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {259F616C-A300-44F5-B04A-ED001A26C85C} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\program files\gbplugin\gbiehuni.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PCSync2.exe" /NoDialog
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: coair.com\esource
Trusted Zone: coair.com\mail
Trusted Zone: coair.com\mobile
DPF: Expense Report Solutions - hxxp://insidecoair:8080/expense/Exc.cab
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} - hxxp://sna.coair.com/HFACTX/HFDSP.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://mobile.coair.com/dana-cached/sc/JuniperSetupClient.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\program files\gbplugin\gbiehuni.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\bia\appdata\roaming\mozilla\firefox\profiles\yvrui5rc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\users\bia\appdata\roaming\mozilla\firefox\profiles\yvrui5rc.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll
FF - component: c:\users\bia\appdata\roaming\mozilla\firefox\profiles\yvrui5rc.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8873}\components\GbMzhUni.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-23 21:52:59 0 d-s---w- C:\ComboFix
2009-10-23 21:18:03 98816 ----a-w- c:\windows\sed.exe
2009-10-23 21:18:03 161792 ----a-w- c:\windows\SWREG.exe
2009-10-23 21:00:42 318976 ----a-w- c:\windows\system32\CF31391.exe
2009-10-23 20:08:22 0 d-----w- c:\program files\CCleaner
2009-10-23 19:24:57 0 d-----w- c:\programdata\Maxtor
2009-10-23 19:24:57 0 d-----w- c:\program files\Maxtor
2009-10-23 19:12:33 22528 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-23 18:49:49 0 d-----w- c:\program files\Trend Micro
2009-10-23 15:57:42 64 ----a-w- c:\windows\wininit.ini
2009-10-23 01:42:03 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-10-23 01:42:02 347648 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-10-23 01:42:01 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-10-23 01:41:58 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-10-23 01:41:58 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-10-23 01:40:59 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-23 01:40:54 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-23 01:34:09 1645568 ----a-w- c:\windows\system32\connect.dll
2009-10-22 23:46:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 18:35:10 236544 ----a-w- c:\windows\PEV.exe
2009-10-17 02:11:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 02:09:55 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-17 02:09:49 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-07 03:14:18 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 08:11:21 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-29 13:30:15 0 d-----w- c:\users\bia\Tracing
2009-09-29 13:27:00 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-29 13:25:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-29 13:23:25 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-29 13:22:56 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-29 13:20:21 0 d-----w- c:\program files\Microsoft
2009-09-29 13:20:02 0 d-----w- c:\program files\Windows Live SkyDrive
2009-09-29 13:15:26 0 d-----w- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-10-23 19:34:12 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-23 19:34:12 86016 ----a-w- c:\windows\inf\infpub.dat
2009-10-23 19:34:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-10 19:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-05 14:22:41 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:22:41 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-08-03 17:13:36 174 --sha-w- c:\program files\desktop.ini
2008-08-03 17:05:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-24 13:45:39 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 23:57:17.99 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:18 AM

Posted 01 November 2009 - 03:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 saudades

saudades
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:sometimes houston sometimes rio
  • Local time:07:18 PM

Posted 02 November 2009 - 08:05 AM

Hi...

Thanks for answering. Please don't close my topic. I'm out of town on business but will be home on Wednesday evening. My home pc is my problem! I'll post asap.

Thanks

Bia

#4 saudades

saudades
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:sometimes houston sometimes rio
  • Local time:07:18 PM

Posted 05 November 2009 - 07:52 PM

Hi....

Thanks for helping me.

OK. After I left to go out of town, my roomate has tried to " fix " this and used some applications.
I know have an icon for something called Prevx on my desktop.
The fixes that I tried last week were SuperAntiSpyware, Spybot, Avast, Malwarebytes. Everything ran but nothing was fixed. The browsers (both firefox and explorer) are still hijacked.
Nothing else seems to be wrong with the computer, it boots normally, i have no blue screens.
I will not do anything else to it until I hear from you.
Again.....Thanks a million for your help.
:(




otl log

OTL logfile created on: 11/5/2009 19:39:18 - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\Bia\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 44.99% Memory free
4.00 Gb Paging File | 2.29 Gb Available in Paging File | 57.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.82 Gb Total Space | 96.91 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 119.29 Gb Free Space | 51.22% Space Free | Partition Type: NTFS
Drive G: | 1.92 Gb Total Space | 1.37 Gb Free Space | 71.35% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIA-PC
Current User Name: Bia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/05 19:38:36 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\Bia\Desktop\OTL.exe
PRC - [2009/11/04 21:57:55 | 06,210,488 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/11/04 21:57:55 | 06,210,488 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/11/04 21:32:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/15 05:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/15 06:35:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/04/13 14:11:54 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 20:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/03/02 20:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/02/05 11:39:44 | 00,606,208 | ---- | M] (Picaboo) -- C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/13 13:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/06 17:41:27 | 00,040,960 | ---- | M] () -- C:\Program Files\GbPlugin\gbpsv.exe
PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/22 04:18:58 | 00,189,688 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/07 12:54:19 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/03/25 16:07:36 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/03/25 16:07:34 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/03/25 16:07:22 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/01/19 01:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 01:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 01:33:37 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2008/01/19 01:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 01:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 01:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 01:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 01:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 01:33:01 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/09/28 11:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/09/06 13:53:40 | 00,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/06/05 08:12:40 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2007/05/31 08:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2007/03/15 18:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/11/09 04:57:52 | 03,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/10/11 12:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/10/10 10:44:10 | 00,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
PRC - [2006/09/29 13:39:20 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 13:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/28 07:42:24 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 11:32:28 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/02/02 09:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2001/02/23 11:52:26 | 00,200,704 | R--- | M] (ACD Systems, Ltd.) -- C:\Program Files\ACD Systems\ImageFox\ImageFox.exe


========== Modules (SafeList) ==========

MOD - [2009/11/05 19:38:36 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\Bia\Desktop\OTL.exe
MOD - [2008/01/19 01:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (GbpSv)
SRV - File not found -- -- (CLTNetCnService)
SRV - [2009/11/04 21:57:55 | 06,210,488 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/29 13:04:48 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca107f77fb16b6)
SRV - [2009/07/29 13:04:16 | 00,190,448 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/15 06:35:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/13 13:17:38 | 00,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/22 04:18:58 | 00,189,688 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SdReadSpool)
SRV - [2008/06/19 19:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 19:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/19 19:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/05/30 11:32:16 | 00,572,416 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/05 14:45:28 | 00,106,496 | ---- | M] (PCTEL) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/03/05 14:45:26 | 00,118,784 | ---- | M] (PCTEL) -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 01:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 01:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/28 11:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/06/05 08:12:40 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/05/31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/13 20:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/02/28 01:00:14 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/02 06:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/01 12:58:02 | 00,078,752 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/09/29 13:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/09/11 17:02:44 | 00,544,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 17:01:04 | 00,167,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 16:56:32 | 00,075,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM)
SRV - [2006/09/11 16:56:20 | 00,188,416 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 11:32:28 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 00:47:56 | 00,026,624 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/05/10 10:13:52 | 00,029,696 | R--- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 21:57:56 | 00,046,768 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys -- (pxrts)
DRV - [2009/11/04 21:57:56 | 00,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2009/11/04 21:57:56 | 00,024,368 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2009/09/15 05:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 05:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 05:55:09 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/09/15 05:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/09/15 05:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/05 21:48:42 | 00,054,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/11 11:38:14 | 02,324,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2008/10/11 18:59:32 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/07/31 16:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/05/28 09:33:38 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 09:33:36 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 09:33:36 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/05/08 04:05:18 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:04:16 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 04:03:18 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/03/25 15:44:24 | 02,307,072 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/03/05 14:41:58 | 00,164,480 | ---- | M] (Sierra Wireless Inc.) -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2008/03/05 14:41:58 | 00,149,000 | ---- | M] (Sierra Wireless Inc.) -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00)
DRV - [2008/03/05 14:41:58 | 00,024,840 | ---- | M] () -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/03/05 14:41:48 | 00,038,680 | ---- | M] (PCTEL Inc.) -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2008/03/05 14:36:22 | 00,032,408 | ---- | M] (PCTEL Inc.) -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/01/18 23:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/18 23:56:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/01/18 22:25:04 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys -- (E100B)
DRV - [2008/01/15 02:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/10/18 06:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 16:04:40 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/09/17 14:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/09/06 15:30:24 | 00,194,048 | ---- | M] (Novatel Wireless Inc) -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/06/22 15:42:36 | 00,063,008 | ---- | M] (Juniper Networks) -- C:\Windows\System32\drivers\NEOFLTR_550_11905.sys -- (NEOFLTR_550_11905)
DRV - [2007/05/31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/03 12:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.) -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/09/29 05:59:58 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/07/13 11:14:16 | 00,004,608 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/06/19 08:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/12 10:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\S-1-5-21-1948554927-2718888113-1152609633-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\S-1-5-21-1948554927-2718888113-1152609633-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: esnipesnipeit@esnipe.com:1.0.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.7
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.7.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.7.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/29 06:26:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/04 21:32:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/04 21:32:55 | 00,000,000 | ---D | M]

[2008/08/01 19:49:57 | 00,000,000 | ---D | M] -- C:\Users\Bia\AppData\Roaming\Mozilla\Extensions
[2008/08/01 19:49:57 | 00,000,000 | ---D | M] -- C:\Users\Bia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/05 07:03:37 | 00,000,000 | ---D | M] -- C:\Users\Bia\AppData\Roaming\Mozilla\Firefox\Profiles\yvrui5rc.default\extensions
[2009/09/29 12:30:34 | 00,000,000 | ---D | M] -- C:\Users\Bia\AppData\Roaming\Mozilla\Firefox\Profiles\yvrui5rc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/28 20:14:54 | 00,000,000 | ---D | M] -- C:\Users\Bia\AppData\Roaming\Mozilla\Firefox\Profiles\yvrui5rc.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/08/14 12:07:50 | 00,000,000 | ---D | M] -- C:\Users\Bia\AppData\Roaming\Mozilla\Firefox\Profiles\yvrui5rc.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2009/01/23 10:04:55 | 00,000,000 | ---D | M] -- C:\Users\Bia\AppData\Roaming\Mozilla\Firefox\Profiles\yvrui5rc.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2009/05/07 03:33:10 | 00,000,000 | ---D | M] -- C:\Users\Bia\AppData\Roaming\Mozilla\Firefox\Profiles\yvrui5rc.default\extensions\esnipesnipeit@esnipe.com
[2009/08/21 22:46:59 | 00,005,407 | ---- | M] () -- C:\Users\Bia\AppData\Roaming\Mozilla\Firefox\Profiles\yvrui5rc.default\searchplugins\fast-browser-search.xml
[2009/06/27 15:38:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/04 21:32:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/11 09:08:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/11/04 21:32:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/04 21:32:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/06/19 03:16:24 | 00,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/06/19 03:16:24 | 00,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2008/11/06 10:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/12/10 18:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/11/04 21:32:53 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008/06/11 21:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/20 10:40:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/20 10:40:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/20 10:40:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/20 10:40:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/20 10:40:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/20 10:40:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/20 10:40:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/04/28 16:02:04 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/04/28 16:02:04 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/04/28 16:02:04 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/04/28 16:02:04 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/04/28 16:02:04 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/04/28 16:02:04 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/04/28 16:02:04 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (250435 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8730 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll File not found
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll (Banco Unibanco)
O3 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [imekrmig7.0] C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMSCMig] C:\Program Files\Common Files\microsoft shared\IME\IMSC40A\IMSCMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe File not found
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe File not found
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Bia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe (Picaboo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\..Trusted Domains: coair.com ([esource] https in Trusted sites)
O15 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\..Trusted Domains: coair.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\..Trusted Domains: coair.com ([mobile] https in Trusted sites)
O15 - HKU\S-1-5-21-1948554927-2718888113-1152609633-1001\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} http://sna.coair.com/HFACTX/HFDSP.CAB (HostFront ActiveX Display)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mobile.coair.com/dana-cached/sc/Jun...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Expense Report Solutions http://insidecoair:8080/expense/Exc.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.217.126.81 207.217.77.82
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll (Banco Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/04 10:48:54 | 00,000,124 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10585275-c003-11de-bc73-001a920bbc4b}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/05 19:38:35 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Users\Bia\Desktop\OTL.exe
[2009/11/05 00:00:42 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/04 21:57:57 | 00,053,136 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2009/11/04 21:57:56 | 00,030,280 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2009/11/04 21:57:56 | 00,024,368 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2009/11/04 21:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/11/04 21:08:15 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Users\Bia\Desktop\aswclear.exe
[2009/11/04 19:28:47 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Bia\Desktop\setup-spybotsd162.exe
[2009/11/04 19:23:52 | 00,046,768 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2009/11/04 19:23:17 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2009/11/04 19:23:17 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2009/11/04 19:15:55 | 21,036,792 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Bia\Desktop\drweb-cureit.exe
[2009/10/27 17:31:26 | 00,288,654 | ---- | C] ( ) -- C:\Users\Bia\Desktop\SafeBootKeyRepair.exe
[2009/10/26 19:18:51 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/26 19:18:51 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/26 19:18:51 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/26 19:18:51 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/26 19:18:34 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/26 19:18:34 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/26 19:18:34 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/26 19:18:25 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/26 19:18:25 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/23 16:10:44 | 00,472,064 | ---- | C] ( ) -- C:\Users\Bia\Desktop\RootRepeal.exe
[2009/10/23 15:52:59 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/23 15:38:56 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\Bia\Desktop\ATF-Cleaner.exe
[2009/10/23 15:18:03 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/23 15:18:03 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/23 15:18:03 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/23 15:18:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/23 15:00:42 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF31391.exe
[2009/10/23 14:08:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/23 14:07:56 | 01,066,456 | ---- | C] (Piriform Ltd) -- C:\Users\Bia\Desktop\ccsetup224_slim.exe
[2009/10/23 13:24:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Maxtor
[2009/10/23 13:24:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Maxtor
[2009/10/23 13:24:57 | 00,000,000 | ---D | C] -- C:\Program Files\Maxtor
[2009/10/23 12:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/23 12:49:36 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bia\Desktop\HJTInstall.exe
[2009/10/23 09:56:47 | 00,906,464 | ---- | C] (Prevx) -- C:\Users\Bia\Desktop\PREVXCSIFREE.EXE
[2009/10/22 19:46:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/22 19:42:03 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/10/22 19:42:02 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/10/22 19:42:01 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/10/22 19:41:58 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/10/22 19:41:58 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/10/22 19:40:59 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/10/22 19:40:54 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/10/22 19:34:09 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/10/22 19:16:06 | 09,092,032 | ---- | C] (Microsoft Corporation) -- C:\Users\Bia\Desktop\windows-kb890830-v3.0.exe
[2009/10/22 17:46:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/22 13:03:52 | 00,000,000 | ---D | C] -- C:\Users\Bia\AppData\Local\temp
[2009/10/16 20:11:12 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/16 20:10:41 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/16 20:10:41 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/16 20:10:40 | 01,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/16 20:10:38 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/16 20:10:37 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/16 20:10:36 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/16 20:10:36 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/16 20:10:35 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/16 20:10:35 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/16 20:10:34 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/16 20:10:34 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/16 20:10:32 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/16 20:10:32 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/16 20:10:28 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/16 20:10:11 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/16 20:10:09 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/16 20:10:01 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/16 20:09:55 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/16 20:09:49 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/06 21:14:18 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2008/10/11 18:59:32 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Bia\AppData\Roaming\pcouffin.sys
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/05 19:40:47 | 00,022,016 | ---- | M] () -- C:\Windows\System32\tdlwsp.dll
[2009/11/05 19:38:51 | 06,291,456 | -HS- | M] () -- C:\Users\Bia\NTUSER.DAT
[2009/11/05 19:38:36 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\Bia\Desktop\OTL.exe
[2009/11/05 19:36:20 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5D2D09C1-DDC7-425E-9739-AF95C67B60E8}.job
[2009/11/05 19:23:50 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 19:23:50 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 19:23:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/05 19:23:00 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/05 14:58:10 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/05 13:30:31 | 00,027,136 | ---- | M] () -- C:\Users\Bia\Desktop\Recurso Bia concurso.doc
[2009/11/05 13:30:09 | 00,027,136 | ---- | M] () -- C:\Users\Bia\Desktop\Backup of Recurso Bia concurso.wbk
[2009/11/05 06:52:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/05 03:24:54 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/05 03:24:54 | 00,603,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/05 03:24:54 | 00,104,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/05 03:19:31 | 00,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBia.job
[2009/11/05 03:19:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/05 03:17:30 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/05 03:17:10 | 00,524,288 | -HS- | M] () -- C:\Users\Bia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/05 03:17:10 | 00,065,536 | -HS- | M] () -- C:\Users\Bia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/05 03:17:08 | 06,291,456 | -H-- | M] () -- C:\Users\Bia\AppData\Local\IconCache.db
[2009/11/05 00:11:22 | 00,000,782 | ---- | M] () -- C:\Windows\System32\request.gzip
[2009/11/05 00:11:22 | 00,000,134 | ---- | M] () -- C:\Windows\System32\responseBody.xml
[2009/11/05 00:11:21 | 00,001,754 | ---- | M] () -- C:\Windows\System32\requestBody.xml
[2009/11/04 21:57:57 | 00,053,136 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2009/11/04 21:57:56 | 00,046,768 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2009/11/04 21:57:56 | 00,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2009/11/04 21:57:56 | 00,024,368 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2009/11/04 21:57:18 | 00,906,464 | ---- | M] (Prevx) -- C:\Users\Bia\Desktop\PREVXCSIFREE.EXE
[2009/11/04 21:34:37 | 00,000,015 | ---- | M] () -- C:\Users\Bia\Desktop\settings.dat
[2009/11/04 21:13:28 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/11/04 21:08:21 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Users\Bia\Desktop\aswclear.exe
[2009/11/04 19:36:22 | 00,001,057 | ---- | M] () -- C:\Users\Bia\Desktop\Spybot - Search & Destroy.lnk
[2009/11/04 19:29:10 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Bia\Desktop\setup-spybotsd162.exe
[2009/11/04 19:16:37 | 21,036,792 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Bia\Desktop\drweb-cureit.exe
[2009/10/27 17:31:30 | 00,288,654 | ---- | M] ( ) -- C:\Users\Bia\Desktop\SafeBootKeyRepair.exe
[2009/10/24 22:55:17 | 00,524,288 | ---- | M] () -- C:\Users\Bia\Desktop\dds.scr
[2009/10/23 16:10:46 | 00,472,064 | ---- | M] ( ) -- C:\Users\Bia\Desktop\RootRepeal.exe
[2009/10/23 15:39:15 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\Bia\Desktop\ATF-Cleaner.exe
[2009/10/23 15:06:32 | 03,351,787 | R--- | M] () -- C:\Users\Bia\Desktop\ComboFix.exe
[2009/10/23 14:31:06 | 00,250,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/10/23 14:08:22 | 00,001,672 | ---- | M] () -- C:\Users\Bia\Desktop\CCleaner.lnk
[2009/10/23 14:07:57 | 01,066,456 | ---- | M] (Piriform Ltd) -- C:\Users\Bia\Desktop\ccsetup224_slim.exe
[2009/10/23 13:26:04 | 00,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Maxtor Manager.lnk
[2009/10/23 12:49:49 | 00,001,876 | ---- | M] () -- C:\Users\Bia\Desktop\HijackThis.lnk
[2009/10/23 12:49:37 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bia\Desktop\HJTInstall.exe
[2009/10/23 10:53:32 | 00,001,356 | ---- | M] () -- C:\Users\Bia\AppData\Local\d3d9caps.dat
[2009/10/23 09:57:42 | 00,000,064 | ---- | M] () -- C:\Windows\wininit.ini
[2009/10/22 19:17:16 | 09,092,032 | ---- | M] (Microsoft Corporation) -- C:\Users\Bia\Desktop\windows-kb890830-v3.0.exe
[2009/10/22 12:58:33 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/10/21 23:16:16 | 00,088,064 | ---- | M] () -- C:\Users\Bia\Desktop\Copy of FINAL VERSION 2009 RPST SCHED.xls
[2009/10/19 08:25:09 | 03,584,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/13 16:04:42 | 00,093,599 | ---- | M] () -- C:\Users\Bia\Desktop\.jpg
[2009/10/12 20:42:10 | 00,053,345 | ---- | M] () -- C:\Users\Bia\Desktop\TaxReturnlittledale2008.pdf
[2009/10/12 13:15:12 | 00,150,736 | ---- | M] () -- C:\Users\Bia\Desktop\Card_Actual_480480.pdf
[2009/10/11 07:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009/10/11 01:15:41 | 00,088,064 | ---- | M] () -- C:\Users\Bia\Desktop\FINAL_VERSION_2009_RPST_SCHED.xls
[2009/10/07 09:50:02 | 00,000,321 | ---- | M] () -- C:\Windows\win.ini
[2009/10/07 09:41:00 | 00,150,584 | ---- | M] () -- C:\Users\Bia\AppData\Local\GDIPFONTCACHEV1.DAT
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 13:30:09 | 00,027,136 | ---- | C] () -- C:\Users\Bia\Desktop\Recurso Bia concurso.doc
[2009/11/05 13:30:09 | 00,027,136 | ---- | C] () -- C:\Users\Bia\Desktop\Backup of Recurso Bia concurso.wbk
[2009/11/04 22:06:42 | 00,022,016 | ---- | C] () -- C:\Windows\System32\tdlwsp.dll
[2009/10/24 22:55:16 | 00,524,288 | ---- | C] () -- C:\Users\Bia\Desktop\dds.scr
[2009/10/23 16:13:03 | 00,000,015 | ---- | C] () -- C:\Users\Bia\Desktop\settings.dat
[2009/10/23 15:43:30 | 06,291,456 | -H-- | C] () -- C:\Users\Bia\AppData\Local\IconCache.db
[2009/10/23 15:18:03 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/23 15:18:03 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/23 15:18:03 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/23 15:06:01 | 03,351,787 | R--- | C] () -- C:\Users\Bia\Desktop\ComboFix.exe
[2009/10/23 14:08:22 | 00,001,672 | ---- | C] () -- C:\Users\Bia\Desktop\CCleaner.lnk
[2009/10/23 13:59:58 | 00,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
[2009/10/23 13:59:57 | 00,002,445 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageFox.lnk
[2009/10/23 13:26:04 | 00,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Maxtor Manager.lnk
[2009/10/23 12:49:49 | 00,001,876 | ---- | C] () -- C:\Users\Bia\Desktop\HijackThis.lnk
[2009/10/23 09:57:42 | 00,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/22 12:35:10 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/13 16:04:26 | 00,093,599 | ---- | C] () -- C:\Users\Bia\Desktop\.jpg
[2009/10/12 20:42:10 | 00,053,345 | ---- | C] () -- C:\Users\Bia\Desktop\TaxReturnlittledale2008.pdf
[2009/10/12 13:15:12 | 00,150,736 | ---- | C] () -- C:\Users\Bia\Desktop\Card_Actual_480480.pdf
[2009/10/11 01:15:45 | 00,088,064 | ---- | C] () -- C:\Users\Bia\Desktop\FINAL_VERSION_2009_RPST_SCHED.xls
[2009/06/09 10:29:39 | 00,000,058 | ---- | C] () -- C:\Windows\System32\msadio.dll
[2009/03/13 14:22:12 | 00,001,032 | ---- | C] () -- C:\ProgramData\tmpF711.log
[2009/03/13 14:06:34 | 00,001,160 | ---- | C] () -- C:\ProgramData\tmpA6B1.log
[2009/03/03 09:12:22 | 00,001,356 | ---- | C] () -- C:\Users\Bia\AppData\Local\d3d9caps.dat
[2009/02/11 22:17:16 | 00,001,152 | ---- | C] () -- C:\ProgramData\tmp267B.log
[2009/02/11 22:12:38 | 00,006,757 | ---- | C] () -- C:\Users\Bia\AppData\Roaming\PrimoPDFSet.xml
[2008/12/22 23:36:39 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/12/21 17:35:50 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/12/11 20:02:25 | 00,021,240 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2008/12/11 20:02:25 | 00,013,560 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2008/11/29 17:35:26 | 00,120,320 | ---- | C] () -- C:\Windows\System32\Ltpnt13n.dll
[2008/11/29 17:35:24 | 01,684,480 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll
[2008/11/29 17:35:22 | 00,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2008/11/29 17:35:20 | 00,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2008/11/29 17:11:32 | 00,000,120 | ---- | C] () -- C:\Windows\WINRESAZ.INI
[2008/11/06 10:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 10:33:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/10/14 20:26:12 | 00,000,185 | ---- | C] () -- C:\Windows\pdf2word.INI
[2008/10/11 19:00:47 | 00,000,034 | ---- | C] () -- C:\Users\Bia\AppData\Roaming\pcouffin.log
[2008/10/11 18:59:32 | 00,007,887 | ---- | C] () -- C:\Users\Bia\AppData\Roaming\pcouffin.cat
[2008/10/11 18:59:32 | 00,001,144 | ---- | C] () -- C:\Users\Bia\AppData\Roaming\pcouffin.inf
[2008/10/09 23:54:42 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/07/08 16:31:55 | 00,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2008/07/06 18:04:00 | 00,000,091 | ---- | C] () -- C:\Users\Bia\AppData\Local\fusioncache.dat
[2008/06/25 07:32:30 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/06/24 18:45:48 | 00,000,691 | ---- | C] () -- C:\Users\Bia\AppData\Roaming\GetValue.vbs
[2008/06/24 18:45:48 | 00,000,035 | ---- | C] () -- C:\Users\Bia\AppData\Roaming\SetValue.bat
[2008/04/28 11:13:33 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/03/25 15:56:08 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/03/05 14:41:58 | 00,024,840 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/02/19 00:33:34 | 00,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/05 09:05:20 | 00,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/11/04 22:19:59 | 00,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI
[2007/11/03 14:29:26 | 00,075,400 | ---- | C] () -- C:\Users\Bia\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2007/10/30 19:17:21 | 00,000,350 | ---- | C] () -- C:\Users\Bia\AppData\Local\RAExpertHistory.xml
[2007/10/30 19:16:39 | 00,000,171 | ---- | C] () -- C:\Users\Bia\AppData\Local\rahistory.xml
[2007/10/22 15:26:47 | 00,000,167 | ---- | C] () -- C:\Windows\ConverterCore.INI
[2007/08/24 19:46:48 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/11 10:26:19 | 00,000,487 | ---- | C] () -- C:\Windows\WT.INI
[2007/08/10 07:34:15 | 00,000,375 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/09 13:37:52 | 00,000,760 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/08 22:33:22 | 00,087,040 | ---- | C] () -- C:\Users\Bia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/08 18:25:33 | 00,000,156 | ---- | C] () -- C:\Windows\Kpcms.ini
[2007/08/08 18:25:24 | 00,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2007/08/08 17:34:23 | 00,000,034 | ---- | C] () -- C:\Windows\AuthMgr.INI
[2007/08/08 17:27:15 | 00,150,584 | ---- | C] () -- C:\Users\Bia\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/05/16 13:06:49 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007/05/16 12:15:30 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/16 12:15:30 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 10:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/11/09 08:19:08 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 06:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 06:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 06:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:23:31 | 00,000,321 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 04:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 00:00:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 00:00:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 11:09:34 | 00,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/09/16 14:24:26 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/03/13 14:46:46 | 00,053,248 | R--- | C] () -- C:\Windows\System32\zlib.dll
[2001/09/21 05:00:38 | 00,040,960 | ---- | C] () -- C:\Windows\System32\InTouchViewer.dll
[2001/09/21 04:59:38 | 00,094,208 | ---- | C] () -- C:\Windows\System32\InTouchCOMClient.dll
[2001/09/17 08:49:22 | 00,421,888 | R--- | C] () -- C:\Windows\System32\XMLParser.dll
[2001/09/17 08:49:22 | 00,073,728 | R--- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2001/09/17 08:49:20 | 00,573,440 | R--- | C] () -- C:\Windows\System32\dbsock.dll
[2001/09/17 08:49:20 | 00,118,784 | R--- | C] () -- C:\Windows\System32\Transport.dll
[2001/09/17 08:48:54 | 00,503,808 | R--- | C] () -- C:\Windows\System32\lt_xtrans.dll
[2001/09/17 08:48:54 | 00,286,720 | R--- | C] () -- C:\Windows\System32\MrSIDD.dll
[2001/09/17 08:48:54 | 00,163,840 | R--- | C] () -- C:\Windows\System32\lt_common.dll
[2001/09/17 08:48:54 | 00,126,976 | R--- | C] () -- C:\Windows\System32\lt_trans.dll
[2001/09/17 08:48:54 | 00,069,632 | R--- | C] () -- C:\Windows\System32\lt_meta.dll
[2001/09/17 08:48:54 | 00,053,248 | R--- | C] () -- C:\Windows\System32\lt_encrypt.dll
[2001/09/17 08:48:54 | 00,020,480 | R--- | C] () -- C:\Windows\System32\lt_messagetext.dll
[2001/09/17 08:48:52 | 00,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys
[2001/09/17 08:48:48 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll
[2001/09/17 08:48:48 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll
[2001/09/17 08:48:48 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll
[2001/09/17 08:48:48 | 00,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll

========== Files - Unicode (All) ==========
[2008/09/02 14:19:56 | 00,000,000 | ---D | M](C:\Users\Bia\AppData\Roaming\???????sAppData) -- C:\Users\Bia\AppData\Roaming\敎潲䍄敔灭慬整sAppData
< End of report >

extras.txt

OTL Extras logfile created on: 11/5/2009 19:39:18 - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\Bia\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 44.99% Memory free
4.00 Gb Paging File | 2.29 Gb Available in Paging File | 57.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.82 Gb Total Space | 96.91 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 119.29 Gb Free Space | 51.22% Space Free | Partition Type: NTFS
Drive G: | 1.92 Gb Total Space | 1.37 Gb Free Space | 71.35% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIA-PC
Current User Name: Bia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AF291D-F6E3-498A-B516-650806B4BE19}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0790C899-582C-4076-9FE6-953F8818E0D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{160C4595-2977-4761-9BCE-944D23FB3DCF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{29C718B9-BE8D-431E-ACCC-3F6D93336CFD}" = lport=15511 | protocol=6 | dir=in | name=limewire |
"{2F260627-2FB9-44D2-AECA-D999A2320225}" = lport=2178 | protocol=6 | dir=in | app=system |
"{3592F21D-76EC-48D5-B805-3882D8B46C01}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{3891ECBB-54F9-4249-B050-D65C69F011F2}" = lport=58888 | protocol=17 | dir=in | name=pando p2p udp listening port |
"{42774E46-FBCC-48BC-AA94-7FA8982022AF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{431BDB37-E00B-4225-9DA8-4871C6634D21}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{54F6336B-9D7F-4132-A14A-C4FC08065218}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{59051E62-326D-464A-A5B7-85A904F6B0B1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5F561A88-B003-4A15-8CB7-48EBE8FE3DA0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{646D23CD-A89D-4283-B573-209DC744990F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{68AB51B0-660C-4C47-8F30-640602BE44A0}" = lport=17003 | protocol=6 | dir=in | name=utorrent |
"{7182A97D-7C00-4BEF-A635-1F3D022CF0D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D535E6F-9B3F-44C3-A250-439505486AA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7EC16D59-794B-45B3-BDC6-D05E84D669AD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7FB6F4AB-E879-424A-80CB-5DACF0AD8058}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{83CF8A80-84E6-4F1B-BDBC-9DFBFC5C57C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{83E54A49-E830-43B2-AD90-0524569964D8}" = lport=80 | protocol=6 | dir=in | app=system |
"{84378054-F0F6-4F64-A408-FEA9C351F12D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{880EB5D6-2235-48C5-AA6A-F65DB320D6CE}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{89555B41-9ED0-4D8A-A0A9-D836DAA6B830}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95C062DA-BEE4-4CF5-95B4-B01A46BB0FAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98978721-C274-49E6-831A-FF3A735933F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98AC264E-0E4F-4C4D-A092-526323AF332F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7415EFA-30C3-40E6-A778-57C19F56A9F9}" = lport=8097 | protocol=6 | dir=in | name=earthlink uhp modem support |
"{AAA4BA4A-C25B-4AE0-BB78-BD52EE0987DE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AF6E2EAA-2A0D-4526-8E29-3080BC021A62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AF9B9271-0BBC-4B7E-8A7E-95C62C027FAD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B4117461-44CD-4B9B-9EDC-4205E84252E1}" = rport=2178 | protocol=6 | dir=out | app=system |
"{B840EF4D-70C0-4D06-9C48-6E5DD80E7B27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{BA501EB5-87D3-4ACE-ADCD-3AD1119E390A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BD82F26A-626E-4D37-BC13-8E3A85CB88E4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{C1E5E0C3-2AF4-4E55-8EED-8050A5E6903A}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{C7398875-75E3-47D6-9532-9850C8D10A53}" = lport=58888 | protocol=6 | dir=in | name=pando p2p tcp listening port |
"{CCBEE7B6-8BA0-40F5-9A6A-C66D2A17A61D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CD769E29-8F80-4CB6-9FB5-8B5E87C1F36C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CF09C363-687C-436D-832D-96BE002624E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D5004DC9-D4F1-48F1-A840-F984AF2FE6BD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D81221EC-92B3-494A-A95E-A631BB3D28D6}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{D81A4175-65DB-4AB6-A37F-987DA73BB9E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DCD0A1F5-1C7E-4457-8B16-515EDAA6F87B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E70AC7BE-174A-496C-BA25-333D69338C38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EE192D50-A785-4C12-9C83-0EFDB279AE3B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FE2B0BAB-1623-4871-81D5-70B075182DC7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001CD20C-48D7-4AE7-8240-BDD5DDE5DBAA}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{0387DE56-AF7C-4641-92EA-D4E1876260FE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{06EEC08E-D4B3-4BCD-AACC-EB364B3170C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08748A0F-B75E-4114-B372-4F9139D572C3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{09180462-08CE-4460-8E03-22C45072B563}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{0A3BAE8E-ECF1-4C9B-8583-92751CBC15A6}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{0CD9DB00-9644-4C3A-88DD-FE4F609D9E53}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{10CEEF94-87FA-420E-8BC6-FEDFFE51EF69}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1257FE98-4660-4733-9879-31B5ECC2C38C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{126E31AD-59BF-41B7-B0D5-BFFBAEF03C86}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{1417C18D-EEF8-4796-A22E-0A881073DC40}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1693A8C9-7993-45A8-8B95-DF8C6A68F7C3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{23EBF913-8D91-486A-A4FC-560F0730D2DB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{26BE46CE-7DCB-405A-A3D3-3B7633EC4E35}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27564861-914D-43E7-ACDE-3932EDCF1700}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27864A84-FBAC-4807-B840-E579C45F643F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2907BE33-3961-49E5-B039-46D6B15F6C05}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{294F7175-F163-4BBB-BEC4-8C967719ABB8}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{2FDA00AF-72D0-47B5-B150-272826AE72C5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{31C4FC99-C303-4DFE-9B42-D4FDAF70287C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{383EBCE1-0E7A-4830-BAD9-CCD746A17CD9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{38E8AE0C-F883-4739-92F4-C2F18C415DDC}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{3B861EE6-5A9A-4130-9AFA-B3BCCD6BD33E}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{3C524B64-3398-4AE2-97E6-472D6ABA4255}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{3E4CA515-0837-4289-8D07-EEDB7C0B2E18}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{3EDF7FC0-0CE5-4F1C-B80B-DE7EEF9A55E1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{3F480514-ADD9-4E3F-8B34-CD990DC06A2C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{431909E8-E7D2-4FC9-9E04-D29BC76F46A3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4A6385DA-1704-471B-8017-4237CFE635E7}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{4B68574D-EFA1-4959-A069-54B09406C338}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5030302A-675C-41F1-B01B-F037FDC84A1E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{50B06179-D0D5-4EA2-80D8-3F11ABD9C2F3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{522F726A-D922-4889-A900-73B40C06AEAF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{572EF02A-FC34-4309-A20A-2BC607BA248D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6035D2F7-8A6A-4C5B-97FD-3704F33DA04D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6204293F-F1B1-43BB-A4E1-A069D49A4FE1}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{63911D8D-CC78-470E-9240-8E0FC4E21ECB}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{71B1935B-11D6-4E7A-924E-F887E4B299AB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{76C811F6-3DDE-4174-B83A-803BE7B0CFB8}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{7757FCD9-01A1-446D-8CDB-079848D2ADAF}" = protocol=6 | dir=out | app=system |
"{77CF3C79-A700-45E0-A42D-E71E416B2BB4}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{7911BFF0-D95B-4C1C-AAF3-C1FF9A414D2A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7F9B651F-5F06-4764-9DFF-6980BF20A4A7}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{824F8FD8-57CF-49B1-9C08-5A54A4A08CEF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8313BEDA-F762-432D-BBD5-1F41C804E5DE}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{8C99A47B-C4F3-4785-8B05-AAE470294422}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{8FFA4C42-DDA2-4A07-A437-4DC8F38B770D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{944576C3-F2EF-49C4-A4AA-31BEDE457A14}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9709FBA9-AD8B-4869-AEE9-D6264AEE1D56}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{A0048791-E1EB-468D-A4B9-74676BCC8CD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A09CDEA4-B7A8-4383-8929-974CA7DA5CE3}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{A874B98C-CA00-43C8-ABA5-42C1D215FDAB}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{AE94552E-86EA-4466-82A1-D03014141B94}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{B00C7E9C-2CDE-413E-8C8A-8850096651C1}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B4553EF3-35E3-44A6-8496-7F0AEA02566F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B4A0F934-EAF6-4A2C-8C6A-73D204E486B7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B4AD9EEA-007A-44C1-9232-68319B765B7A}" = protocol=17 | dir=in | app=c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxconfig.exe |
"{BAB10345-0A44-48C5-A7B8-F375264D7194}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC6E6CB0-44DB-4271-8E38-CAF8E263B95A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{BE33A64D-963D-49A2-B50E-90621590CA0A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C912B5DD-AFF8-4301-8599-832780F03A5A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CDDFC55A-A99A-4848-ADB1-FFF34F39BB5A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CF9570E9-53C8-4DB1-92D5-41690AC26E68}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D5AE754E-EA3A-4044-BD37-97CD2831E546}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DBFCC753-9E10-4AE8-8F29-F7000BA24785}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD505344-321B-472E-A59E-CB15C27906E2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DEF6574B-3C76-46EB-8B81-9954FACF100E}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{E9EF068C-DD17-4564-B9D4-86AF7FF7B5A1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EC7E3892-056C-4935-8BD6-A47928C5DA64}" = protocol=6 | dir=in | app=c:\program files\3ivx\3ivx mpeg-4 5.0.3\3ivxconfig.exe |
"{EDC42EC6-EA0A-43DF-BA03-A3999F327B0B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{EFD4F7DF-3472-461E-9514-348B6994856C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EFF1088A-DB5F-49A0-8DBB-B7B0CFA132D8}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{F109BC58-1B5F-49D9-8E1F-3230009BF1FE}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{F213D316-2A6B-426B-A739-7C6AF184B6EE}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{F4C3D48B-3F10-420A-B392-6D409F5CF2A0}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F97198B7-CC56-4440-889E-F7E770D4F225}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FE3BAF61-B681-45FB-91A9-624B22135705}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{FF36A809-8EB7-4656-900A-694772F8C518}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"TCP Query User{060BA512-555B-41B1-977D-ED240C13FB86}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{70A3AFAE-C05D-477F-B567-6C2599C9597B}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"TCP Query User{7204FA1E-3DD9-4BC6-A05D-D1D6A82BFE88}C:\program files\lphant\elephantclient.exe" = protocol=6 | dir=in | app=c:\program files\lphant\elephantclient.exe |
"TCP Query User{AC30DB8B-4E38-49E0-B3F8-AC467E7C59AD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{B303F4E1-AA37-425B-8E09-9819C2181CF1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CEF49071-01EE-44D3-91E1-1A6C1AE8D77F}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{20FE73E1-F49C-442E-9D15-8F9A71219102}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{3D6E944F-2914-4A6B-AF4F-C00B534FD82E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{7B48813E-6FD5-420C-B51A-5BD8B44C89C3}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{F2BA829F-22B1-401E-8CF9-F3098CE05BC3}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{F3F2AED0-AC4B-436C-A378-EBCE1C37EA89}C:\program files\lphant\elephantclient.exe" = protocol=17 | dir=in | app=c:\program files\lphant\elephantclient.exe |
"UDP Query User{FF2F96AB-5CAD-46F7-A686-D09EF576AAB2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{27040F24-7260-4BCE-B45F-E19B40970EEE}" = PE-DESIGN Ver.7
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40939C6D-8F27-40B8-9CBC-72701624185D}" = Redistributed Files
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.5
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62C71F70-52F1-4EED-9D55-1154132E499B}" = Picaboo 2.5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel Viiv Software
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7732DA71-2FB6-5C99-D0D9-58A2DB360895}" = FlipShare
"{7797C70B-11EB-446A-9B1E-3D9039DB581F}" = TotalAccess Core Applications
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92E64C51-5096-442F-9A44-61CB2941391D}" = ACDSee 4.0 PowerPack Suite
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}" = PC Connectivity Solution
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9FA93155-472F-4778-87A8-95244FD1535D}" = OLYMPUS Master 2
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B18D166F-6E14-45EA-A909-07DBFE15089D}" = SDL TRADOS 7 Freelance
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}" = Pando
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}" = SolidPDFCreator
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FC516A10-B335-4FB5-8EA2-0DB8E57E044C}" = Sprint SmartView
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF087B26-DD20-4DD0-B97F-0B08B76A04D1}" = Deal Info
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"ApecSoft 3GP Flash Video Converter_is1" = 3GP Flash Video Converter V1.33
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Core FTP LE 2.1" = Core FTP LE 2.1
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EarthLink TotalAccess 2004" = EarthLink Software
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"FileZilla Client" = FileZilla Client 3.2.0
"FineCount_is1" = FineCount 2.5
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Updater" = Google Updater
"Google Video Uploader" = Google Video Uploader
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"ImTOO iPod Movie Converter" = ImTOO iPod Movie Converter
"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"Intel® Configuration Center" = Intel Viiv Software
"iPod-Cloner_is1" = iPod-Cloner 1.50 Build 845
"IrfanView" = IrfanView (remove only)
"JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control
"LimeWire" = LimeWire PRO 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PCSI" = Prevx
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PrimoPDF4.1.0.9" = PrimoPDF
"PureVoice" = PureVoice 1.3.2
"QCP Converter" = QCP Converter
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"WildTangent hpdesktop Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Word Translator 97 Uninstall" = Word Translator 97
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1948554927-2718888113-1152609633-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"uTorrent" = Torrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.


Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.


Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: SessionID not found
- global map corrupted??, 000005D6.

Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
failed - client probably died, 000005D4.

Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
failed - client probably died, 000005D5.

Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.


Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: SessionID not found
- global map corrupted??, 000005D7.

Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
failed - client probably died, 000005D6.

Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.


Error - 10/7/2009 18:51:14 | Computer Name = Bia-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
failed - client probably died, 000005D7.

[ Application Events ]
Error - 3/13/2009 09:55:58 | Computer Name = Bia-PC | Source = Application | ID = 4096
Description =

Error - 3/13/2009 20:14:45 | Computer Name = Bia-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 3/13/2009 20:15:18 | Computer Name = Bia-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 3/15/2009 01:26:14 | Computer Name = Bia-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDSee.exe, version 4.0.0.526, time stamp 0x3bab3ad7,
faulting module ACDSee.exe, version 4.0.0.526, time stamp 0x3bab3ad7, exception
code 0xc0000005, fault offset 0x000093c9, process id 0x155c, application start time
0x01c9a418b8bbf36c.

Error - 3/15/2009 01:26:29 | Computer Name = Bia-PC | Source = Application Error | ID = 1000
Description = Faulting application ACDSee.exe, version 4.0.0.526, time stamp 0x3bab3ad7,
faulting module MFC42.DLL, version 6.6.8063.0, time stamp 0x4791a6f4, exception
code 0xc0000005, fault offset 0x00029321, process id 0x155c, application start time
0x01c9a418b8bbf36c.

Error - 3/18/2009 09:54:24 | Computer Name = Bia-PC | Source = Application | ID = 4096
Description =

Error - 3/24/2009 22:18:31 | Computer Name = Bia-PC | Source = Application | ID = 4096
Description =

Error - 3/24/2009 23:07:03 | Computer Name = Bia-PC | Source = Application | ID = 4096
Description =

Error - 3/25/2009 17:56:19 | Computer Name = Bia-PC | Source = Application | ID = 4096
Description =

Error - 3/28/2009 00:22:54 | Computer Name = Bia-PC | Source = Application | ID = 4096
Description =

[ Media Center Events ]
Error - 6/8/2008 19:19:52 | Computer Name = Bia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 08:21:48 | Computer Name = Bia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/9/2008 01:42:03 | Computer Name = Bia-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/10/2008 01:47:30 | Computer Name = Bia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/28/2008 15:37:57 | Computer Name = Bia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 09:53:48 | Computer Name = Bia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/4/2009 23:31:33 | Computer Name = Bia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/5/2009 05:16:45 | Computer Name = Bia-PC | Source = DCOM | ID = 10010
Description =

Error - 11/5/2009 05:19:31 | Computer Name = Bia-PC | Source = HTTP | ID = 15016
Description =

Error - 11/5/2009 05:19:47 | Computer Name = Bia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/5/2009 05:49:57 | Computer Name = Bia-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/5/2009 06:26:29 | Computer Name = Bia-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/5/2009 07:38:27 | Computer Name = Bia-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/5/2009 08:06:11 | Computer Name = Bia-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/5/2009 08:30:53 | Computer Name = Bia-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/5/2009 08:52:13 | Computer Name = Bia-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:18 AM

Posted 06 November 2009 - 04:26 AM

Hi,

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 saudades

saudades
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:sometimes houston sometimes rio
  • Local time:07:18 PM

Posted 06 November 2009 - 11:10 AM

Hi ....

I wasnt able to run ComboFix. It made my computer crash. I had a screen that said c:windows\system312\ninoteli.dll was trying to attach itself to combofix and that i should make a note of it. It also stated that my antivirus was still on when I had turned it off. Anyway, after stage 3 it crashed. I wasnt able to get back on windows nomally so i had to go back on safemode. I tried running combofix from there but it crashed again. To get back on to normal mode I had to restore computer to 3am this morning when windows ran an update.
What can I do now?
thanks and sorry for the trouble.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:18 AM

Posted 06 November 2009 - 11:13 AM

Hi,

please try downloading a new copy and renaming it before saving it:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • rename it to fun.exe
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 saudades

saudades
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:sometimes houston sometimes rio
  • Local time:07:18 PM

Posted 06 November 2009 - 12:15 PM

hi...

that worked.... :(

i've attached the log.

thanks

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:18 AM

Posted 06 November 2009 - 01:28 PM

No you haven't :(

Please attach the log or post it directly in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 saudades

saudades
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:sometimes houston sometimes rio
  • Local time:07:18 PM

Posted 06 November 2009 - 04:41 PM

duh...i guess i didn't click upload.... :(

i'm so sorry!

Attached Files


Edited by saudades, 06 November 2009 - 04:42 PM.


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:18 AM

Posted 07 November 2009 - 10:49 AM

Hi,

please run gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

And a scan with SystemLook:
Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    [codex] :filefind
    ninoteli*[/codex]
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 saudades

saudades
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:sometimes houston sometimes rio
  • Local time:07:18 PM

Posted 08 November 2009 - 07:06 AM

system look log

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 06:01 on 08/11/2009 by Bia (Administrator - Elevation successful)

No Context: [codex] :filefind

No Context: ninoteli*[/codex]

-=End Of File=-





gmer log

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 05:57:55
Windows 6.0.6001 Service Pack 1
Running: q7oqbgcp.exe; Driver: C:\Users\Bia\AppData\Local\Temp\ufldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x81C3A1CC]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0x81C3A206]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0x81C3A51A]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0x81C3A3F6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x81C3A292]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x81C3A18E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0x81C3A64E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x81C3A316]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x81C3A34E]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 3C4 826C5988 4 Bytes [CC, A1, C3, 81]
.text ntkrnlpa.exe!KeSetTimerEx + 454 826C5A18 4 Bytes [06, A2, C3, 81]
.text ntkrnlpa.exe!KeSetTimerEx + 624 826C5BE8 4 Bytes [1A, A5, C3, 81]
.text ntkrnlpa.exe!KeSetTimerEx + 640 826C5C04 4 Bytes [F6, A3, C3, 81]
.text ntkrnlpa.exe!KeSetTimerEx + 664 826C5C28 4 Bytes [92, A2, C3, 81]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[488] ntdll.dll!NtWriteFile 776B9278 5 Bytes JMP 6F6E5B50 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Windows\Explorer.EXE[488] kernel32.dll!CreateThread 774E46C8 5 Bytes JMP 6F6E5220 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747288B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747698A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7472B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7471FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74727A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7471EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7475B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7472BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7472074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747206B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747171B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747AD848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74747379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7471E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7471697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747169A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74722465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [72D9F563] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00860002
IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00860000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp NEOFLTR_550_11905.SYS

Device \Driver\iaStor \Device\Ide\iaStor0 [83238F8E] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [83238F8E] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\tdx \Device\Udp NEOFLTR_550_11905.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Program Files\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\Program Files\GbPlugin\GbpSv.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x88 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\x2039\x2039T\x20ac` 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\x2039\x2039\x201c\x008feQ 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xc:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@czz<h 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ah\x8d\x8f\x2013 1

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\iastor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:18 AM

Posted 08 November 2009 - 10:21 AM

Hi,

you are infected by a pretty nasty rootkit!
Sorry I messed up the search for SystemLook. Please run the following extended script instead:

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :filefind
     ninoteli*
    iastor.*
    :file
    C:\windows\system32\drivers\iastor.sys
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 saudades

saudades
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:sometimes houston sometimes rio
  • Local time:07:18 PM

Posted 08 November 2009 - 12:55 PM

Tell me there is hope for this....thanks for helping.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:47 on 08/11/2009 by Bia (Administrator - Elevation successful)

========== filefind ==========

Searching for "ninoteli*"
No files found.

Searching for "iastor.*"
C:\hp\DRIVERS\Intel_raid\iastor.cat --a--- 8518 bytes [18:17 16/05/2007] [04:58 13/10/2006] A45F28C0EA72DB0A25C6179C5083EC67
C:\hp\DRIVERS\Intel_raid\iastor.inf --a--- 5744 bytes [18:17 16/05/2007] [08:53 12/10/2006] CB16F7ABC4D5C7A4CD6EC759F52815A1
C:\hp\DRIVERS\Intel_raid\iastor.sys --a--- 250368 bytes [18:17 16/05/2007] [11:59 29/09/2006] E9F704CA833BD24BFAA3B4A59707633A
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\iastor.cat --a--- 8490 bytes [18:18 16/05/2007] [11:58 13/10/2006] F89297FF3C42F8DB521DB075E7FE8A38
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\iastor.inf --a--- 5744 bytes [18:18 16/05/2007] [15:58 12/10/2006] CB16F7ABC4D5C7A4CD6EC759F52815A1
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--- 495896 bytes [18:18 16/05/2007] [20:16 29/09/2006] C212BE4F068A02E54EB0CF6F5B23569B
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iastor.cat --a--- 8518 bytes [18:18 16/05/2007] [11:58 13/10/2006] A45F28C0EA72DB0A25C6179C5083EC67
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iastor.inf --a--- 5744 bytes [18:18 16/05/2007] [15:53 12/10/2006] CB16F7ABC4D5C7A4CD6EC759F52815A1
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys --a--- 250368 bytes [18:18 16/05/2007] [18:59 29/09/2006] E9F704CA833BD24BFAA3B4A59707633A
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6a23f079\iaStor.sys --a--- 250368 bytes [19:06 16/05/2007] [11:59 29/09/2006] E9F704CA833BD24BFAA3B4A59707633A
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0afadd92\iaStor.cat --a--- 8518 bytes [19:06 16/05/2007] [04:58 13/10/2006] A45F28C0EA72DB0A25C6179C5083EC67
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0afadd92\iastor.inf --a--- 5744 bytes [19:06 16/05/2007] [08:53 12/10/2006] CB16F7ABC4D5C7A4CD6EC759F52815A1
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0afadd92\iastor.PNF --a--- 14764 bytes [18:09 16/05/2007] [18:09 16/05/2007] 74FDF660212278FA1970122A2DC49412
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0afadd92\iaStor.sys --a--- 250368 bytes [19:06 16/05/2007] [11:59 29/09/2006] E9F704CA833BD24BFAA3B4A59707633A
C:\Windows\System32\drivers\iaStor.sys --a--- 250368 bytes [19:06 16/05/2007] [11:59 29/09/2006] E9F704CA833BD24BFAA3B4A59707633A

========== file ==========

C:\windows\system32\drivers\iastor.sys - File found and opened.
MD5: E9F704CA833BD24BFAA3B4A59707633A
Created at 19:06 on 16/05/2007
Modified at 11:59 on 29/09/2006
Size: 250368 bytes
Attributes: --a---
FileDescription: Intel Matrix Storage Manager driver
FileVersion: 6.2.0.2002
ProductVersion: 6.2.0.2002
OriginalFilename: iaStor.sys
InternalName: iaStor.sys
ProductName: Intel Matrix Storage Manager driver
CompanyName: Intel Corporation
LegalCopyright: Copyright© Intel Corporation 1994-2006
Comments:

-=End Of File=-

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:18 AM

Posted 08 November 2009 - 02:15 PM

Hi,

Please do the following:

Go to start=> Run. Copy and paste this command into the run box:
cmd /c copy C:\windows\system32\drivers\iaStor.sys C:\ /y >log.txt&log.txt

A log file opens. Post the content.
Afterwards:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0afadd92\iaStor.sys|C:\Windows\System32\drivers\iaStor.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users