Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think im infected,can you help me


  • This topic is locked This topic is locked
13 replies to this topic

#1 ed-e-dee

ed-e-dee

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:13 AM

Posted 31 December 2009 - 06:46 PM

Hi Guys,
Happy new year to you all from Australia.

Im having a few problems on my machine " i think i have a vitumonde in there somewhere.
sending a hjt log for you to see . as always appreciate your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:59 AM, on 1/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC4916] cmd.exe /c del "C:\WINDOWS\system32\vgmbjbzb.dll"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: Google Update Service (gupdate1ca2ebf1cf5972e) (gupdate1ca2ebf1cf5972e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12566 bytes
Eddee

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:13 PM

Posted 10 January 2010 - 07:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:13 AM

Posted 10 January 2010 - 06:19 PM

Hi myrti
Thank you for getting back to me , I do relise that you guys are very busy and at this time of the year xmas and all,

Ok. here goes you will have to bear with me as I'm not that savy with tech.wording.


OTL logfile created on: 11/01/2010 10:06:25 AM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 101.88 Gb Free Space | 54.68% Space Free | Partition Type: NTFS
Drive D: | 223.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPU
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/11 10:04:33 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/01/07 20:03:35 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/01/04 15:58:46 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/11/22 15:41:09 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/21 19:15:32 | 00,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/07/10 13:49:24 | 00,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/05/29 14:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 12:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/16 19:19:33 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsui.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/14 15:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/12/18 15:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/12/18 14:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/04/14 11:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007/08/09 18:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/04/16 16:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007/04/11 08:46:48 | 00,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/03 14:19:04 | 00,069,632 | ---- | M] () -- C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/09/01 15:57:48 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005/11/09 18:44:08 | 00,184,320 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
PRC - [2005/11/09 17:40:32 | 00,110,592 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
PRC - [2004/09/01 03:06:18 | 00,147,456 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2004/08/31 14:33:22 | 00,061,440 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
PRC - [2004/06/10 14:48:04 | 00,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe
PRC - [2001/10/08 12:59:36 | 00,049,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Fast.exe


========== Modules (SafeList) ==========

MOD - [2010/01/11 10:04:33 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/08/31 14:34:00 | 00,032,768 | ---- | M] (A4Tech Co., Ltd.) -- C:\WINDOWS\system32\Ikeyrfk8.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/22 15:41:09 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 17:55:57 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca2ebf1cf5972e) Google Update Service (gupdate1ca2ebf1cf5972e)
SRV - [2009/05/29 14:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 12:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/16 19:19:32 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 15:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/01/13 22:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/04/14 11:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/23 14:19:06 | 00,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/08/09 18:27:52 | 00,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/03 14:19:04 | 00,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe -- (DTSRVC)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/11/09 18:44:08 | 00,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2005/11/09 17:40:32 | 00,110,592 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2001/10/08 12:59:36 | 00,049,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\Fast.exe -- (InteractiveLogon)


========== Driver Services (SafeList) ==========

DRV - [2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/02 10:54:50 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/12/02 10:54:49 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/17 23:20:34 | 00,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/14 18:14:01 | 03,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/08 17:01:56 | 00,055,136 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/21 06:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008/09/24 11:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/20 00:34:22 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/14 05:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 05:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/27 14:49:00 | 00,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/11 08:46:48 | 01,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/11/03 14:21:22 | 00,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2006/10/04 10:15:06 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/04/13 11:04:39 | 00,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/13 11:04:39 | 00,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/13 11:04:39 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/02/14 16:02:56 | 00,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/08/16 22:17:01 | 00,015,360 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\TRIXX\TRIXXDriver.sys -- (TRIXX)
DRV - [2005/04/09 12:21:16 | 00,099,712 | R--- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/04/06 15:05:24 | 00,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/03/10 16:29:48 | 00,160,128 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/03/10 16:29:38 | 00,005,120 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/01/07 20:05:28 | 00,147,328 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2004/12/29 18:34:10 | 00,167,424 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2004/10/04 12:34:56 | 00,075,925 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2004/10/04 12:34:56 | 00,036,423 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2004/10/04 12:34:56 | 00,010,005 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2004/08/25 18:09:14 | 00,009,984 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2004/08/23 19:21:12 | 00,821,760 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:31:36 | 00,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/25 12:44:54 | 00,331,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004/05/12 13:28:10 | 00,012,416 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/12 02:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/09 15:46:00 | 00,044,544 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid)
DRV - [2003/03/31 23:00:00 | 00,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2003/03/31 23:00:00 | 00,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2003/03/31 23:00:00 | 00,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2003/03/31 23:00:00 | 00,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2003/03/31 23:00:00 | 00,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2003/03/31 23:00:00 | 00,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2003/03/31 23:00:00 | 00,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2003/03/31 23:00:00 | 00,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2003/03/31 23:00:00 | 00,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2003/03/25 20:50:46 | 00,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 18:14:46 | 00,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 20:19:08 | 00,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/08/14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/06/11 13:33:16 | 00,130,844 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2001/12/23 22:02:20 | 00,033,548 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2001/10/25 18:22:50 | 00,692,092 | R--- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es56hpi.sys -- (Edspport)
DRV - [2001/08/17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 14:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 14:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 14:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 14:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:50:48 | 00,104,064 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2000/03/29 17:11:20 | 00,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKU\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 78 FA 56 D8 6B CA 01 [binary data]
IE - HKU\S-1-5-21-1214440339-413027322-839522115-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1214440339-413027322-839522115-1003\S-1-5-21-1214440339-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-413027322-839522115-1003\S-1-5-21-1214440339-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1214440339-413027322-839522115-1003\S-1-5-21-1214440339-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.3.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q="
FF - prefs.js..browser.search.order.1: "BearShare Web Search"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 20:39:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 20:39:01 | 00,000,000 | ---D | M]

[2008/09/03 09:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/05/15 19:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0mjod6xp.default\extensions
[2009/12/25 22:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions
[2009/12/23 10:16:38 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/12/01 09:37:14 | 00,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/02/03 16:41:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/01 09:37:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\toolbar@alot.com
[2009/07/18 10:02:48 | 00,002,476 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\searchplugins\BearShareWebSearch.xml
[2009/12/20 20:16:35 | 00,002,149 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\searchplugins\MyStart Search.xml
[2008/09/06 16:27:48 | 00,000,273 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\searchplugins\search.xml
[2009/12/03 11:34:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/15 19:31:31 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/02/21 08:24:52 | 00,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/12/18 11:31:54 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009/12/02 19:11:44 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/02 19:11:44 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/02 19:11:44 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/02 19:11:44 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1214440339-413027322-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe (PCtel, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214440339-413027322-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1214440339-413027322-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1214440339-413027322-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-413027322-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1214440339-413027322-839522115-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-413027322-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-413027322-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214440339-413027322-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/29 01:46:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/09 14:47:54 | 00,000,030 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/11 10:05:49 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/08 22:14:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tina & eddie
[2010/01/04 22:10:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Scratch Tech
[2010/01/04 15:58:46 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/01/04 15:58:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/01/02 16:01:27 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/01/02 15:53:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nero8crack
[2010/01/01 14:26:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/01/01 09:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/12/31 07:48:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2009/12/30 18:22:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/12/30 18:21:58 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/12/30 15:44:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitZipper
[2009/12/30 15:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\BitZipper
[2009/12/23 10:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2009/12/23 10:16:30 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar
[2009/12/22 20:34:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder (2)
[2009/12/22 16:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\39380
[2009/12/22 16:05:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2009/12/22 16:05:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\BearShare
[2009/12/22 16:05:14 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx
[2009/12/20 16:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Status Quo
[2009/12/18 14:57:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Polish Olympic
[2009/12/15 06:15:14 | 02,146,304 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009/12/13 19:10:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ebay cloths
[2009/12/03 11:40:19 | 00,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
[2009/09/28 23:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/28 23:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/28 23:49:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/28 23:49:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/06 18:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/06 17:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/27 17:05:07 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2009/05/27 17:05:07 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2009/05/27 17:05:07 | 00,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2009/03/02 21:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2009/02/24 18:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/12/19 22:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/23 16:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/02/01 12:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HP
[2006/02/19 03:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2006/01/18 09:43:00 | 00,053,248 | R--- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll
[2005/10/04 18:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/11 10:04:33 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/11 09:50:51 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/11 09:48:40 | 00,002,500 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/11 09:48:09 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/11 09:47:54 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/01/11 09:47:53 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/11 09:47:48 | 00,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\IQHQI.job
[2010/01/11 09:47:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/11 09:47:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/11 09:47:44 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/10 22:58:34 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/01/10 22:58:34 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/10 22:18:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/10 09:59:50 | 12,356,868 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/10 09:45:46 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BD0500D5-94D0-49A9-A55F-C28465FABBC6}.job
[2010/01/09 20:39:28 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/09 20:38:54 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/09 17:00:24 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Owner.job
[2010/01/07 22:42:50 | 00,009,747 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Audio1.nra
[2010/01/06 19:00:16 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Owner.job
[2010/01/06 11:45:35 | 00,027,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\torrentdownloads net &gt
[2010/01/04 22:07:31 | 00,000,153 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[2010/01/04 22:07:10 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/04 15:58:46 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/01/03 22:17:02 | 00,001,639 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/02 21:32:48 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cat.gif.lnk
[2010/01/02 21:32:41 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\begdog.gif.lnk
[2010/01/02 21:32:17 | 00,000,689 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fat man.gif.lnk
[2010/01/02 16:05:28 | 00,002,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/01/02 16:05:28 | 00,002,254 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2010/01/02 13:51:19 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$FTable.doc
[2010/01/02 13:51:04 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\UHFTable.doc
[2010/01/02 13:21:38 | 02,103,296 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/02 13:21:37 | 03,720,192 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/01 10:39:45 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/01/01 09:02:07 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2009/12/31 14:20:11 | 00,421,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/30 19:56:42 | 00,021,438 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Retrodance - The Greatest Dance Hits of the 80_'s amp
[2009/12/30 19:33:41 | 00,128,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/30 17:43:06 | 00,001,551 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/30 17:33:41 | 00,610,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/30 17:33:41 | 00,501,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/30 17:33:41 | 00,098,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/30 16:57:25 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CD&DVD Labeling Software.LNK
[2009/12/30 16:56:19 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2009/12/30 16:56:17 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2009/12/30 16:26:10 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New.ncd
[2009/12/30 15:44:31 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BitZipper.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 10:49:53 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/27 14:44:10 | 01,125,863 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Secure Gallery.mht
[2009/12/26 19:52:55 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/12/23 10:16:41 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/12/23 10:14:30 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/22 20:14:22 | 00,001,571 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/22 20:14:22 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/12/20 20:30:58 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/17 12:47:08 | 00,000,446 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/12/15 06:15:14 | 02,146,304 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009/12/13 18:25:52 | 00,002,443 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Publisher 2007.lnk
[2009/12/13 18:25:38 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/09 20:38:58 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/09 20:38:58 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/09 20:38:54 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/07 22:42:50 | 00,009,747 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Audio1.nra
[2010/01/06 11:43:11 | 00,027,464 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\torrentdownloads net &gt
[2010/01/04 15:58:46 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/01/02 21:32:48 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cat.gif.lnk
[2010/01/02 21:32:41 | 00,000,684 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\begdog.gif.lnk
[2010/01/02 21:32:17 | 00,000,689 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fat man.gif.lnk
[2010/01/02 16:05:28 | 00,002,364 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/01/02 16:05:28 | 00,002,254 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2010/01/02 13:51:19 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$FTable.doc
[2010/01/02 13:51:07 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\UHFTable.doc
[2010/01/01 10:39:45 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/01/01 09:02:07 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2009/12/30 19:56:42 | 00,021,438 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Retrodance - The Greatest Dance Hits of the 80_'s amp
[2009/12/30 16:59:32 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CD&DVD Labeling Software.LNK
[2009/12/30 16:26:10 | 00,002,473 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New.ncd
[2009/12/30 15:44:31 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BitZipper.lnk
[2009/12/30 14:55:52 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Nero_8_Crack.exe
[2009/12/27 14:43:35 | 01,125,863 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Secure Gallery.mht
[2009/12/26 19:52:55 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/12/22 20:11:08 | 21,470,12608 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/22 16:05:46 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Smiley.ico
[2009/11/03 22:05:10 | 00,041,984 | RHS- | C] () -- C:\WINDOWS\System32\vgmbjbzb.dll
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/27 17:05:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2009/05/27 17:05:12 | 00,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2009/05/27 17:05:10 | 00,331,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2009/05/22 17:08:59 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/05/15 21:53:07 | 00,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb
[2009/05/03 21:40:33 | 00,000,291 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/04/05 13:44:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2009/03/22 08:18:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\TrustDefender.dll
[2009/01/31 16:42:20 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\usb.dat
[2009/01/31 14:48:35 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/01/31 14:48:35 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/01/31 14:48:35 | 00,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2008/11/29 11:40:13 | 00,000,431 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2008/09/05 11:57:24 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/06/17 14:23:40 | 00,000,583 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Photosmart 3300 series1170293769_UI.log
[2008/06/17 14:23:40 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/06/17 14:23:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Photosmart 3300 series1170293769_PROTOCOL.log
[2008/06/17 14:23:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Photosmart 3300 series1170293769_API.log
[2008/02/25 15:39:39 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/02/13 20:32:30 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/02/13 20:31:35 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/02/10 21:10:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/01/30 13:57:18 | 00,000,679 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/01/26 16:44:48 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/23 08:57:08 | 00,667,648 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2008/01/23 08:57:08 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/23 08:57:08 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[2007/08/10 08:30:38 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/08/02 19:37:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/07/05 11:37:52 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2007/06/14 22:14:30 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/04/14 23:47:59 | 00,685,568 | ---- | C] () -- C:\WINDOWS\System32\msvcp50c.dll
[2007/02/03 16:46:19 | 00,001,639 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/02 20:56:18 | 00,026,476 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2007/02/02 20:56:18 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/02/02 20:56:06 | 00,002,047 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HPSU_48BitScanUpdate.log
[2007/02/02 20:56:06 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/02 20:51:01 | 00,000,348 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007/02/02 20:51:01 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/02/02 20:51:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007/02/02 20:50:35 | 00,002,816 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_InstantShareJPG.log
[2007/02/02 20:50:35 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/02/02 19:51:54 | 00,003,596 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_IZClosingDiscError.log
[2007/02/02 19:51:54 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/02/02 19:48:57 | 00,033,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2007/02/02 19:48:57 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/02/01 12:15:04 | 00,026,074 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/02/01 12:14:51 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/04/14 09:31:18 | 00,000,018 | ---- | C] () -- C:\WINDOWS\IFOLDER.INI
[2006/04/14 09:30:46 | 00,020,872 | ---- | C] () -- C:\WINDOWS\TSCTVFMO.INI
[2006/04/13 18:02:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2006/04/13 16:58:52 | 00,000,065 | ---- | C] () -- C:\WINDOWS\PIXELTV.INI
[2006/04/13 16:58:22 | 00,000,109 | ---- | C] () -- C:\WINDOWS\TSNV_I2C.INI
[2006/02/17 11:11:20 | 00,037,089 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2006/02/17 11:10:49 | 00,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[2006/02/17 11:10:49 | 00,102,400 | ---- | C] () -- C:\WINDOWS\japi.dll
[2006/01/04 19:21:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2006/01/04 19:20:02 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/12/15 10:42:16 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/10/28 19:32:26 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/12 21:09:15 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll
[2005/08/12 09:58:44 | 00,002,380 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/08/12 09:58:39 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/08/04 19:03:49 | 00,000,929 | ---- | C] () -- C:\WINDOWS\ENTPACK.INI
[2005/08/04 19:02:55 | 00,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2005/08/04 19:02:29 | 00,000,037 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/04/14 23:49:25 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/02/06 21:17:38 | 00,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/02/06 18:16:22 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/02/06 18:16:22 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/02/04 01:04:16 | 00,000,334 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2005/02/04 01:04:16 | 00,000,121 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2005/02/04 01:04:16 | 00,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2005/01/29 10:18:11 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/01/29 10:13:48 | 00,001,817 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/29 10:00:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2005/01/29 10:00:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2005/01/29 10:00:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI
[2005/01/29 09:39:19 | 00,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/29 09:14:01 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/01/29 09:13:55 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/01/29 01:59:40 | 00,108,024 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/01/29 01:59:40 | 00,033,373 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/01/29 01:57:38 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/04 11:56:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/29 14:47:28 | 00,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2004/05/18 21:20:50 | 00,622,592 | ---- | C] () -- C:\WINDOWS\System32\contfilt.dll
[2001/11/14 22:40:12 | 00,047,887 | ---- | C] () -- C:\WINDOWS\OptimizerXP.dll
[2001/10/08 13:24:26 | 00,148,544 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/10/08 12:59:46 | 00,016,960 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/04/03 22:00:00 | 00,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E30C701
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89E253FE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 11/01/2010 10:06:25 AM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 101.88 Gb Free Space | 54.68% Space Free | Partition Type: NTFS
Drive D: | 223.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPU
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]




BB Code Help Toggle Side Panel A[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhᩮabAnti薍T?鶉T?鶉oftwa뻩]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\kav\kav7.0\english\setup.exe" = C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup -- (Kaspersky Lab)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}" = RaidApplication
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F55F69B-FB6C-5157-A5DC-B8AC58048A1A}" = ATI Catalyst Install Manager
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1724C2C4-1DD8-4BA9-91BB-52E635F45B4F}" = Optimizer XP
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2A947CBB-4F5E-38D8-F49E-6C2C0D9D848E}" = Catalyst Control Center Graphics Previews Common
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30DE45EC-48B3-7617-193A-7B4CDCE18D22}" = Skins
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4ED47439-5232-4BBC-93F2-7BC895B56246}" = 3300
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{5C08205C-C9E0-A607-9EB1-EB0D7C5659B3}" = Catalyst Control Center Core Implementation
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}" = Powertoys For Windows XP
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{862546CA-19C6-4D42-A6EB-352820682FA3}" = VideoCAM Messenger
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A2EB5A-8446-1554-235A-D174E39AF4E5}" = Catalyst Control Center Graphics Full Existing
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98029732-5077-4E54-8A52-E03768126E43}" = Messenger 310
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-04-02
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48442EE-FF84-3A89-CA50-EA2D1C64733E}" = ccc-utility
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC1086AD-1635-01EF-3137-04AB16B46F9F}" = ccc-core-preinstall
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D01B4212-C867-9074-217D-B40BB5A578FE}" = Catalyst Control Center Graphics Full New
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1E44702-21F5-4918-B8A3-6D126D5BD33C}" = Windows Messenger 5.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D57C2ACB-4246-A901-8D8D-8DA9E311F086}" = ccc-core-preinstall
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DCFF3DB2-0E96-6DF5-DF22-AB1C18CF5E86}" = Catalyst Control Center Graphics Light
"{DE9D0AF5-08ED-70A5-66FA-4C3B3E2A85E8}" = Catalyst Control Center HydraVision Full
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F104E135-A5EF-9551-4924-2A7B94DDDADF}" = ccc-core-static
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB6D1D6-BD35-50E0-37B7-375BAB8E199B}" = CCC Help English
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"A4Tech iKeyWorks" = A4Tech iKeyWorks 7.64
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AnalogX DLLArchive" = AnalogX DLLArchive
"Ask Toolbar_is1" = Foxit Toolbar
"ATI Display Driver" = ATI Display Driver
"BearShare" = BearShare
"Belarc Advisor" = Belarc Advisor 7.2
"BitTorrent" = BitTorrent
"BitZipper_is1" = BitZipper 2009
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DG834" = DG834
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.0.5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"Installing HSP56 MicroModem Drivers" = HSP56 MR Drivers
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"InstallShield_{98029732-5077-4E54-8A52-E03768126E43}" = Messenger 310
"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"Secunia PSI" = Secunia PSI
"SiS VGA Driver" = SiS 651_661FX_741_760_M661FX_M661MX_M741_M760
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"ST6UNST #1" = CD/DVD Labeling Software 2.0
"SystemRequirementsLab" = System Requirements Lab
"TRIXX" = Sapphire TRIXX
"uTorrent" = µTorrent
"WheelMouse" = A4Tech iWheelWorks 7.64
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/01/2010 5:56:50 PM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

Error - 7/01/2010 6:52:40 PM | Computer Name = COMPU | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.7.2792, faulting module
winamp.exe, version 5.5.7.2792, fault address 0x0003efde.

Error - 8/01/2010 6:36:53 AM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

Error - 8/01/2010 10:00:19 PM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

Error - 9/01/2010 1:26:16 AM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

Error - 9/01/2010 5:26:03 AM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

Error - 9/01/2010 6:43:51 PM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

Error - 10/01/2010 6:00:11 AM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

Error - 10/01/2010 6:07:08 AM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

Error - 10/01/2010 6:48:11 PM | Computer Name = COMPU | Source = PctSpk | ID = 0
Description =

[ OSession Events ]
Error - 19/06/2009 4:16:32 AM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/06/2009 4:16:56 AM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/06/2009 4:17:03 AM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/12/2009 4:17:25 AM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/12/2009 2:21:36 AM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6415.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/12/2009 2:22:31 AM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6415.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/12/2009 2:22:38 AM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6415.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/01/2010 10:51:19 PM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/01/2010 7:57:44 AM | Computer Name = COMPU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/04/2005 9:42:04 AM | Computer Name = COMPU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Klif

Error - 13/04/2005 2:52:17 AM | Computer Name = COMPU | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the GhostStartService service
to connect.

Error - 13/04/2005 2:52:17 AM | Computer Name = COMPU | Source = Service Control Manager | ID = 7000
Description = The GhostStartService service failed to start due to the following
error: %%1053

Error - 13/04/2005 2:52:17 AM | Computer Name = COMPU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Klif


< End of report >
ttac

Dii
Eddee

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:13 PM

Posted 10 January 2010 - 06:36 PM

Hi,

what makes you think you have vundo? Are you getting pop-ups? Redirections?

Please run a scan with gmer for rootkits:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:13 AM

Posted 11 January 2010 - 04:22 AM

Hello.
I loaded BearShare and nothing but trouble, I could not get rid of the damb thing , I started lossing my home page ,getting popups,
my screenawould go into freeze, I kept running Spybot and it would say that a couple of trojons can't be moved,also ran Malwarebytes which told that
a virtumonde but could not remove it, why I don't know , but something was an overriding the system.
I had just had another problem, as I was writing this reply and went back to copy gmer.log everything went dead, I could not back into this forum with the log, I had to restart comp. and reopen BC only to find that there was an error and I was logged out.
Well I hope this is what you want.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-11 19:38:15
Windows 5.1.2600 Service Pack 3
Running: m4mtcrrk.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA599D0B0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB83F5000, 0x1B85E6, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0101F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00081b024e34
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00081b024e34 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00081b024e34 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\@DisplayName ??
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\@DeviceDesc ??
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\@ProviderName ???????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\@MFG ???
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\@ReinstallString 8.162.0.0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\@DeviceInstanceIds d:\install\driver\2kxp_inf\cx_26336.inf

---- EOF - GMER 1.0.15 ----
Eddee

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:13 PM

Posted 11 January 2010 - 08:13 AM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent, Bearshare). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Nero_8_crack.exe


The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


If you still need assistance please remove all cracked software from your system.

Please also download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:13 AM

Posted 11 January 2010 - 05:48 PM

Hello.
I seem to have problems when my kids come home for holidays my computer seems to get a hiding and I don't have enough knowledge about good or bad
programs.
I think I have deleted Nero crack, uTorrent,bittorrent but don't know about bearshare,


Malwarebytes' Anti-Malware 1.43
Database version: 3499
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/01/2010 9:38:56 AM
mbam-log-2010-01-12 (09-38-56).txt

Scan type: Quick Scan
Objects scanned: 149799
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\autorun.inf (Worm.Agent.H) -> Delete on reboot.

I ran mbam twice and 1 Worm? remained after reboot
Eddee

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:13 PM

Posted 11 January 2010 - 06:32 PM

Hi,

the detection by Malwarebytes seems to be a false positive. It should disappear, if you scan with no cd in your cd-drive. There are no worries there.

What makes you think you are still infected? The logs show a couple of leftovers, but nothing active.

If you want to get rid of bearshare please try to uninstall it with revo:
Use Revo Uninstaller:

1.Please download Revo Uninstaller.
2.Extract the ZIP file to a folder and run revouninstaller.exe from there! (You can copy that folder to an USB Mass storage drive and use it without any installation required!)
3.There are two ways to uninstall programs with Revo Uninstaller:
Important: Please, try to close the application you want to uninstall first!
Select the application in the list of installed applications and press the Uninstall button in the toolbar.
Right-click the application and click the Uninstall command in the displayed menu. Follow the instructions.

Please also run the following OTL fix:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    [2009/12/22 16:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\39380
    FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
    FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
    FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q="
    FF - prefs.js..browser.search.order.1: "BearShare Web Search"
    [2009/07/18 10:02:48 | 00,002,476 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\searchplugins\BearShareWebSearch.xml
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
let me know if that works,

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:13 AM

Posted 12 January 2010 - 12:25 AM

Hi myrti.
Well I hope I have got it all clear now ,I was not sure about OLT. whether I had done it right.


========== OTL ==========
Folder C:\Documents and Settings\All Users\Application Data\39380\ not found.
Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename
Prefs.js: "BearShare Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.bearshare.com/" removed from browser.startup.homepage
Prefs.js: "http://search.bearshare.com/webResults.html?src=ffb&q=" removed from keyword.URL
Prefs.js: "BearShare Web Search" removed from browser.search.order.1
File C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\searchplugins\BearShareWebSearch.xml not found.

OTL by OldTimer - Version 3.1.23.0 log created on 01122010_162213






OTL logfile created on: 12/01/2010 4:11:43 PM - Run 2
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 101.81 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPU
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
PRC - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe ( )
PRC - C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
PRC - C:\Program Files\A4Tech\Keyboard\Ikeymain.exe (A4Tech Co.,Ltd.)
PRC - C:\WINDOWS\vsnpstd.exe ()
PRC - C:\WINDOWS\system32\Fast.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\Ikeyrfk8.dll (A4Tech Co., Ltd.)


========== Win32 Services (SafeList) ==========

SRV - (KodakCCS) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (gupdate1ca2ebf1cf5972e) Google Update Service (gupdate1ca2ebf1cf5972e) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (DTSRVC) -- C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe ()
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MaxBackServiceInt) -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
SRV - (NTService1) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe ( )
SRV - (InteractiveLogon) -- C:\WINDOWS\System32\Fast.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (pdiddcci) -- C:\WINDOWS\system32\drivers\pdiddcci.sys (Portrait Displays, Inc.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation)
DRV - (TRIXX) -- C:\Program Files\TRIXX\TRIXXDriver.sys ()
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (RT2500USB) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (SIS163u) -- C:\WINDOWS\system32\drivers\sis163u.sys (SiS Corporation)
DRV - (BT848) -- C:\WINDOWS\system32\drivers\wf2kvcap.sys (Leadtek Research Inc.)
DRV - (tv2ktunr) -- C:\WINDOWS\system32\drivers\wf2ktunr.sys (Leadtek Research Inc.)
DRV - (Tv2kXbar) -- C:\WINDOWS\system32\drivers\wf2kXbar.sys (Leadtek Research Inc.)
DRV - (Amps2prt) -- C:\WINDOWS\system32\drivers\Amps2prt.sys (A4Tech Co.,Ltd.)
DRV - (cmuda) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (snpstd) -- C:\WINDOWS\system32\drivers\snpstd.sys ()
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (SiSRaid) -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys (Windows ® 2000 DDK provider)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (SiSide) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems)
DRV - (Edspport) -- C:\WINDOWS\system32\drivers\es56hpi.sys (ESS Technology, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\system32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\system32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MASPINT) -- C:\WINDOWS\system32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 78 FA 56 D8 6B CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.3.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..browser.search.order.1: ""


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 20:00:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/14 09:54:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 20:39:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 20:39:01 | 00,000,000 | ---D | M]

[2008/09/03 09:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/09/03 09:59:35 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/05/15 19:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0mjod6xp.default\extensions
[2008/05/15 19:30:52 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0mjod6xp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/12/25 22:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions
[2009/12/23 10:16:38 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/12/01 09:20:37 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 09:37:14 | 00,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/02/03 16:41:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/01 09:37:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\extensions\toolbar@alot.com
[2009/12/20 20:16:35 | 00,002,149 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\searchplugins\MyStart Search.xml
[2008/09/06 16:27:48 | 00,000,273 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\99z819kb.default\searchplugins\search.xml
[2009/12/03 11:34:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/15 19:31:31 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/12/23 10:14:26 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/16 15:40:01 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2009/03/26 20:42:37 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/12/03 01:20:19 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/03 01:20:19 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/26 20:42:24 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/12/03 01:20:19 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/21 08:24:52 | 00,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010/01/09 20:39:01 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/09 20:39:01 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/09 20:39:01 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/09 20:39:01 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/09 20:39:01 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/09 20:39:01 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/09 20:39:01 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/12/18 11:31:54 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009/12/02 19:11:44 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/02 19:11:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/02 19:11:44 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/02 19:11:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/02 19:11:44 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/02 19:11:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/02 19:11:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/02 19:11:44 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe (PCtel, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/29 01:46:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/12 16:02:28 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/12 15:56:52 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/01/11 10:05:49 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/08 22:14:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tina & eddie
[2010/01/04 15:58:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/01/02 16:01:27 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/01/01 14:26:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/01/01 09:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/12/31 07:48:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2009/12/30 18:22:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/12/30 18:21:58 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/12/30 15:44:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitZipper
[2009/12/30 15:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\BitZipper
[2009/12/23 10:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2009/12/23 10:16:30 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar
[2009/12/22 20:34:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder (2)
[2009/12/22 16:05:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2009/12/22 16:05:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\BearShare
[2009/12/22 16:05:14 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx
[2009/12/20 16:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Status Quo
[2009/12/18 14:57:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Polish Olympic
[2009/12/15 06:15:14 | 02,146,304 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009/12/13 19:10:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ebay cloths
[2009/12/03 11:40:19 | 00,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
[2009/09/28 23:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/28 23:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/28 23:49:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/28 23:49:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/06 18:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/06 17:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/27 17:05:07 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2009/05/27 17:05:07 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2009/05/27 17:05:07 | 00,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2009/03/02 21:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2009/02/24 18:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/12/19 22:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/23 16:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/02/01 12:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HP
[2006/02/19 03:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2006/01/18 09:43:00 | 00,053,248 | R--- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll
[2005/10/04 18:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/12 15:56:53 | 00,000,935 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2010/01/12 15:51:54 | 01,114,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\revosetup.exe
[2010/01/12 15:18:03 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/12 15:17:36 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/12 15:15:25 | 00,002,500 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/12 15:14:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/12 15:14:39 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/01/12 15:14:38 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/12 15:14:32 | 00,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\IQHQI.job
[2010/01/12 15:14:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/12 15:14:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/12 15:14:28 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 11:57:09 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/12 11:57:08 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/01/12 11:42:10 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BD0500D5-94D0-49A9-A55F-C28465FABBC6}.job
[2010/01/12 09:26:02 | 12,357,800 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/11 20:43:39 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/11 19:37:42 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Owner.job
[2010/01/11 19:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Owner.job
[2010/01/11 16:46:15 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\m4mtcrrk.exe
[2010/01/11 10:04:33 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/09 20:39:28 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/09 20:38:54 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/07 22:42:50 | 00,009,747 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Audio1.nra
[2010/01/06 11:45:35 | 00,027,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\torrentdownloads net &gt
[2010/01/04 22:07:31 | 00,000,153 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[2010/01/03 22:17:02 | 00,001,639 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/02 21:32:48 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cat.gif.lnk
[2010/01/02 21:32:41 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\begdog.gif.lnk
[2010/01/02 21:32:17 | 00,000,689 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fat man.gif.lnk
[2010/01/02 16:05:28 | 00,002,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/01/02 16:05:28 | 00,002,254 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2010/01/02 13:51:19 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$FTable.doc
[2010/01/02 13:51:04 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\UHFTable.doc
[2010/01/02 13:21:38 | 02,103,296 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/02 13:21:37 | 03,720,192 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/01 10:39:45 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/01/01 09:02:07 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2009/12/31 14:20:11 | 00,421,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/30 19:56:42 | 00,021,438 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Retrodance - The Greatest Dance Hits of the 80_'s amp
[2009/12/30 19:33:41 | 00,128,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/30 17:43:06 | 00,001,551 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/30 17:33:41 | 00,610,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/30 17:33:41 | 00,501,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/30 17:33:41 | 00,098,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/30 16:57:25 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CD&DVD Labeling Software.LNK
[2009/12/30 16:56:19 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2009/12/30 16:56:17 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2009/12/30 16:26:10 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New.ncd
[2009/12/30 15:44:31 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BitZipper.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 10:49:53 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/27 14:44:10 | 01,125,863 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Secure Gallery.mht
[2009/12/26 19:52:55 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/12/23 10:16:41 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/12/23 10:14:30 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/22 20:14:22 | 00,001,571 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/22 20:14:22 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/12/20 20:30:58 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/17 12:47:08 | 00,000,446 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/12/15 06:15:14 | 02,146,304 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009/12/13 18:25:52 | 00,002,443 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Publisher 2007.lnk
[2009/12/13 18:25:38 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/12 15:56:53 | 00,000,935 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2010/01/12 15:51:52 | 01,114,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\revosetup.exe
[2010/01/11 16:46:12 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\m4mtcrrk.exe
[2010/01/09 20:38:58 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/09 20:38:58 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/09 20:38:54 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/07 22:42:50 | 00,009,747 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Audio1.nra
[2010/01/06 11:43:11 | 00,027,464 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\torrentdownloads net &gt
[2010/01/02 21:32:48 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cat.gif.lnk
[2010/01/02 21:32:41 | 00,000,684 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\begdog.gif.lnk
[2010/01/02 21:32:17 | 00,000,689 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fat man.gif.lnk
[2010/01/02 16:05:28 | 00,002,364 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/01/02 16:05:28 | 00,002,254 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2010/01/02 13:51:19 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$FTable.doc
[2010/01/02 13:51:07 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\UHFTable.doc
[2010/01/01 10:39:45 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/01/01 09:02:07 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2009/12/30 19:56:42 | 00,021,438 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Retrodance - The Greatest Dance Hits of the 80_'s amp
[2009/12/30 16:59:32 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CD&DVD Labeling Software.LNK
[2009/12/30 16:26:10 | 00,002,473 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New.ncd
[2009/12/30 15:44:31 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BitZipper.lnk
[2009/12/30 14:55:52 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Nero_8_Crack.exe
[2009/12/27 14:43:35 | 01,125,863 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Secure Gallery.mht
[2009/12/26 19:52:55 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/12/22 20:11:08 | 21,470,12608 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/22 16:05:46 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Smiley.ico
[2009/11/03 22:05:10 | 00,041,984 | RHS- | C] () -- C:\WINDOWS\System32\vgmbjbzb.dll
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/27 17:05:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2009/05/27 17:05:12 | 00,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2009/05/27 17:05:10 | 00,331,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2009/05/22 17:08:59 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/05/15 21:53:07 | 00,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb
[2009/05/03 21:40:33 | 00,000,291 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/04/05 13:44:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2009/03/22 08:18:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\TrustDefender.dll
[2009/01/31 16:42:20 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\usb.dat
[2009/01/31 14:48:35 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/01/31 14:48:35 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/01/31 14:48:35 | 00,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2008/11/29 11:40:13 | 00,000,431 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2008/09/05 11:57:24 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/06/17 14:23:40 | 00,000,583 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Photosmart 3300 series1170293769_UI.log
[2008/06/17 14:23:40 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/06/17 14:23:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Photosmart 3300 series1170293769_PROTOCOL.log
[2008/06/17 14:23:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Photosmart 3300 series1170293769_API.log
[2008/02/25 15:39:39 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/02/13 20:32:30 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/02/13 20:31:35 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/02/10 21:10:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/01/30 13:57:18 | 00,000,679 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/01/26 16:44:48 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/23 08:57:08 | 00,667,648 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2008/01/23 08:57:08 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/23 08:57:08 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[2007/08/10 08:30:38 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/08/02 19:37:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/07/05 11:37:52 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2007/06/14 22:14:30 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/04/14 23:47:59 | 00,685,568 | ---- | C] () -- C:\WINDOWS\System32\msvcp50c.dll
[2007/02/03 16:46:19 | 00,001,639 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/02 20:56:18 | 00,026,476 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2007/02/02 20:56:18 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/02/02 20:56:06 | 00,002,047 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HPSU_48BitScanUpdate.log
[2007/02/02 20:56:06 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/02 20:51:01 | 00,000,348 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007/02/02 20:51:01 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/02/02 20:51:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007/02/02 20:50:35 | 00,002,816 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_InstantShareJPG.log
[2007/02/02 20:50:35 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/02/02 19:51:54 | 00,003,596 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_IZClosingDiscError.log
[2007/02/02 19:51:54 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/02/02 19:48:57 | 00,033,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2007/02/02 19:48:57 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/02/01 12:15:04 | 00,026,074 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/02/01 12:14:51 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/04/14 09:31:18 | 00,000,018 | ---- | C] () -- C:\WINDOWS\IFOLDER.INI
[2006/04/14 09:30:46 | 00,020,872 | ---- | C] () -- C:\WINDOWS\TSCTVFMO.INI
[2006/04/13 18:02:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2006/04/13 16:58:52 | 00,000,065 | ---- | C] () -- C:\WINDOWS\PIXELTV.INI
[2006/04/13 16:58:22 | 00,000,109 | ---- | C] () -- C:\WINDOWS\TSNV_I2C.INI
[2006/02/17 11:11:20 | 00,037,089 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2006/02/17 11:10:49 | 00,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[2006/02/17 11:10:49 | 00,102,400 | ---- | C] () -- C:\WINDOWS\japi.dll
[2006/01/04 19:21:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2006/01/04 19:20:02 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/12/15 10:42:16 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/10/28 19:32:26 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/12 21:09:15 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll
[2005/08/12 09:58:44 | 00,002,380 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/08/12 09:58:39 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/08/04 19:03:49 | 00,000,929 | ---- | C] () -- C:\WINDOWS\ENTPACK.INI
[2005/08/04 19:02:55 | 00,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2005/08/04 19:02:29 | 00,000,037 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/04/14 23:49:25 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/02/06 21:17:38 | 00,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/02/06 18:16:22 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/02/06 18:16:22 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/02/04 01:04:16 | 00,000,334 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2005/02/04 01:04:16 | 00,000,121 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2005/02/04 01:04:16 | 00,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2005/01/29 10:18:11 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/01/29 10:13:48 | 00,001,817 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/29 10:00:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2005/01/29 10:00:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2005/01/29 10:00:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI
[2005/01/29 09:39:19 | 00,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/29 09:14:01 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/01/29 09:13:55 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/01/29 01:59:40 | 00,108,024 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/01/29 01:59:40 | 00,033,373 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/01/29 01:57:38 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/04 11:56:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/29 14:47:28 | 00,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2004/05/18 21:20:50 | 00,622,592 | ---- | C] () -- C:\WINDOWS\System32\contfilt.dll
[2001/11/14 22:40:12 | 00,047,887 | ---- | C] () -- C:\WINDOWS\OptimizerXP.dll
[2001/10/08 13:24:26 | 00,148,544 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/10/08 12:59:46 | 00,016,960 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/04/03 22:00:00 | 00,130,560 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E30C701
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89E253FE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Eddee

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:13 PM

Posted 12 January 2010 - 08:12 AM

Hi,

the log looks fine, Bearshare should be gone now. To check that no more infections are presetn, please run a scan with Eset:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:13 AM

Posted 12 January 2010 - 08:17 PM

Hi.

well i had trouble loading Eset and the other was grayedout so went to google and downloaded from there
I hope I have got it right for you.


C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1FCE5812-6A58-4F18-86AB-18758985D0C5} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\temp\NERO14182\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\Avatar (2009)\Avatar (2009).avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\Nero 8 Ultra Edition 8.1.1.4+KeyMaker\Nero-8.1.1.4_eng_update.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Documents and Settings\Owner\My Documents\My Videos\Avatar (2009).avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\Owner\My Documents\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Program Files\Uninstall Ask Toolbar.dll Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
Eddee

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:13 PM

Posted 12 January 2010 - 08:58 PM

Hi,

I believe we've reached the end then!

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  • Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:13 AM

Posted 12 January 2010 - 10:40 PM

Hello myrti.

Thank you for your time and efford in this matter.

regards
Eddee

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:13 PM

Posted 12 January 2010 - 10:44 PM

Heya,

glad we could help! :(

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users