Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netsky worm, rootkit, install "IDS" message malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 encio

encio

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 25 January 2010 - 08:27 PM

Hello,

I ran combofix which seems to have been successful in restoring order to my infected system but I am not sure if all is clear.

Yesterday, had some serious malware take over my system prompting me to install IDS virus protection to clear the virus and windows was showing warning messages, wallpaper replaced with malware notice, task manager button disabled, cmd window not opening, etc.
wacko.gif
After rebooting a message opened saying that I was infected with Netsky worm. I run Avast antivirus and ran it with the malware but I it wasn't detecting it.
crazy.gif
Not sure where I got it. I did open Azureus/Vuze yesterday to try and download a brazilian movie bitorrent and then I was clicking through a lot of images on different sites through images.google.com looking for some design graphics...
huh.gif
So, I backed-up my files and ran combofix but I wonder if infections linger.

Would anyone be so kind as to look at my combofix log attached? Or do I need to run RootRepeal and DDS to get those logs first as well?

Kindest Regards,
Encio

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 01 February 2010 - 07:08 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS or GMER log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  1. Click on the My Controls link at the top of the page to enter your control panel.
  2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE

PS> Please copy and paste the log into your reply instead of attaching it. It makes it easier for us to work with and also allows it to be searchable for others that have similar problems.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 encio

encio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 06 February 2010 - 05:35 PM

Hello etevares,

Thank you for your assistance with this.

I have attached the DDS log but I had a little trouble running the GMER. It has an error in its start-up as it scans (before I ran the scan myself).

I also tried in Safe mode but no luck.

Kind Regards

Attached Files

  • Attached File  DDS.txt   20.57KB   16 downloads


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 07 February 2010 - 08:36 AM

Hello, encio.
Ok, you are definitely infected with some malware. Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!
I am a senior trainee, so my fix will be checked by a staff member. This may result in an extra day before I can reply.



The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case Azereus/Vuze). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Step 1

Next, please RE-download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as encioCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on encioCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.



Step 2

In your reply, please reply with:
  • The Combofix log (please copy and paste into your reply instead of attaching it).
  • A description of any remaining issues.
  • I also notice you have a proxy server set up. Some malware can do this automatically. Did you set up a proxy server yourself? Please let me know in your reply.

Edited by etavares, 07 February 2010 - 08:37 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 encio

encio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 February 2010 - 01:56 PM

Hi etavares,

1. Combofix log pasted below
2. Remaining symptoms
I think performance is a little reduced at times, nothing dramatic. I did see the Blue screen of death yesterday and I don't think I have seen it before with this computer in 2 years or so, except last week dealing with the malware. Yesterday, I was in the verification stage of running Nero BackItUp and I think I had Firefox, Chrome and Winamp running.

3. Proxy server. I don't remember setting that up. I don't need for anything I am aware of.

I uninstalled Azureus.

Thank you kindly for your help.

ComboFix 10-02-07.01 - enzo 02/07/2010 10:01:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1156 [GMT -8:00]
Running from: c:\documents and settings\enzo\Desktop\encioCF.exe
AV: avast! antivirus 4.8.1335 [VPS 100129-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DUMETERSVC
-------\Service_DUMeterSvc


((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-01-27 05:20 . 2010-01-27 05:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-27 05:02 . 2010-01-27 05:02 -------- d-----w- c:\windows\system32\scripting
2010-01-27 05:02 . 2010-01-27 05:02 -------- d-----w- c:\windows\system32\en
2010-01-27 05:02 . 2010-01-27 05:02 -------- d-----w- c:\windows\l2schemas
2010-01-27 05:02 . 2010-01-27 05:02 -------- d-----w- c:\windows\system32\bits
2010-01-26 17:55 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2010-01-26 17:53 . 2008-04-13 18:36 5888 ------w- c:\windows\system32\drivers\smbali.sys
2010-01-26 17:52 . 2004-08-04 06:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-26 17:51 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2010-01-26 17:51 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2010-01-26 17:51 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2010-01-26 17:51 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2010-01-26 17:50 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2010-01-26 17:50 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2010-01-26 17:50 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2010-01-26 17:50 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2010-01-26 17:50 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2010-01-26 17:50 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2010-01-26 17:50 . 2008-04-14 00:11 191488 ------w- c:\windows\system32\iuengine.dll
2010-01-26 17:50 . 2008-04-13 18:45 46592 ------w- c:\windows\system32\drivers\irbus.sys
2010-01-26 17:50 . 2008-04-13 18:43 9728 ------w- c:\windows\system32\comsdupd.exe
2010-01-26 17:47 . 2010-01-26 17:47 -------- d-----w- c:\windows\system32\KB905474
2010-01-26 17:47 . 2009-03-11 06:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-01-26 17:47 . 2009-03-11 06:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-01-26 16:20 . 2010-01-27 04:57 -------- d-----w- c:\windows\ServicePackFiles
2010-01-26 16:19 . 2010-01-26 17:59 -------- d-----w- c:\windows\ie8updates
2010-01-26 16:18 . 2010-01-26 16:18 -------- d-----w- c:\program files\MSXML 4.0
2010-01-26 07:25 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-26 07:25 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-26 07:25 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-26 07:25 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-26 07:25 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-26 07:25 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-26 07:14 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-26 07:14 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-26 07:14 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-26 07:14 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-26 07:14 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-26 07:14 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-26 07:14 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-26 07:14 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-26 07:14 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-26 07:14 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-26 07:14 . 2009-08-05 04:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-26 07:14 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-26 07:11 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-26 07:11 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-26 07:02 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-26 06:59 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-26 06:59 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-26 06:51 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-26 06:49 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-26 06:48 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-26 06:46 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2010-01-26 06:31 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-26 06:30 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-26 06:24 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-26 06:21 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-26 06:21 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-25 17:32 . 2010-01-25 17:32 -------- d-----w- c:\documents and settings\enzo\Application Data\Nero
2010-01-25 17:26 . 2010-01-25 17:27 -------- d-----w- c:\program files\Nero
2010-01-25 17:25 . 2010-01-25 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-25 17:25 . 2010-01-25 17:30 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 17:58 . 2010-02-07 03:31 -------- d-----w- c:\documents and settings\enzo\Application Data\.purple
2010-02-07 17:40 . 2006-04-25 06:11 -------- d-----w- c:\program files\Azureus
2010-02-07 03:39 . 2010-02-07 03:39 -------- d-----w- c:\documents and settings\enzo\Application Data\gtk-2.0
2010-02-07 03:30 . 2010-02-07 03:29 -------- d-----w- c:\program files\Aspell
2010-02-07 03:29 . 2010-02-07 03:28 -------- d-----w- c:\program files\Pidgin
2010-02-07 03:28 . 2010-02-07 03:28 -------- d-----w- c:\program files\Common Files\GTK
2010-02-06 22:03 . 2006-05-02 04:39 -------- d-----w- c:\documents and settings\enzo\Application Data\Skype
2010-02-06 22:01 . 2008-10-05 15:18 -------- d-----w- c:\documents and settings\enzo\Application Data\skypePM
2010-02-04 03:11 . 2008-12-24 06:46 -------- d-----w- c:\documents and settings\enzo\Application Data\Move Networks
2010-01-31 00:26 . 2006-04-28 05:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 19:48 . 2010-01-30 19:48 -------- d-----w- c:\documents and settings\enzo\Application Data\Facebook
2010-01-30 18:41 . 2010-01-30 18:40 -------- d-----w- c:\program files\Market Samurai
2010-01-28 03:11 . 2007-11-01 16:31 -------- d-----w- c:\program files\DU Meter
2010-01-26 05:48 . 2009-10-24 17:44 335082 ----a-w- c:\documents and settings\enzo\Local Settings\Application Data\cooliris-win-iefull-release-1.11.5.29501.en-US.msi
2010-01-24 19:47 . 2006-04-25 06:13 -------- d-----w- c:\documents and settings\enzo\Application Data\Azureus
2010-01-07 00:28 . 2010-01-07 00:28 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-07 00:23 . 2009-04-02 23:38 -------- d-----w- c:\program files\Windows Live
2009-12-24 00:34 . 2008-12-03 19:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 03:19 . 2006-05-07 03:02 -------- d-----w- c:\program files\Common Files\Real
2009-12-20 03:19 . 2009-12-20 03:19 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2004-11-07 18:58 . 2006-04-28 03:41 44151 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 23:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptrnbvz"="c:\windows\system32\?dobe\w?wexec.exe" [?]
"Eytqqf"="c:\documents and settings\enzo\My Documents\??pPatch\n?tepad.exe" [?]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]
"Google Update"="c:\documents and settings\enzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-26 133104]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-01 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-20 3165920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-07-19 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-20 198160]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2009-7-8 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Zend\\Zend Studio for Eclipse - 6.1.0\\ZendStudio.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\code\\eclipse\\eclipse.exe"=
"c:\\Documents and Settings\\enzo\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\enzo\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [8/6/2006 6:33 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [8/6/2006 6:33 PM 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/17/2008 6:03 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/17/2008 6:03 AM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/2/2009 3:46 PM 54752]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 1:06 AM 231424]
S3 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [7/9/2006 6:03 PM 467968]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 msftesql$ENZO;SQL Server FullText Search (ENZO);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [8/26/2005 1:00 PM 92880]
S3 MSSQL$ENZO;SQL Server (ENZO);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/14/2005 12:51 AM 28768528]
S3 SQLAgent$ENZO;SQL Server Agent (ENZO);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [10/14/2005 12:51 AM 318680]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [10/26/2006 1:45 PM 2799808]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2769905097-3725031549-2397689002-1006Core.job
- c:\documents and settings\enzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 22:03]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2769905097-3725031549-2397689002-1006UA.job
- c:\documents and settings\enzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 22:03]

2010-02-07 c:\windows\Tasks\User_Feed_Synchronization-{01BC681E-2025-46F9-B046-7001DF950205}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]

2010-02-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-26 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=es
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 192.168.114.3:4480
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.0\toolbars\ZendIEToolbar.dll/DebugNext.html
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
FF - ProfilePath - c:\documents and settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fastflip.googlelabs.com/search?q=wildlife
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\documents and settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\enzo\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\enzo\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\enzo\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\enzo\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\enzo\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\enzo\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio for Eclipse - 6.1.0\ZendStudio.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 10:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4CAB08]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf7318cb8
\Driver\atapi -> 0x8a4cab08
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf716dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf715ca0d
SendHandler -> NDIS.sys @ 0xf7170b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$ENZO]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:ENZO"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2010-02-07 10:36:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 18:36
ComboFix2.txt 2010-01-26 00:23

Pre-Run: 4,926,447,616 bytes free
Post-Run: 5,445,136,384 bytes free

- - End Of File - - 449C8CA906DD6CEA4EE0D90B9C008B9E


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 08 February 2010 - 07:02 AM

Hello, encio.
OK, we need to take a slightly different look. There are still signs of two infections present in the log. OTL will be a good tool to deal with both of them.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 encio

encio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 08 February 2010 - 10:00 PM

Hi etavares,

Ok, I have run the OTL and will paste the logs here.

Kind Regards.

OTL logfile created on: 2/8/2010 6:00:49 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\enzo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.93 Gb Total Space | 5.06 Gb Free Space | 7.67% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 1.25 Gb Free Space | 16.51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 146.38 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SIMU
Current User Name: enzo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/08 17:59:55 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\enzo\Desktop\OTL.exe
PRC - [2010/01/20 23:24:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\enzo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/01/15 20:10:46 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/08 14:14:28 | 000,045,603 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe
PRC - [2009/12/19 19:18:49 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/01 08:11:41 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/03/13 13:13:13 | 001,058,816 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2009/03/09 04:19:17 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/05 12:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 12:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 12:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 12:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 12:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/09/17 18:55:14 | 001,346,560 | ---- | M] (Marek Jasinski - www.FreeCommander.com) -- C:\Program Files\FreeCommander\FreeCommander.exe
PRC - [2008/08/29 08:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/03 15:04:00 | 001,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2008/06/21 07:00:44 | 000,574,976 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/10 09:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2005/12/13 14:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/12/12 11:39:52 | 000,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005/12/08 11:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/12/07 10:56:56 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/11/28 09:07:42 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/11/10 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/06/19 12:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


========== Modules (SafeList) ==========

MOD - [2010/02/08 17:59:55 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\enzo\Desktop\OTL.exe
MOD - [2008/04/13 09:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2005/11/30 15:31:34 | 000,282,624 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/05 12:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 12:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 12:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 12:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/03 13:18:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/21 05:33:00 | 003,208,008 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/08/29 08:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/31 14:16:28 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/11/10 09:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 13:45:00 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/05/05 21:41:03 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/12/18 16:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/28 09:07:42 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/10/14 00:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 00:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ENZO) SQL Server (ENZO)
SRV - [2005/10/14 00:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLAgent$ENZO) SQL Server Agent (ENZO)
SRV - [2005/10/14 00:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 00:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/08/26 13:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$ENZO) SQL Server FullText Search (ENZO)
SRV - [2005/04/03 22:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 10:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/04/11 16:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Disabled | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
SRV - [2000/08/05 23:50:20 | 007,442,493 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2000/08/05 23:50:18 | 000,303,170 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT)
SRV - [1999/12/01 10:38:28 | 000,467,968 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=es
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.114.3:4480

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://fastflip.googlelabs.com/search?q=wildlife"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6a
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 20:10:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 16:26:09 | 000,000,000 | ---D | M]

[2008/06/20 06:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Extensions
[2010/02/07 09:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions
[2009/12/26 10:54:02 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2008/11/20 19:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063}
[2009/12/26 10:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\firebug@software.joehewitt.com
[2009/12/26 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\piclens@cooliris.com
[2009/12/26 10:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\piclens@cooliris.com-trash
[2009/08/29 08:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\yslow@yahoo-inc.com
[2010/02/07 09:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/07 10:58:00 | 000,044,151 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\inspector.dll

O1 HOSTS File: ([2010/02/07 10:22:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [Eytqqf] C:\Documents and Settings\enzo\My Documents\ΑрpPatch\nοtepad.exe File not found
O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [Google Update] C:\Documents and Settings\enzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [Ptrnbvz] C:\WINDOWS\System32\Αdobe\wоwexec.exe File not found
O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Zend Studio - Debug current page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O8 - Extra context menu item: Zend Studio - Debug next page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} http://www.schaeffersresearch.com/Download/Cfx4Financial.cab (ChartFX Internet Financial Client 4.0)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/42.20/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} http://67.190.35.126/PlayerPT.cab (PlayerPT Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\enzo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\enzo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/25 02:16:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/25 19:33:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/08 17:59:50 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\enzo\Desktop\OTL.exe
[2010/02/07 10:44:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/06 19:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Application Data\gtk-2.0
[2010/02/06 19:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Application Data\.purple
[2010/02/06 19:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Aspell
[2010/02/06 19:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2010/02/06 19:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2010/02/01 22:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Desktop\Notes
[2010/01/30 11:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Application Data\Facebook
[2010/01/30 10:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/01/26 21:20:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/26 21:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/26 21:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/01/26 21:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/01/26 21:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/26 20:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/01/26 20:46:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/26 09:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/01/26 08:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/01/26 08:19:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/26 08:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/05/12 23:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/12 23:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/01 08:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
[2007/09/13 09:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/12/12 08:42:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/08/06 18:33:45 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2006/08/06 18:33:45 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2006/02/14 19:37:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/02/14 19:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/09/24 00:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/08 17:59:59 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01BC681E-2025-46F9-B046-7001DF950205}.job
[2010/02/08 17:59:55 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\enzo\Desktop\OTL.exe
[2010/02/08 17:58:39 | 000,002,573 | -HS- | M] () -- C:\hpqp.ini
[2010/02/08 00:13:15 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\news central.msam
[2010/02/08 00:00:30 | 013,107,200 | -H-- | M] () -- C:\Documents and Settings\enzo\NTUSER.DAT
[2010/02/07 23:56:03 | 001,249,280 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\plastic surgery.msam
[2010/02/07 23:52:42 | 000,743,424 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\hotels nicaragua.msam
[2010/02/07 23:45:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2769905097-3725031549-2397689002-1006UA.job
[2010/02/07 23:41:23 | 013,930,496 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\animal pictures.msam
[2010/02/07 10:23:28 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/02/07 10:23:10 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\enzo\Desktop\Quick Launch Buttons.lnk
[2010/02/07 10:22:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/07 10:22:56 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/02/07 10:22:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/07 10:22:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/02/07 10:17:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 10:17:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 10:17:36 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 10:16:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\enzo\ntuser.ini
[2010/02/07 09:58:31 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\enzo\.recently-used.xbel
[2010/02/06 19:16:39 | 1610,612,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/03 19:26:28 | 001,202,176 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\Secondaryanimal facts.msam
[2010/02/02 21:36:23 | 002,289,664 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\many things.msam
[2010/01/30 16:26:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/30 10:41:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2010/01/30 09:35:02 | 000,597,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/30 09:35:02 | 000,125,206 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/30 09:34:59 | 000,736,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/29 04:45:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2769905097-3725031549-2397689002-1006Core.job
[2010/01/27 22:55:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/26 21:38:26 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/26 21:19:38 | 000,461,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/26 20:53:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/26 19:32:58 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 18:42:39 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\Nero_C_drive_backup.nbt
[2010/01/25 21:48:51 | 000,335,082 | ---- | M] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-iefull-release-1.11.5.29501.en-US.msi
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/07 09:58:31 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\enzo\.recently-used.xbel
[2010/02/06 13:38:19 | 2145,636,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/04 19:35:02 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\enzo\My Documents\news central.msam
[2010/01/30 16:26:09 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/30 10:41:09 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2010/01/26 18:42:39 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\enzo\My Documents\Nero_C_drive_backup.nbt
[2010/01/26 09:52:29 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/01/26 09:50:08 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/01/26 09:49:37 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/01/26 09:49:21 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/01/26 09:47:12 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/10/24 09:44:52 | 000,335,082 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-iefull-release-1.11.5.29501.en-US.msi
[2009/10/04 11:51:45 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\enzo\Application Data\TweetDeckFast_state.xml
[2009/06/30 22:16:32 | 002,118,144 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-ie-release-1.11.0.26762.en-US.msi
[2009/04/15 17:34:19 | 002,545,152 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2009/03/10 22:28:59 | 002,360,832 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-ie-release-1.9.2.21405.en-US.msi
[2009/02/20 20:13:24 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\windrv32.ini
[2009/01/28 16:59:25 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2009/01/28 16:57:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/01/28 16:56:06 | 000,003,791 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2009/01/28 16:55:57 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2009/01/28 16:55:56 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2009/01/28 16:55:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2009/01/28 16:55:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2008/12/09 10:00:25 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/01 08:46:43 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/06/23 20:28:10 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/23 20:28:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/17 11:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/11/10 09:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/11/10 09:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/11/06 10:52:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/11/06 10:52:15 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/11/06 10:52:14 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/08/12 08:47:33 | 000,000,429 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/07/09 17:15:35 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2006/07/09 17:15:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2006/05/22 20:24:12 | 000,003,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/14 12:42:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2006/05/07 08:53:49 | 000,021,266 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2006/05/05 17:40:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/02 20:38:42 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/29 22:03:58 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/04/29 22:03:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/04/27 21:28:38 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/27 19:50:20 | 000,000,742 | ---- | C] () -- C:\WINDOWS\SUPERLEX.INI
[2006/04/27 18:55:58 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/04/25 01:38:34 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\fusioncache.dat
[2006/04/24 21:09:10 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/04/24 21:09:10 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/04/24 21:08:38 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/04/24 21:08:38 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/04/24 21:08:35 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/02/14 20:36:05 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/14 20:32:29 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/14 20:13:03 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/14 19:58:55 | 000,028,802 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/14 19:52:09 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 02:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/22 15:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/07 05:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 11:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/03/21 11:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 11:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 11:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 11:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 11:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 11:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 11:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 20:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/08/23 11:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1997/06/25 12:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2006/05/01 20:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/09/13 08:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2006/07/09 17:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2007/11/01 08:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2006/02/14 20:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/05/03 19:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/04/24 23:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/01/29 15:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2010/02/08 17:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\.purple
[2006/11/03 21:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\ACD Systems
[2007/03/20 06:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\AnkhSVN
[2010/01/24 11:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Azureus
[2009/05/27 12:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Babylon
[2008/08/18 19:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Bullzip
[2008/01/26 08:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Canon
[2006/12/13 08:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\CoffeeCup Software
[2008/12/03 13:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/02/23 13:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\CoreFTP
[2006/07/27 19:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\ESRI
[2010/01/30 11:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Facebook
[2010/02/06 19:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\gtk-2.0
[2008/04/29 00:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\IsolatedStorage
[2008/06/25 12:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\JAlbum
[2008/11/21 18:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\KeePass
[2006/05/03 17:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Leadertech
[2009/03/07 15:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Lucis
[2009/09/13 13:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2006/11/16 22:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\muvee Technologies
[2008/06/16 07:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\MyGeneration Development Community
[2006/12/08 13:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\MyGeneration Software
[2008/08/22 06:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\MySQL
[2006/06/04 14:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Opera
[2006/12/02 13:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\OverDrive
[2006/05/14 20:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\RadLight Company
[2007/01/18 17:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Songbird
[2008/01/25 15:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Subversion
[2009/08/15 17:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/04/06 06:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\VoipStunt
[2006/05/05 17:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Walgreens
[2010/02/08 17:59:59 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{01BC681E-2025-46F9-B046-7001DF950205}.job
[2010/02/07 10:22:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/08/02 09:14:24 | 000,094,208 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\pskill.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/26 20:46:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/26 20:46:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 04:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/26 20:46:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/26 20:46:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


OTL Extras logfile created on: 2/8/2010 6:00:49 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\enzo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.93 Gb Total Space | 5.06 Gb Free Space | 7.67% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 1.25 Gb Free Space | 16.51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 146.38 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SIMU
Current User Name: enzo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio 2005 -- (Microsoft Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\FileZilla\FileZilla.exe" = C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.0\ZendStudio.exe" = C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.0\ZendStudio.exe:*:Enabled:ZendStudio -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\code\eclipse\eclipse.exe" = C:\code\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Documents and Settings\enzo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\enzo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\enzo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\enzo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0201B8AB-D2AB-4782-84A4-F6532860AB43}" = MySQL Workbench 5.0 OSS
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0BD99DC7-0ABF-9718-865F-695D94F42EDA}" = AdobeSupportAdvisor
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{176130BC-99A1-41FE-A78B-56045E33AD70}" = Cisco Systems VPN Client 4.8.02.0010
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005 (ENZO)
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{370BBA05-01E7-4BCC-9B38-E85DB8E13E11}" = Microsoft Silverlight 2 SDK
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{40F8FD5F-4701-48D6-A8FC-1F188007DF38}" = ArcGIS Desktop
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{53399dbc-9ec7-44d3-90bb-d5578b60ed67}" = Nero BackItUp 4 Essentials
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 5.1.6
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{766B3A7A-B5AE-33F5-9858-75E692799C84}" = Microsoft Visual Studio 2008 Team Explorer - ENU
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F56CF5D-0B27-40D2-AF2F-AD5436811B92}" = devGroupware.Net
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90560409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio for Enterprise Architects SR-1 [English]
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CC29C33-E90F-4BCF-A1DA-6F7E9859B06E}" = teoria 2.0 EV
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{ABB6AC00-F1D8-4EBF-8128-830D090B76C0}" = Microsoft SQL Server 2000 Sample Database Scripts
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE010205-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard
"{AF95557C-A14A-42D2-8C9D-E9650D1A8016}" = Asistente Prodigy
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B90E6024-C511-4B34-88BC-6DA46B0DECC4}" = TortoiseSVN 1.5.0.13316 (32 bit)
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C536BAE4-69AD-4E27-9D87-74DDAD231B7B}" = Microsoft Silverlight Tools for Visual Studio 2008 SP1 - ENU
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB30938E-2BCE-4837-9FEB-EB5DAB000235}" = LucisArt 3 ED/SE
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D8AEC024-E476-17FE-6D37-9EB1565F06F3}" = TweetDeck
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA82F09E-8991-313C-A015-061D1B14DE25}" = Cooliris for Internet Explorer
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F02598C2-2A5F-4593-8F09-439F3317B2C8}" = Sentinel System Driver 5.42.1 (32-bit)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132D6CE-1D5C-B0B4-1320-7814673D0B11}" = Market Samurai
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"ArcGIS License Manager" = ArcGIS License Manager
"Aspell Spanish Dictionary_is1" = Aspell Spanish Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Babylon" = Babylon
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DUMeter3_is1" = DU Meter
"Easy CD-DA Extractor 5.01" = Easy CD-DA Extractor 5.01
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1309] [2007-06-20]
"Fiddler2" = Fiddler2 (remove only)
"FileZilla" = FileZilla (remove only)
"FreeCommander_is1" = FreeCommander 2008.06c
"Getting to Know ArcGIS Desktop" = Getting to Know ArcGIS Desktop
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Houaiss" = Dicionário eletrônico Houaiss
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KeePass Password Safe_is1" = KeePass Password Safe 1.14
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2008 Team Explorer - ENU" = Microsoft Visual Studio 2008 Team Explorer - ENU
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyGeneration13" = MyGeneration 1.3 (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"RealPlayer 12.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Subversion_is1" = Subversion 1.4.3-r23084
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Rosetta Stone" = The Rosetta Stone
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall
"Zend Studio for Eclipse - 6.1.0" = Zend Studio for Eclipse - 6.1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/6/2006 4:45:11 PM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://192.168.1.1/indexHidden.htm failed, 0000A474.

Error - 6/26/2008 12:27:24 PM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\enzo\Local Settings\Temporary Internet Files\Content.IE5\V3MZJ0CB\slideticker[1].swf
failed, 0000A413.

Error - 10/10/2009 11:46:17 AM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\enzo\Local Settings\Temp\scoped_dir4681\TEMP_INSTALL\manifest.json
failed, 00000005.

Error - 10/27/2009 2:06:37 AM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\enzo\Local Settings\Temp\scoped_dir1769\TEMP_INSTALL\manifest.json
failed, 00000005.

Error - 11/7/2009 1:51:10 AM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.com/complete/search...en-US&q=lap failed,
0000A413.

Error - 11/7/2009 5:59:27 PM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://delivery.trafficjunky.net/batch.php failed, 0000A413.

Error - 11/7/2009 6:05:13 PM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://delivery.trafficjunky.net/batch.php failed, 0000A413.

Error - 11/9/2009 2:35:37 AM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://search.twitter.com/search.json?q=ri...e_id=5550279874
failed, 0000A413.

Error - 1/26/2010 2:56:09 AM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\fce832dd1c7ffe50f78c760e7ca256bc\BIT89.tmp
failed, 00000026.

Error - 1/26/2010 3:05:34 AM | Computer Name = SIMU | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\fce832dd1c7ffe50f78c760e7ca256bc\BIT89.tmp
failed, 00000026.

[ Application Events ]
Error - 2/6/2010 5:27:31 PM | Computer Name = SIMU | Source = Application Error | ID = 1000
Description = Faulting application wmi7fpy7.exe, version 1.0.15.15281, faulting
module wmi7fpy7.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/6/2010 5:28:07 PM | Computer Name = SIMU | Source = Application Error | ID = 1000
Description = Faulting application wmi7fpy7.exe, version 1.0.15.15281, faulting
module wmi7fpy7.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/6/2010 5:35:47 PM | Computer Name = SIMU | Source = Application Error | ID = 1000
Description = Faulting application wmi7fpy7.exe, version 1.0.15.15281, faulting
module wmi7fpy7.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/6/2010 5:45:05 PM | Computer Name = SIMU | Source = Google Update | ID = 20
Description =

Error - 2/6/2010 6:18:55 PM | Computer Name = SIMU | Source = Application Error | ID = 1000
Description = Faulting application wmi7fpy7.exe, version 1.0.15.15281, faulting
module wmi7fpy7.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/6/2010 6:18:59 PM | Computer Name = SIMU | Source = Application Error | ID = 1001
Description = Fault bucket 1699641377.

Error - 2/6/2010 6:19:11 PM | Computer Name = SIMU | Source = Application Error | ID = 1000
Description = Faulting application wmi7fpy7.exe, version 1.0.15.15281, faulting
module wmi7fpy7.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/6/2010 6:20:30 PM | Computer Name = SIMU | Source = Application Error | ID = 1000
Description = Faulting application wmi7fpy7.exe, version 1.0.15.15281, faulting
module wmi7fpy7.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/6/2010 6:24:57 PM | Computer Name = SIMU | Source = Application Error | ID = 1000
Description = Faulting application wmi7fpy7.exe, version 1.0.15.15281, faulting
module wmi7fpy7.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/6/2010 6:26:32 PM | Computer Name = SIMU | Source = Application Error | ID = 1000
Description = Faulting application wmi7fpy7.exe, version 1.0.15.15281, faulting
module wmi7fpy7.exe, version 1.0.15.15281, fault address 0x0005c887.

[ OSession Events ]
Error - 5/28/2009 7:17:08 PM | Computer Name = SIMU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/2/2009 6:06:22 PM | Computer Name = SIMU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/6/2010 5:33:56 PM | Computer Name = SIMU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD AmdK8 ASPI32 aswSP aswTdi eabfiltr eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
Tcpip
WS2IFSL

Error - 2/6/2010 5:34:08 PM | Computer Name = SIMU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/6/2010 5:37:20 PM | Computer Name = SIMU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/6/2010 5:37:27 PM | Computer Name = SIMU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/6/2010 6:39:54 PM | Computer Name = SIMU | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 2/7/2010 3:52:22 PM | Computer Name = SIMU | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 2/7/2010 4:09:06 PM | Computer Name = SIMU | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 2/7/2010 4:09:12 PM | Computer Name = SIMU | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 2/7/2010 4:36:03 PM | Computer Name = SIMU | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.

Error - 2/7/2010 11:50:15 PM | Computer Name = SIMU | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.


< End of report >


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 09 February 2010 - 04:00 PM

Hello, encio.
Ok, let's replace a likely infected file with a clean copy. Please print these instructions...you won't have access ot the internet in step 1.



Step 1
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.

At the prompt, please type this line then hit enter.
ren c:\windows\system32\drivers\atapi.sys c:\windows\system32\drivers\atapi.sys.bak

Note, if you get an error file not found, just skip this step. If you get an error Invalid command or something like that, post back here.

Next, type this bolded line and then hit enter.

expand c:\windows\servicepackfiles\i386\sp3.cab -f:atapi.sys c:\windows\system32\drivers\atapi.sys

You should see 1 file(s) expanded.

Next, type this bolded line, hit enter and your computer should reboot.
exit



Step 2
  1. Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    CODE
    @echo off
    cd\
    cd windows
    mbr.exe -t
    start mbr.log
  2. Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  3. Open your c:\folder and double-click on fixme.bat. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.



Step 3

Please reply back with the MBR log from Step 2.



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 encio

encio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 09 February 2010 - 10:25 PM

Hi etavares,

Here is my mbr.log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4EDAF8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a4edaf8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !


Should I run the fixmbr with the module id?

My Recovery console command line utilities are a slightly different version. I couldn't specify the path of the commands. So for example
ren c:\windows\system32\drivers\atapi.sys c:\windows\system32\drivers\atapi.sys.bak didn't work but
this was ok:
ren c:\windows\system32\drivers\atapi.sys atapi.sys.bak
and
expand c:\windows\servicepackfiles\i386\sp3.cab /f:atapi.sys atapi.sys
and then I copied the files to drivers folder.
I only mention it just in case I need to do some more things in the recovery console.

Thank you so much for your help.

Kindest regards.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 12 February 2010 - 07:03 AM

Hello, encio.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created at C:\TDSSKiller.txt please copy and paste the contents of that file in your reply.

Edited by etavares, 12 February 2010 - 07:03 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 encio

encio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 12 February 2010 - 08:58 PM

Hello etavares,

Here is the TDSKiller log:

17:54:19:640 3432 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
17:54:19:640 3432 ================================================================================
17:54:19:640 3432 SystemInfo:

17:54:19:640 3432 OS Version: 5.1.2600 ServicePack: 3.0
17:54:19:640 3432 Product type: Workstation
17:54:19:640 3432 ComputerName: SIMU
17:54:19:640 3432 UserName: enzo
17:54:19:640 3432 Windows directory: C:\WINDOWS
17:54:19:640 3432 Processor architecture: Intel x86
17:54:19:640 3432 Number of processors: 1
17:54:19:640 3432 Page size: 0x1000
17:54:19:640 3432 Boot type: Normal boot
17:54:19:640 3432 ================================================================================
17:54:19:656 3432 UnloadDriverW: NtUnloadDriver error 2
17:54:19:656 3432 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:54:19:656 3432 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
17:54:19:734 3432 UtilityInit: KLMD drop and load success
17:54:19:734 3432 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
17:54:19:734 3432 UtilityInit: KLMD open success
17:54:19:734 3432 UtilityInit: Initialize success
17:54:19:734 3432
17:54:19:734 3432 Scanning Services ...
17:54:19:734 3432 CreateRegParser: Registry parser init started
17:54:19:734 3432 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
17:54:19:734 3432 CreateRegParser: DisableWow64Redirection error
17:54:19:734 3432 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
17:54:19:734 3432 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
17:54:19:734 3432 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:54:19:734 3432 wfopen_ex: Trying to KLMD file open
17:54:19:734 3432 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
17:54:19:734 3432 wfopen_ex: File opened ok (Flags 2)
17:54:19:734 3432 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 394EB8
17:54:19:734 3432 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
17:54:19:734 3432 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
17:54:19:734 3432 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:54:19:734 3432 wfopen_ex: Trying to KLMD file open
17:54:19:734 3432 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
17:54:19:734 3432 wfopen_ex: File opened ok (Flags 2)
17:54:19:734 3432 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 394DA8
17:54:19:734 3432 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
17:54:19:734 3432 CreateRegParser: EnableWow64Redirection error
17:54:19:734 3432 CreateRegParser: RegParser init completed
17:54:20:359 3432 GetAdvancedServicesInfo: Raw services enum returned 407 services
17:54:20:375 3432 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
17:54:20:375 3432 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
17:54:20:375 3432
17:54:20:375 3432 Scanning Kernel memory ...
17:54:20:375 3432 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
17:54:20:375 3432 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A8F4210
17:54:20:375 3432 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects
17:54:20:375 3432
17:54:20:375 3432 DetectCureTDL3: DEVICE_OBJECT: 898DBC68
17:54:20:375 3432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 898DBC68
17:54:20:375 3432 KLMD_ReadMem: Trying to ReadMemory 0x898DBC68[0x38]
17:54:20:375 3432 DetectCureTDL3: DRIVER_OBJECT: 8A8F4210
17:54:20:375 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A8F4210[0xA8]
17:54:20:375 3432 KLMD_ReadMem: Trying to ReadMemory 0xE1019B78[0x18]
17:54:20:375 3432 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:54:20:375 3432 DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
17:54:20:375 3432 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
17:54:20:375 3432 DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
17:54:20:375 3432 DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
17:54:20:375 3432 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (9) addr: F74E82E2
17:54:20:375 3432 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (14) addr: F74E83BB
17:54:20:375 3432 DetectCureTDL3: IrpHandler (15) addr: F74EBF28
17:54:20:375 3432 DetectCureTDL3: IrpHandler (16) addr: F74E82E2
17:54:20:375 3432 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (22) addr: F74E9C82
17:54:20:375 3432 DetectCureTDL3: IrpHandler (23) addr: F74EE99E
17:54:20:375 3432 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:54:20:375 3432 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:54:20:375 3432 TDL3_FileDetect: Processing driver: Disk
17:54:20:375 3432 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:375 3432 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:390 3432 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
17:54:20:390 3432
17:54:20:390 3432 DetectCureTDL3: DEVICE_OBJECT: 89907030
17:54:20:390 3432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89907030
17:54:20:390 3432 KLMD_ReadMem: Trying to ReadMemory 0x89907030[0x38]
17:54:20:390 3432 DetectCureTDL3: DRIVER_OBJECT: 8A8F4210
17:54:20:390 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A8F4210[0xA8]
17:54:20:390 3432 KLMD_ReadMem: Trying to ReadMemory 0xE1019B78[0x18]
17:54:20:390 3432 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:54:20:390 3432 DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
17:54:20:390 3432 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
17:54:20:390 3432 DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
17:54:20:390 3432 DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
17:54:20:390 3432 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (9) addr: F74E82E2
17:54:20:390 3432 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (14) addr: F74E83BB
17:54:20:390 3432 DetectCureTDL3: IrpHandler (15) addr: F74EBF28
17:54:20:390 3432 DetectCureTDL3: IrpHandler (16) addr: F74E82E2
17:54:20:390 3432 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (22) addr: F74E9C82
17:54:20:390 3432 DetectCureTDL3: IrpHandler (23) addr: F74EE99E
17:54:20:390 3432 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:54:20:390 3432 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:54:20:390 3432 TDL3_FileDetect: Processing driver: Disk
17:54:20:390 3432 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:390 3432 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:406 3432 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
17:54:20:406 3432
17:54:20:406 3432 DetectCureTDL3: DEVICE_OBJECT: 8A888910
17:54:20:406 3432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A888910
17:54:20:406 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A888910[0x38]
17:54:20:406 3432 DetectCureTDL3: DRIVER_OBJECT: 8A8F4210
17:54:20:406 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A8F4210[0xA8]
17:54:20:406 3432 KLMD_ReadMem: Trying to ReadMemory 0xE1019B78[0x18]
17:54:20:406 3432 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:54:20:406 3432 DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
17:54:20:406 3432 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
17:54:20:406 3432 DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
17:54:20:406 3432 DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
17:54:20:406 3432 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (9) addr: F74E82E2
17:54:20:406 3432 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (14) addr: F74E83BB
17:54:20:406 3432 DetectCureTDL3: IrpHandler (15) addr: F74EBF28
17:54:20:406 3432 DetectCureTDL3: IrpHandler (16) addr: F74E82E2
17:54:20:406 3432 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (22) addr: F74E9C82
17:54:20:406 3432 DetectCureTDL3: IrpHandler (23) addr: F74EE99E
17:54:20:406 3432 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:54:20:406 3432 TDL3_FileDetect: Processing driver: Disk
17:54:20:406 3432 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:406 3432 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:406 3432 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
17:54:20:406 3432
17:54:20:406 3432 DetectCureTDL3: DEVICE_OBJECT: 8A885C68
17:54:20:406 3432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A885C68
17:54:20:406 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A885C68[0x38]
17:54:20:406 3432 DetectCureTDL3: DRIVER_OBJECT: 8A8F4210
17:54:20:406 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A8F4210[0xA8]
17:54:20:406 3432 KLMD_ReadMem: Trying to ReadMemory 0xE1019B78[0x18]
17:54:20:406 3432 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:54:20:406 3432 DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
17:54:20:406 3432 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
17:54:20:406 3432 DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
17:54:20:406 3432 DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
17:54:20:406 3432 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (9) addr: F74E82E2
17:54:20:406 3432 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (14) addr: F74E83BB
17:54:20:406 3432 DetectCureTDL3: IrpHandler (15) addr: F74EBF28
17:54:20:406 3432 DetectCureTDL3: IrpHandler (16) addr: F74E82E2
17:54:20:406 3432 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (22) addr: F74E9C82
17:54:20:406 3432 DetectCureTDL3: IrpHandler (23) addr: F74EE99E
17:54:20:406 3432 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:54:20:406 3432 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:54:20:406 3432 TDL3_FileDetect: Processing driver: Disk
17:54:20:406 3432 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:406 3432 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:421 3432 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
17:54:20:421 3432
17:54:20:421 3432 DetectCureTDL3: DEVICE_OBJECT: 8A82A618
17:54:20:421 3432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A82A618
17:54:20:421 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A82A618[0x38]
17:54:20:421 3432 DetectCureTDL3: DRIVER_OBJECT: 8A8F4210
17:54:20:421 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A8F4210[0xA8]
17:54:20:421 3432 KLMD_ReadMem: Trying to ReadMemory 0xE1019B78[0x18]
17:54:20:421 3432 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:54:20:421 3432 DetectCureTDL3: IrpHandler (0) addr: F74EDBB0
17:54:20:421 3432 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (2) addr: F74EDBB0
17:54:20:421 3432 DetectCureTDL3: IrpHandler (3) addr: F74E7D1F
17:54:20:421 3432 DetectCureTDL3: IrpHandler (4) addr: F74E7D1F
17:54:20:421 3432 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (9) addr: F74E82E2
17:54:20:421 3432 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (14) addr: F74E83BB
17:54:20:421 3432 DetectCureTDL3: IrpHandler (15) addr: F74EBF28
17:54:20:421 3432 DetectCureTDL3: IrpHandler (16) addr: F74E82E2
17:54:20:421 3432 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (22) addr: F74E9C82
17:54:20:421 3432 DetectCureTDL3: IrpHandler (23) addr: F74EE99E
17:54:20:421 3432 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:54:20:421 3432 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:54:20:421 3432 TDL3_FileDetect: Processing driver: Disk
17:54:20:421 3432 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:421 3432 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
17:54:20:421 3432 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
17:54:20:421 3432
17:54:20:421 3432 DetectCureTDL3: DEVICE_OBJECT: 8A82A030
17:54:20:421 3432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A82A030
17:54:20:421 3432 DetectCureTDL3: DEVICE_OBJECT: 8A82B1C8
17:54:20:421 3432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A82B1C8
17:54:20:421 3432 DetectCureTDL3: DEVICE_OBJECT: 8A862940
17:54:20:421 3432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A862940
17:54:20:421 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A862940[0x38]
17:54:20:421 3432 DetectCureTDL3: DRIVER_OBJECT: 8A8631B8
17:54:20:421 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A8631B8[0xA8]
17:54:20:421 3432 KLMD_ReadMem: Trying to ReadMemory 0xE18D63D0[0x1A]
17:54:20:421 3432 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
17:54:20:421 3432 DetectCureTDL3: IrpHandler (0) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (1) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (2) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (3) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (4) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (5) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (6) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (7) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (8) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (9) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (10) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (11) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (12) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (13) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (14) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (15) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (16) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (17) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (18) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (19) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (20) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (21) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (22) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (23) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (24) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (25) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: IrpHandler (26) addr: 8A508A78
17:54:20:421 3432 DetectCureTDL3: All IRP handlers pointed to one addr: 8A508A78
17:54:20:421 3432 KLMD_ReadMem: Trying to ReadMemory 0x8A508A78[0x400]
17:54:20:421 3432 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0
17:54:20:421 3432 KLMD_ReadMem: Trying to ReadMemory 0xF728D864[0x400]
17:54:20:421 3432 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
17:54:20:421 3432 TDL3_FileDetect: Processing driver: atapi
17:54:20:421 3432 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
17:54:20:421 3432 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
17:54:20:453 3432 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
17:54:20:453 3432
17:54:20:453 3432 Completed
17:54:20:453 3432
17:54:20:453 3432 Results:
17:54:20:453 3432 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:54:20:453 3432 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:54:20:453 3432 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:54:20:453 3432
17:54:20:453 3432 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
17:54:20:453 3432 UtilityDeinit: KLMD(ARK) unloaded successfully


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 13 February 2010 - 08:36 AM

Hello, encio.
OK encio, that MBR seems to be a false positive. That is good news as that infection is very bad. Sorry to spend so much time on ensuring it was a false positive, but that was very important.





Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :processes
    explorer.exe
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [Eytqqf] C:\Documents and Settings\enzo\My Documents\ΑрpPatch\nοtepad.exe File not found
    O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [Ptrnbvz] C:\WINDOWS\System32\Αdobe\wоwexec.exe File not found
    :Files
    c:\documents and settings\enzo\my documents\??ppatch\n?tepad.exe /u
    c:\windows\system32\?dobe\w?wexec.exe /u
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    :Commands
    [PURITY]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized




If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 encio

encio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 13 February 2010 - 12:43 PM

Hi etavares,

Excellent, making progress, I am very happy that it is going well.

Here are the logs. I didn't get three though. The first step generated the log, I will paste that first.

But the second step:
# Click the "Scan All Users" checkbox.
# Push the button "Run Scan"
# Two reports will open, copy and paste them in a reply here:

* OTListIt.txt <-- Will be opened
* Extra.txt <-- Will be minimized

It opened only "OTL.Txt" I have pasted it second below.

Kind Regards,

The log from step 1:

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Eytqqf deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Ptrnbvz deleted successfully.
========== FILES ==========
File\Folder c:\documents and settings\enzo\my documents\??ppatch\n?tepad.exe not found.
File\Folder c:\windows\system32\?dobe\w?wexec.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.28.0 log created on 02132010_091430





********************************************************************
Step 2 log
********************************************************************


OTL logfile created on: 2/13/2010 9:21:35 AM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\enzo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.93 Gb Total Space | 4.16 Gb Free Space | 6.31% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 4.68 Gb Free Space | 61.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 139.25 Gb Free Space | 29.90% Space Free | Partition Type: NTFS
Drive I: | 689.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SIMU
Current User Name: enzo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/08 17:59:55 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\enzo\Desktop\OTL.exe
PRC - [2010/01/15 20:10:46 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/12/19 19:18:49 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/04 09:47:54 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\enzo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/08/01 08:11:41 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/03/13 13:13:13 | 001,058,816 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2009/03/09 04:19:17 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/05 12:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 12:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 12:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 12:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 12:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/08/29 08:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/21 07:00:44 | 000,574,976 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/04/13 16:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/10 09:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2005/12/13 14:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/12/12 11:39:52 | 000,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005/12/08 11:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/12/07 10:56:56 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/11/28 09:07:42 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/11/10 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/06/19 12:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/09/29 10:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/02/08 17:59:55 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\enzo\Desktop\OTL.exe
MOD - [2008/04/13 09:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/05 12:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 12:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 12:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 12:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/03 13:18:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/21 05:33:00 | 003,208,008 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/08/29 08:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/31 14:16:28 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/11/10 09:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 13:45:00 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/05/05 21:41:03 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/12/18 16:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/28 09:07:42 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/10/14 00:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 00:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ENZO) SQL Server (ENZO)
SRV - [2005/10/14 00:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLAgent$ENZO) SQL Server Agent (ENZO)
SRV - [2005/10/14 00:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 00:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/08/26 13:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$ENZO) SQL Server FullText Search (ENZO)
SRV - [2005/04/03 22:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 10:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/04/11 16:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Disabled | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
SRV - [2000/08/05 23:50:20 | 007,442,493 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2000/08/05 23:50:18 | 000,303,170 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT)
SRV - [1999/12/01 10:38:28 | 000,467,968 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)


========== Driver Services (SafeList) ==========

DRV - [2009/12/17 15:02:34 | 000,123,280 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009/12/17 15:02:34 | 000,110,096 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009/12/17 15:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/12/17 15:02:34 | 000,041,616 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009/12/17 15:02:34 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/05 12:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 12:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 12:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 12:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 12:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 12:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/11/20 11:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 08:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/01/28 20:01:28 | 000,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/11/10 09:44:52 | 000,305,788 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/10/02 16:45:40 | 000,126,864 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2006/05/06 19:02:03 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/04/24 10:17:47 | 000,324,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl)
DRV - [2005/12/16 21:56:00 | 000,051,120 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/12/16 21:56:00 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/12/16 21:56:00 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/11/28 01:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 14:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 03:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/01 10:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/09/01 10:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2005/08/22 01:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 01:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 01:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 00:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 02:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 01:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 12:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/22 14:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 14:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 04:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/06/11 21:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/05/14 03:42:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/03/16 20:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/01/09 20:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 13:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2002/07/17 06:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2001/08/23 11:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 00:11:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=es
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.114.3:4480

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://fastflip.googlelabs.com/search?q=wildlife"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6a
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 20:10:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 16:26:09 | 000,000,000 | ---D | M]

[2008/06/20 06:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Extensions
[2010/02/10 22:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions
[2009/12/26 10:54:02 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2008/11/20 19:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063}
[2009/12/26 10:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\firebug@software.joehewitt.com
[2009/12/26 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\piclens@cooliris.com
[2009/12/26 10:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\piclens@cooliris.com-trash
[2009/08/29 08:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\enzo\Application Data\Mozilla\Firefox\Profiles\xnv4m5yo.default\extensions\yslow@yahoo-inc.com
[2010/02/10 22:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/07 10:58:00 | 000,044,151 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\inspector.dll

O1 HOSTS File: ([2010/02/07 10:22:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [Google Update] C:\Documents and Settings\enzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2769905097-3725031549-2397689002-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Zend Studio - Debug current page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O8 - Extra context menu item: Zend Studio - Debug next page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.0\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} http://www.schaeffersresearch.com/Download/Cfx4Financial.cab (ChartFX Internet Financial Client 4.0)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/42.20/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} http://67.190.35.126/PlayerPT.cab (PlayerPT Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\enzo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\enzo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/25 02:16:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/28 13:14:14 | 000,000,143 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/13 09:14:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/10 23:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\.VirtualBox
[2010/02/10 23:57:14 | 000,123,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2010/02/10 23:56:43 | 000,031,824 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\drivers\VBoxUSB.sys
[2010/02/10 23:56:39 | 000,041,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys
[2010/02/10 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/02/10 23:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Desktop\malware
[2010/02/09 10:58:42 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\atapi.sys
[2010/02/08 17:59:50 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\enzo\Desktop\OTL.exe
[2010/02/07 10:44:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/06 19:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Application Data\gtk-2.0
[2010/02/06 19:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Application Data\.purple
[2010/02/06 19:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Aspell
[2010/02/06 19:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2010/02/06 19:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2010/02/01 22:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Desktop\Notes
[2010/01/30 11:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Application Data\Facebook
[2010/01/30 10:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/01/26 21:20:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/26 21:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/26 21:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/01/26 21:02:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/01/26 21:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/26 20:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/01/26 20:46:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/26 09:55:04 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/01/26 09:54:53 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/01/26 09:54:53 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/01/26 09:54:53 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/01/26 09:54:53 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/01/26 09:54:52 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/01/26 09:54:51 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/01/26 09:54:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/01/26 09:54:45 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/01/26 09:54:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2010/01/26 09:54:29 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/01/26 09:54:06 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/01/26 09:54:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/01/26 09:53:55 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/01/26 09:53:54 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/01/26 09:53:54 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/01/26 09:53:54 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/01/26 09:53:54 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/01/26 09:53:54 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/01/26 09:53:54 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/01/26 09:53:53 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/01/26 09:53:53 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/01/26 09:53:53 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/01/26 09:53:53 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/01/26 09:53:51 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/01/26 09:53:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/01/26 09:53:35 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/01/26 09:53:34 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/01/26 09:53:31 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/01/26 09:53:31 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/01/26 09:53:28 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/01/26 09:53:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/01/26 09:53:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/01/26 09:53:20 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/01/26 09:53:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/01/26 09:53:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/01/26 09:52:49 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/01/26 09:52:47 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/01/26 09:52:44 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/01/26 09:52:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/01/26 09:52:20 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/01/26 09:52:20 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/01/26 09:52:20 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/01/26 09:52:19 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/01/26 09:52:19 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/01/26 09:52:18 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/01/26 09:52:18 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/01/26 09:52:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/01/26 09:52:17 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/01/26 09:52:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/01/26 09:52:09 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/01/26 09:51:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/01/26 09:51:01 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/01/26 09:51:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/01/26 09:51:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/01/26 09:50:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/01/26 09:50:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/01/26 09:50:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/01/26 09:50:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/01/26 09:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/01/26 09:50:25 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iuengine.dll
[2010/01/26 09:50:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2010/01/26 09:50:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/01/26 09:49:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/26 09:49:54 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2010/01/26 09:49:53 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2010/01/26 09:49:53 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/01/26 09:49:52 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2010/01/26 09:49:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/01/26 09:49:45 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/01/26 09:49:45 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/01/26 09:49:45 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/01/26 09:49:45 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/01/26 09:49:45 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/01/26 09:49:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/01/26 09:49:45 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/01/26 09:49:42 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/01/26 09:49:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/01/26 09:49:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/01/26 09:49:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/01/26 09:49:42 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/01/26 09:49:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/01/26 09:49:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/01/26 09:49:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/01/26 09:49:29 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/01/26 09:49:25 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/01/26 09:49:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/01/26 09:49:22 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/01/26 09:49:22 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/01/26 09:49:21 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/01/26 09:49:21 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/01/26 09:49:21 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/01/26 09:49:21 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/01/26 09:49:21 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/01/26 09:49:21 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/01/26 09:49:21 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/01/26 09:49:21 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/01/26 09:49:21 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/01/26 09:49:21 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/01/26 09:49:21 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/01/26 09:49:21 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/01/26 09:49:21 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/01/26 09:49:21 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/01/26 09:49:20 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/01/26 09:49:20 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/01/26 09:49:20 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/01/26 09:49:20 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/01/26 09:49:19 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/01/26 09:49:19 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/01/26 09:49:19 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/01/26 09:49:18 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/01/26 09:49:18 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/01/26 09:49:18 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/01/26 09:49:18 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/01/26 09:49:18 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/01/26 09:49:18 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/01/26 09:49:18 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/01/26 09:49:18 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/01/26 09:49:18 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/01/26 09:49:16 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/01/26 09:49:16 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/01/26 09:49:16 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/01/26 09:49:16 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/01/26 09:49:16 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/01/26 09:49:16 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/01/26 09:49:16 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/01/26 09:49:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/01/26 09:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/01/26 08:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/01/26 08:19:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/26 08:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/25 23:25:03 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/25 23:25:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/25 23:25:02 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/25 23:25:00 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/25 23:14:52 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/01/25 23:14:51 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/01/25 23:14:50 | 002,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/01/25 23:14:50 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/01/25 23:11:41 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/01/25 23:11:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/01/25 23:02:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/25 22:59:27 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/01/25 22:51:37 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/01/25 22:49:57 | 000,455,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/01/25 22:48:39 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/01/25 22:46:08 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/01/25 22:30:58 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/01/25 22:24:52 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/01/25 15:35:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/25 15:34:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/25 15:34:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/25 15:34:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/25 15:34:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/25 15:33:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/25 15:32:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/25 09:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\enzo\Application Data\Nero
[2010/01/25 09:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/01/25 09:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/01/25 09:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/05/12 23:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/12 23:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/01 08:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
[2007/09/13 09:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/12/12 08:42:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/08/06 18:33:45 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2006/08/06 18:33:45 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2006/02/14 19:37:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/02/14 19:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/09/24 00:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/13 09:25:42 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01BC681E-2025-46F9-B046-7001DF950205}.job
[2010/02/13 09:20:05 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\enzo\Desktop\Quick Launch Buttons.lnk
[2010/02/13 09:19:06 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/02/13 09:18:52 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/02/13 09:18:51 | 000,002,645 | -HS- | M] () -- C:\hpqp.ini
[2010/02/13 09:18:49 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/02/13 09:18:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/13 09:18:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/13 09:18:23 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/13 09:17:08 | 013,107,200 | -H-- | M] () -- C:\Documents and Settings\enzo\NTUSER.DAT
[2010/02/13 09:17:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\enzo\ntuser.ini
[2010/02/13 00:45:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2769905097-3725031549-2397689002-1006UA.job
[2010/02/12 20:45:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\animal pictures.msam-journal
[2010/02/12 20:45:47 | 014,245,888 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\animal pictures.msam
[2010/02/12 19:12:36 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\BNC.msam
[2010/02/12 19:12:00 | 001,266,688 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\plastic surgery.msam
[2010/02/12 19:08:49 | 000,753,664 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\hotels nicaragua.msam
[2010/02/10 23:57:17 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sun VirtualBox.lnk
[2010/02/10 08:41:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 22:55:45 | 000,010,892 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\Database.kdb
[2010/02/08 17:59:55 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\enzo\Desktop\OTL.exe
[2010/02/07 10:22:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/07 10:22:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/07 09:58:31 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\enzo\.recently-used.xbel
[2010/02/06 19:16:39 | 1610,612,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/03 19:26:28 | 001,202,176 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\Secondaryanimal facts.msam
[2010/02/02 21:36:23 | 002,289,664 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\many things.msam
[2010/01/30 16:26:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/30 10:41:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2010/01/30 09:35:02 | 000,597,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/30 09:35:02 | 000,125,206 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/30 09:34:59 | 000,736,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/29 04:45:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2769905097-3725031549-2397689002-1006Core.job
[2010/01/26 21:38:26 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/26 21:19:38 | 000,461,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/26 20:53:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/26 19:32:58 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 18:42:39 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\enzo\My Documents\Nero_C_drive_backup.nbt
[2010/01/25 21:48:51 | 000,335,082 | ---- | M] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-iefull-release-1.11.5.29501.en-US.msi
[2010/01/25 15:35:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/17 13:37:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/12 20:45:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\enzo\My Documents\animal pictures.msam-journal
[2010/02/10 23:57:17 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sun VirtualBox.lnk
[2010/02/07 09:58:31 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\enzo\.recently-used.xbel
[2010/02/06 13:38:19 | 2145,636,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/04 19:35:02 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\enzo\My Documents\BNC.msam
[2010/01/30 16:26:09 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/30 10:41:09 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2010/01/26 18:42:39 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\enzo\My Documents\Nero_C_drive_backup.nbt
[2010/01/26 09:52:29 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/01/26 09:50:08 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/01/26 09:49:37 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/01/26 09:49:21 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/01/26 09:47:12 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/01/25 15:35:29 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/25 15:34:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/25 15:34:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/25 15:34:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/25 15:34:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/25 15:34:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/24 09:44:52 | 000,335,082 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-iefull-release-1.11.5.29501.en-US.msi
[2009/10/04 11:51:45 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\enzo\Application Data\TweetDeckFast_state.xml
[2009/06/30 22:16:32 | 002,118,144 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-ie-release-1.11.0.26762.en-US.msi
[2009/04/15 17:34:19 | 002,545,152 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2009/03/10 22:28:59 | 002,360,832 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\cooliris-win-ie-release-1.9.2.21405.en-US.msi
[2009/02/20 20:13:24 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\windrv32.ini
[2009/01/28 16:59:25 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2009/01/28 16:57:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/01/28 16:56:06 | 000,003,791 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2009/01/28 16:55:57 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2009/01/28 16:55:56 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2009/01/28 16:55:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2009/01/28 16:55:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2008/12/09 10:00:25 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/01 08:46:43 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/06/23 20:28:10 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/23 20:28:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/17 11:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/11/10 09:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/11/10 09:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/11/06 10:52:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/11/06 10:52:15 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/11/06 10:52:14 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/08/12 08:47:33 | 000,000,429 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/07/09 17:15:35 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2006/07/09 17:15:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2006/05/22 20:24:12 | 000,003,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/14 12:42:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2006/05/07 08:53:49 | 000,021,266 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2006/05/05 17:40:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/02 20:38:42 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/29 22:03:58 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/04/29 22:03:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/04/27 21:28:38 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/27 19:50:20 | 000,000,742 | ---- | C] () -- C:\WINDOWS\SUPERLEX.INI
[2006/04/27 18:55:58 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/04/25 01:38:34 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\enzo\Local Settings\Application Data\fusioncache.dat
[2006/04/24 21:09:10 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/04/24 21:09:10 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/04/24 21:08:38 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/04/24 21:08:38 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/04/24 21:08:35 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/02/14 20:36:05 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/14 20:32:29 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/14 20:13:03 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/14 19:58:55 | 000,028,802 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/14 19:52:09 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 02:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/22 15:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/07 05:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 11:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/03/21 11:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 11:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 11:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 11:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 11:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 11:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 11:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 20:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/08/23 11:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1997/06/25 12:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
< End of report >


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:41 AM

Posted 13 February 2010 - 02:23 PM

Hello, encio.

How is your computer running now? It's looking cleaner. Let's get a second opinion by running an online scan.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 encio

encio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 14 February 2010 - 01:04 PM

Hi etavares,

Yes, it is running fairly smoothly now. I also just removed some crappy startup services that no doubt were slowing it down a bit - GrooveMonitor.exe, quicktime updater, real player updater, adobe something and 1 or two more.

I run some intensive programs so I think I max out this processor and 2GB of memory. I will have to replace my machine with a better one soon but I am waiting maybe another 6 months or so. Not sure if Quad core processors are going to be that much faster that dual core, I guess it depends on configuration and the apps a person runs. But I will be checking that out soon. Of course malware doesn't help.

I have wanted to move away from windows but I use a few microsoft development tools so I am kind of stuck. I have Sun virtualBox now and run Ubuntu on this machine too. I wanted to try a few Adobe air applications I have on linux - Market Samurai and Tweetdeck, both of them run terribly slow on my XP machine. Also, I use Photoshop a lot and that is a no go on linux except with Wine I guess but I haven't tried that out yet. Running Ubuntu with VirtualBox on XP isn't the best in terms of resources either. I could get a Mac with parallels for windows apps but I don't like Apple the company much.

Also firefox never seems to clear up memory, it always eats up more and more memory until I close the session.

The scanning apps don't like the DU Meter application. I think I may have installed a hacked version.

Here is the result of ESET OnlineScan

C:\Documents and Settings\enzo\Application Data\Sun\Java\Deployment\cache\6.0\51\372973-71763d98 a variant of Java/TrojanDownloader.Agent.AB trojan cleaned by deleting - quarantined
C:\Documents and Settings\enzo\Desktop\downloads\DU_Meter_4.16.r3102.rar probably a variant of MSIL/TrojanDropper.Agent.E trojan deleted - quarantined
C:\Documents and Settings\enzo\Desktop\downloads\DU_meter\DU_Meter_4.16.r3102\DU.Meter.v4.16.r3102-TE.rar probably a variant of MSIL/TrojanDropper.Agent.E trojan deleted - quarantined
C:\Documents and Settings\enzo\Desktop\downloads\DU_meter\DU_Meter_4.16.r3102\DU.Meter.v4.16.r3102-TE\DUMeter-Install.exe probably a variant of MSIL/TrojanDropper.Agent.E trojan cleaned by deleting - quarantined
C:\Program Files\NoAdware4\noadwareutils.dll Win32/NoAdware application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\warning.html.vir Win32/TrojanDownloader.FakeAlert.AED virus deleted - quarantined


Kind regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users