Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USERINIT Altered and REGISTRY INFECTED


  • This topic is locked This topic is locked
31 replies to this topic

#1 thriftgirl62

thriftgirl62

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 13 February 2010 - 11:22 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/294889/userinit-altered-and-registry-infected/ ~ OB


Will NOT let ANY scanners start and shuts anything else that opens.

I ran RKILL a few times but that doesn't work either.

Would not save the GMER.zip so I downloaded and unzipped it from DROPBOX to the desktop but it still won't run the GMER.exe

It will not boot into safe mode and hangs if I try to go into setup.

No shut down warnings - just crashes with a blue screen once or twice a day
.

(The attach.txt is attached. It would not upload attach.rar & there is no zip option on my computer.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Admin at 17:43:14.84 on Sat 02/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.419 [GMT -8:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
svchost.exe
C:\WINDOWS.0\system32\netdde.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS.0\system32\svchost.exe -k imgsvc
C:\WINDOWS.0\system32\SearchIndexer.exe
C:\WINDOWS.0\system32\fxssvc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HighCriteria\PersonalInfoKeeper\pikeeper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\SearchProtocolHost.exe
C:\Documents and Settings\Admin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: Name Numerology Toolbar: {ab61b189-50ed-49fd-b840-9d2fb06bbf73} - c:\program files\name_numerology\tbNam1.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Name Numerology Toolbar: {ab61b189-50ed-49fd-b840-9d2fb06bbf73} - c:\program files\name_numerology\tbNam1.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
uRun: [RunPikeeper] c:\program files\highcriteria\personalinfokeeper\pikeeper.exe -min
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\admin\start menu\programs\startup\VistaMessage.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoUpdateCheck = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {7468D7EB-1172-4554-B91D-4E4A845EBF91} - www.infosaic.com
IE: {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795}
IE: {CB3177A5-DE46-496C-91CC-EC63CCF9BEF4} - c:\program files\easy login\EasyLogin.js
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_15.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - c:\progra~1\acronis\privac~1\POP-UP~1.DLL
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {6170AB22-F1E5-4D4F-8F6C-826C73838581} - {30E44B64-8FCD-43BC-BB6A-84BD312B8E0C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: amazon.com\www
Trusted Zone: blinkweb.com\www
Trusted Zone: comcast.net\smartzone.mail
Trusted Zone: comcast.net\www
Trusted Zone: google.com\www
Trusted Zone: hotmail.com\www
Trusted Zone: infosaic.com\www
Trusted Zone: linkshare.com\helpcenter
Trusted Zone: linkshare.com\www
Trusted Zone: linksynergy.com\cli
Trusted Zone: maximumplr.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: nicheprofitclassroom.com\www
Trusted Zone: nvo.com\www
Trusted Zone: paypal.com\www
Trusted Zone: productioncarcare.net\www
Trusted Zone: traffickahuna.com\www
Trusted Zone: virallinktracker.com\www
Trusted Zone: yahoo.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows.0\java\classes\xmldso.cab
DPF: Pathworks Clipboard Handler ActiveX Control - hxxps://pw0003354.helpstream.biz/ActiveX/ClipboardHandler.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://download.boulder.ibm.com/ibmdl/pub/pc/pccbbs/bp_pc/acpir.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {7530bfb8-7293-4d34-9923-61a11451afc5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
LSA: Notification Packages = scecli
IFEO: taskmgr.exe - c:\program files\tuneup utilities 2007\PMLauncher.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\rkpz1o4r.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {4DCD16A7-C8E0-4D32-BC36-BB28B7607349} - c:\documents and settings\admin\local settings\application data\{4DCD16A7-C8E0-4D32-BC36-BB28B7607349}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.0\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: browser.blink_allowed - false
FF - user.js: ui.submenuDelay - 65000
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: browser.tabs.tabMinWidth - 100
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-8 133104]
S2 SECScheduleService;Search Engine Commando Schedule Service;c:\program files\search engine commando\scheduleservice.exe --> c:\program files\search engine commando\ScheduleService.exe [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows.0\system32\drivers\klmouflt.sys --> c:\windows.0\system32\drivers\klmouflt.sys [?]
S3 USB Wireless USB Adapter®;USB Wireless USB Adapter® Service for Wireless USB Adapter;c:\windows.0\system32\drivers\vnetusbr.sys [2002-8-6 87168]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows.0\system32\drivers\netusbxp.sys [2008-4-7 72576]
S4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-2 40384]
S4 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-2 40384]
S4 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-2 40384]

=============== Created Last 30 ================

2013-03-17 23:24:22 61440 ----a-w- c:\windows.0\system32\W32N50.dll
2013-03-17 23:24:22 15577 ----a-w- c:\windows.0\system32\Pcandis3.vxd
2013-03-17 23:19:52 8311 ----a-w- c:\windows.0\system32\MPSTUB.VXD
2010-02-08 17:07:22 553984 ----a-w- c:\windows.0\system32\dllcache\adm8820.sys
2010-02-08 17:07:14 584448 ----a-w- c:\windows.0\system32\dllcache\adm8810.sys
2010-02-08 17:07:05 20160 ----a-w- c:\windows.0\system32\dllcache\adm8511.sys
2010-02-08 17:06:57 7424 ----a-w- c:\windows.0\system32\dllcache\adicvls.sys
2010-02-08 17:06:54 61440 ----a-w- c:\windows.0\system32\dllcache\acerscad.dll
2010-02-08 17:06:39 84480 ----a-w- c:\windows.0\system32\dllcache\ac97via.sys
2010-02-08 17:06:30 297728 ----a-w- c:\windows.0\system32\dllcache\ac97sis.sys
2010-02-08 17:06:22 96256 ----a-w- c:\windows.0\system32\dllcache\ac97intc.sys
2010-02-08 17:06:13 231552 ----a-w- c:\windows.0\system32\dllcache\ac97ali.sys
2010-02-08 17:06:05 23552 ----a-w- c:\windows.0\system32\dllcache\abp480n5.sys
2010-02-08 17:06:03 462848 ----a-w- c:\windows.0\system32\dllcache\a3dapi.dll
2010-02-08 17:05:54 38400 ----a-w- c:\windows.0\system32\dllcache\8514a.dll
2010-02-08 17:05:38 48128 ----a-w- c:\windows.0\system32\dllcache\61883.sys
2010-02-08 17:05:30 12288 ----a-w- c:\windows.0\system32\dllcache\4mmdat.sys
2010-02-08 17:05:21 148352 ----a-w- c:\windows.0\system32\dllcache\3dfxvsm.sys
2010-02-08 17:05:19 689216 ----a-w- c:\windows.0\system32\dllcache\3dfxvs.dll
2010-02-08 17:05:04 762780 ----a-w- c:\windows.0\system32\dllcache\3cwmcru.sys
2010-02-08 17:03:59 49210 ----a-w- c:\windows.0\system32\dllcache\fp4areg.dll
2010-02-08 17:03:59 102509 ----a-w- c:\windows.0\system32\dllcache\fp4atxt.dll
2010-02-08 17:03:58 82035 ----a-w- c:\windows.0\system32\dllcache\fp4anscp.dll
2010-02-08 17:03:58 147513 ----a-w- c:\windows.0\system32\dllcache\fp4apws.dll
2010-02-08 17:03:57 184435 ----a-w- c:\windows.0\system32\dllcache\fp4amsft.dll
2010-02-08 17:03:55 46592 ----a-w- c:\windows.0\system32\dllcache\coadmin.dll
2010-02-08 17:03:54 76288 ----a-w- c:\windows.0\system32\dllcache\cnfgprts.ocx
2010-02-08 16:37:38 0 d-----w- c:\program files\Virus Secure Lab
2010-02-08 05:15:21 0 d-----w- c:\docume~1\admin\applic~1\Office Genuine Advantage
2010-02-07 01:45:04 7168 ----a-w- c:\windows.0\system32\srosa2.sys
2010-02-07 01:43:34 0 d--h--w- c:\docume~1\admin\applic~1\drivers
2010-02-04 07:16:51 0 d-----w- c:\program files\FLV Producer Lite
2010-02-02 09:24:54 0 d-----w- c:\docume~1\alluse~1.0\applic~1\Alwil Software
2010-01-30 00:57:09 0 d-----w- c:\docume~1\admin\applic~1\Xilisoft Corporation
2010-01-30 00:52:44 0 d-----w- c:\program files\Xilisoft
2010-01-20 22:09:06 156 ----a-w- c:\windows.0\Twunk001.MTX
2010-01-18 11:28:35 141472 ----a-w- C:\prvbacdata.pik

==================== Find3M ====================

2010-01-14 19:12:06 181120 ------w- c:\windows.0\system32\MpSigStub.exe
2010-01-08 00:07:14 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2009-12-14 19:15:14 2146304 ----a-w- c:\windows.0\system32\GPhotos.scr
2009-11-24 13:01:11 502272 ----a-w- c:\windows.0\system32\winlogon.exe
2009-11-24 13:01:11 502272 ----a-w- c:\windows.0\system32\dllcache\winlogon.exe
2009-11-07 17:41:08 1558866 ----a-w- c:\program files\bonus.zip
2009-11-07 14:29:11 361666 ----a-w- c:\program files\Download_webplayer_premium.exe

============= FINISH: 17:44:29.07 ===============

Attached Files


Edited by Orange Blossom, 14 February 2010 - 10:39 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:37 AM

Posted 18 February 2010 - 12:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

Have you tried downloading the randomized version of gmer?

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 thriftgirl62

thriftgirl62
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 18 February 2010 - 03:03 PM

Still won't let ANY scanners start and shuts anything else that opens

EXCEPT THE OTL - That one ran.

It will not boot into safe mode and hangs if I try to go into setup.

No shut down warnings - just crashes with a blue screen once or twice a day.

Runs a little slow but won't let any virus protection start. Have had NO blue

screens for a few days now. The CPU is running too fast.


----------------------------------------OTL.TXT--------------------------------

OTL logfile created on: 2/18/2010 10:27:02 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 292.00 Mb Available Physical Memory | 29.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 25.17 Gb Free Space | 13.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 524.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 10:25:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
PRC - [2010/02/05 10:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/10/30 17:22:49 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/08/17 22:48:08 | 018,341,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/30 19:05:53 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2009/04/17 02:35:18 | 000,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/13 09:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/11/08 15:56:39 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/23 08:59:30 | 000,819,712 | ---- | M] (ZabKat) -- C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
PRC - [2007/06/22 08:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2007/05/28 13:24:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2001/06/22 07:13:46 | 000,450,560 | ---- | M] (High Criteria, Inc.) -- C:\Program Files\HighCriteria\PersonalInfoKeeper\pikeeper.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 10:25:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
MOD - [2006/12/27 21:50:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (SECScheduleService)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/08 23:31:35 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/02/21 02:26:31 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/06/22 08:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$SQLEXPRESS) SQL Server FullText Search (SQLEXPRESS)
SRV - [2007/06/19 15:02:06 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/05/28 14:35:11 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/05/28 13:24:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/28 11:44:51 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.0\system32\termsrv32.dll -- (TermService)
SRV - [2006/12/19 15:53:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS.0\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/11/10 18:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS.0\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
DRV - [2008/11/20 11:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/02/27 11:17:57 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\pfc.sys -- (pfc)
DRV - [2008/02/23 15:05:00 | 000,076,192 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/28 13:42:39 | 000,094,080 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2007/05/28 13:42:25 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2007/04/02 22:13:46 | 000,021,632 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/25 10:43:04 | 000,067,584 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2006/11/06 00:28:11 | 000,030,988 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/31 05:15:24 | 000,165,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/08/15 07:47:19 | 000,219,024 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2005/10/09 00:05:00 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2005/06/21 08:12:34 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 20:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/22 07:05:12 | 000,051,088 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004/06/22 07:05:12 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/06/22 07:05:12 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/10/27 13:09:06 | 000,578,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/10/23 10:17:10 | 000,100,384 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2002/08/06 15:38:38 | 000,087,168 | ---- | M] (ATMEL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\vnetusbr.sys -- (USB Wireless USB Adapter®) USB Wireless USB Adapter®
DRV - [2002/02/19 10:34:18 | 000,072,576 | R--- | M] (The LinkSys Group, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\netusbxp.sys -- (USBNET_XP)
DRV - [2001/08/17 05:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\S-1-5-21-57989841-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\S-1-5-21-57989841-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {4CB2FD47-E9CA-47e0-A339-1659D1D943EA}:2.6
FF - prefs.js..extensions.enabledItems: {3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}:5.3.2
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.4.1
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1
FF - prefs.js..extensions.enabledItems: {83D65D9A-9CCA-439B-9E4A-EC1FE481B443}:1.0.0.30
FF - prefs.js..extensions.enabledItems: custombuttons@xsms.org:0.0.4.3
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:0.2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: toolbar@duckduckgo.com:1.2.0
FF - prefs.js..extensions.enabledItems: {249df6a2-e336-47d1-b6c3-ec711ad140ca}:0.4.0.5
FF - prefs.js..extensions.enabledItems: {472f4ef0-a825-11da-a746-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.32.0
FF - prefs.js..extensions.enabledItems: imagedownload@whygudu.iblog.cn:1.0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pasteemailplus@guid.customsoftwareconsult.com:2.1
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.19.0
FF - prefs.js..extensions.enabledItems: {c0995922-e8cc-4878-84cc-dff4362c03c8}:1.0c
FF - prefs.js..extensions.enabledItems: {69f6e5ea-e975-4d70-a983-1e5c094ded79}:0.1.9
FF - prefs.js..extensions.enabledItems: {776501C5-9EF9-4941-AF73-BA210C7DE731}:2.6.4
FF - prefs.js..extensions.enabledItems: savecomplete@perlprogrammer.com:1.0.1
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.17
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.5
FF - prefs.js..extensions.enabledItems: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A}:1.42
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0
FF - prefs.js..extensions.enabledItems: {4DCD16A7-C8E0-4D32-BC36-BB28B7607349}:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463


FF - HKLM\software\mozilla\Firefox\extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/12/30 15:02:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4DCD16A7-C8E0-4D32-BC36-BB28B7607349}: C:\Documents and Settings\Admin\Local Settings\Application Data\{4DCD16A7-C8E0-4D32-BC36-BB28B7607349} [2009/08/31 16:17:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/05 20:28:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/08 13:40:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/19 07:31:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/10/18 13:03:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/05/05 04:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2009/05/05 04:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
[2008/08/28 00:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bkragjig.leadefault\extensions
[2009/06/08 06:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions
[2009/03/13 20:43:04 | 000,000,000 | ---D | M] (File and Folder Shortcuts) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{3bbdd952-cf6f-44a7-9d23-354a8792b598}
[2009/03/26 06:38:55 | 000,000,000 | ---D | M] (Digg Toolbar for Firefox) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{671c8440-f787-11dc-95ff-0800200c9a66}
[2009/03/26 03:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
[2009/03/19 03:24:24 | 000,000,000 | ---D | M] (EmailTheWeb.com) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{73c39a20-8768-4a82-8b43-fc9535715c5c}
[2009/03/17 09:08:27 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/03/19 03:24:21 | 000,000,000 | ---D | M] (Clippings) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2009/03/13 20:43:04 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2009/03/17 09:08:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/03/26 03:43:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/29 13:55:01 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/03/26 03:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\CompactMenuCE@Merci.chao
[2009/03/13 20:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\linkwidget@clav.mozdev.org
[2009/03/19 03:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\pasteemailplus@guid.customsoftwareconsult.com
[2009/03/28 15:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\piclens@cooliris.com
[2009/03/29 14:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\siteinfo@wmtips
[2009/03/26 03:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\support@lastpass.com
[2009/03/23 16:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\toolbar@alexa.com
[2009/03/13 20:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\waybackbutton@lazar.kovacevic
[2009/03/19 03:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\xrl.in@codefisher.org
[2009/03/17 09:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\iqls6aw3.leah\extensions\yslow@yahoo-inc.com
[2010/01/09 22:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions
[2009/09/27 23:29:54 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/11/18 21:03:32 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2009/11/18 21:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2009/11/25 16:29:20 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/09/24 02:44:32 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/11/17 01:22:19 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009/09/27 23:33:45 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/11/18 21:03:34 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/09/27 23:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
[2009/11/18 21:03:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/25 16:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2009/10/06 13:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\brief@mozdev.org
[2009/09/24 02:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\foxmarks@kei.com
[2009/09/27 23:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\gclips@appspot.com
[2009/10/28 14:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\isreaditlater@ideashower.com
[2009/11/20 03:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\minimalistgmail@mattconstantine.com
[2009/09/27 23:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\tabscope@xuldev.org
[2009/11/18 21:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\extensions\tineye@ideeinc.com
[2009/09/22 00:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions
[2009/04/05 21:33:20 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/04/05 21:33:35 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2009/06/11 13:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}
[2009/06/11 13:15:40 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/08/28 10:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}-trash
[2009/07/10 19:10:07 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/28 10:41:50 | 000,000,000 | ---D | M] (eBay Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{249df6a2-e336-47d1-b6c3-ec711ad140ca}
[2008/04/27 00:14:20 | 000,000,000 | ---D | M] (VRE Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A}
[2009/02/12 02:09:17 | 000,000,000 | ---D | M] (Open Link Host) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{32D83016-0657-4cd3-B7D2-0B4D12CEC60E}
[2009/03/20 22:43:33 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/03/20 22:43:31 | 000,000,000 | ---D | M] (Back to Top) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}
[2009/06/11 13:15:20 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2008/06/20 10:29:17 | 000,000,000 | ---D | M] (FavLoc) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2009/08/28 10:41:49 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2008/11/18 04:05:53 | 000,000,000 | ---D | M] (ArticleSearch) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{4CB2FD47-E9CA-47e0-A339-1659D1D943EA}
[2009/01/28 18:14:17 | 000,000,000 | ---D | M] (Netscape Windows 3.1) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{5063d60e-56c1-463b-8785-a59e3b444882}
[2008/12/06 17:17:02 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/07/10 19:10:07 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009/03/13 15:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{69f6e5ea-e975-4d70-a983-1e5c094ded79}
[2009/03/13 14:15:35 | 000,000,000 | ---D | M] (Quiz Addicts' Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{776501C5-9EF9-4941-AF73-BA210C7DE731}
[2009/01/16 04:33:44 | 000,000,000 | ---D | M] (Clippings) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2009/07/10 19:10:06 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2008/12/10 12:51:33 | 000,000,000 | ---D | M] (Dafizilla Table2Clipboard) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2009/07/10 19:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2009/01/30 22:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2009/03/13 15:48:22 | 000,000,000 | ---D | M] (Popup Resize) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{c0995922-e8cc-4878-84cc-dff4362c03c8}
[2009/07/10 19:09:58 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/06/11 13:15:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/11 13:15:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/07/10 19:09:58 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/22 00:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\{f65bf62a-5ffc-4317-9612-38907a779583}
[2009/03/20 22:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\CompactMenuCE@Merci.chao
[2009/06/11 13:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\custombuttons@xsms.org
[2009/06/11 13:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\foxmarks@kei.com
[2008/07/06 21:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\imagedownload@whygudu.iblog.cn
[2008/12/30 11:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\linkgopher@oooninja.com
[2009/03/01 14:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\pasteemailplus@guid.customsoftwareconsult.com
[2009/06/11 13:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\savecomplete@perlprogrammer.com
[2009/08/28 10:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\staged-xpis
[2009/06/11 13:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\toolbar@duckduckgo.com
[2009/07/10 19:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\extensions\viewsourceintab@piro.sakura.ne.jp
[2009/03/28 15:36:41 | 000,005,523 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\searchplugins\Copernic.xml
[2008/01/05 15:21:42 | 000,001,208 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ux8bu4l2.default\searchplugins\FireSearch.xml
[2010/01/09 22:47:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/06 14:55:00 | 000,391,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2007/12/19 04:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2008/06/11 13:27:34 | 000,217,088 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

O1 HOSTS File: ([2010/01/14 23:56:59 | 000,372,744 | R--- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (Name Numerology Toolbar) - {ab61b189-50ed-49fd-b840-9d2fb06bbf73} - C:\Program Files\Name_Numerology\tbNam1.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Name Numerology Toolbar) - {ab61b189-50ed-49fd-b840-9d2fb06bbf73} - C:\Program Files\Name_Numerology\tbNam1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..\Toolbar\WebBrowser: (Name Numerology Toolbar) - {AB61B189-50ED-49FD-B840-9D2FB06BBF73} - C:\Program Files\Name_Numerology\tbNam1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-1682526488-839522115-1003..\Run: [RunPikeeper] C:\Program Files\HighCriteria\PersonalInfoKeeper\pikeeper.exe (High Criteria, Inc.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\VistaMessage.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Mozy Status.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\FinePrint Dispatcher v5.lnk = C:\WINDOWS.0\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\rapidkey.lnk = C:\Program Files\RapidKey\Rapidkey.exe (Neuber GbR)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\VistaMessage.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Nosecuritytab = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WindowsUpdate: DisableWindowsUpdateAccess = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\Program Files\Acronis\PrivacyExpert\Pop-up Blocker.dll (Acronis)
O9 - Extra 'Tools' menuitem : Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\Program Files\Acronis\PrivacyExpert\Pop-up Blocker.dll (Acronis)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: LiveSummarizer - {6170AB22-F1E5-4D4F-8F6C-826C73838581} - Reg Error: Key error. File not found
O9 - Extra Button: infosaic - {7468D7EB-1172-4554-B91D-4E4A845EBF91} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - Reg Error: Value error. File not found
O9 - Extra Button: Easy Login - {CB3177A5-DE46-496C-91CC-EC63CCF9BEF4} - C:\Program Files\Easy Login\EasyLogin.js ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: amazon.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: blinkweb.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: comcast.net ([smartzone.mail] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: comcast.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: google.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: hotmail.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: infosaic.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: linkshare.com ([helpcenter] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: linkshare.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: linksynergy.com ([cli] https in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: maximumplr.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: nicheprofitclassroom.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: nvo.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: paypal.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: productioncarcare.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: traffickahuna.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: virallinktracker.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: yahoo.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: 83 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft.com/fwlink/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://download.boulder.ibm.com/ibmdl/pub/...bp_pc/acpir.cab (IASRunner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530bfb8-7293-4d34-9923-61a11451afc5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} https://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.0\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Pathworks Clipboard Handler ActiveX Control https://pw0003354.helpstream.biz/ActiveX/Cl...oardHandler.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.178 68.87.78.130 68.87.76.178
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS.0\System32\igfxsrvc.dll (Intel Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Program Files\TuneUp Utilities 2007\PMLauncher.exe (TuneUp Software GmbH)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/24 21:39:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/10 02:57:41 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/12/02 17:41:27 | 000,000,056 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/02/08 01:58:36 | 000,000,037 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS.0\system32\ias [2007/05/28 11:52:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS.0\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Admin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2



ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325CA57-B9E4-38D8-CA50-255521CEAC9A} - Internet Explorer Version Update
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {26923b43-4d38-484f-9b9e-de460746276c} -
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2B20E6DC-3193-74EE-8565-5899FDDC9265} - Internet Explorer Version Update
ActiveX: {2B38F272-2765-6D9F-43CA-442263768F1F} - Internet Explorer
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3BC1E29B-C90F-64EF-1393-9375DC04CA4A} - Internet Explorer
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - Microsoft Outlook Express 6
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4717767C-E613-A18A-3C42-7C021C63070F} - Internet Explorer Version Update
ActiveX: {4879CE70-F120-CC67-EB2E-10B53068B047} - Microsoft Windows Media Player 6.4
ActiveX: {4CEABE3F-D941-BC05-D15A-1B2E5CAD57DC} - Adobe Shockwave Director 11.0.3
ActiveX: {4ECFA56F-C939-0403-AD89-DA762F75F3B3} - Macromedia Shockwave Director 8.0
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {56018117-ED81-B987-7DB9-C258B2839BA5} - DirectAnimation
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6670EE03-5452-5D5B-892A-25B6F91A3F30} - Macromedia Shockwave Director 8.0
ActiveX: {6A45563B-14AA-16E8-BAAD-744D5F0D4699} - NetShow
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {76A3544E-844B-09C4-B698-93FD54A34B02} - Internet Explorer
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {881dd1c5-3dcf-431b-b061-f3f88e8be88a} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS.0\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS.0\system32\Rundll32.exe c:\WINDOWS.0\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {918C4099-7D4F-5C50-B377-D97A0964EC88} - Internet Explorer
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {95E7AA6C-6E6E-4952-353C-75510426B932} - Macromedia Shockwave Director 8.0
ActiveX: {A11F150A-AE6D-F3B4-7F0A-B13B18037331} - Browser Customizations
ActiveX: {AAFC6C6C-EAE4-8A4E-360F-3D7C6E14DB23} - Macromedia Shockwave Director 8.0
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B0168B10-9552-6241-E387-4F74D5EBE611} - Vector Graphics Rendering (VML)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9778D33-EA21-5888-BEED-198F9DE78D36} - Macromedia Shockwave Director 8.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CAC75715-FF8E-716F-15FE-D9A73696E201} - Macromedia Shockwave Director 8.0
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D09D86F8-0A69-91D9-5B43-14A0C1B9DD57} - Adobe Shockwave Director 11.0.3
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D284EB8F-5666-FDE4-EBD5-FF8D5E2780DC} - Macromedia Shockwave Director 8.0
ActiveX: {D7BBD727-2764-7A2F-0BC7-7772B352902E} - Macromedia Shockwave Director 8.0
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E4F3CCD8-EA25-D56B-E88B-DD48FE580AD3} - Internet Explorer
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EB0DA197-5E01-0E80-E649-BBE1F84566A4} - Windows Sidebar
ActiveX: {F0144C76-4579-D04E-F78C-D4F409926066} - Internet Explorer
ActiveX: {F48C1D75-460F-79B9-7624-EAE321AB284C} - Microsoft Windows Media Player 6.4
ActiveX: {F7E8FEB6-BC0C-DC4B-9ACD-90224F4D2391} - Outlook Express
ActiveX: {FA929AAA-F60C-34FF-57DB-3C477C755BB2} - DirectX
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS.0\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS.0\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS.0\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS.0\system32\rundll32.exe" "C:\WINDOWS.0\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS.0\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS.0\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS.0\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS.0\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS.0\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS.0\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS.0\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS.0\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS.0\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS.0\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS.0\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS.0\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS.0\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS.0\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS.0\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS.0\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS.0\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS.0\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\WINDOWS.0\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/17 15:24:22 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS.0\System32\W32N50.dll
[2010/02/13 16:17:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/02/08 09:07:14 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS.0\System32\dllcache\adm8810.sys
[2010/02/08 09:07:05 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS.0\System32\dllcache\adm8511.sys
[2010/02/08 09:06:57 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\adicvls.sys
[2010/02/08 09:06:54 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS.0\System32\dllcache\acerscad.dll
[2010/02/08 09:06:39 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS.0\System32\dllcache\ac97via.sys
[2010/02/08 09:06:30 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS.0\System32\dllcache\ac97sis.sys
[2010/02/08 09:06:22 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\dllcache\ac97intc.sys
[2010/02/08 09:06:13 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS.0\System32\dllcache\ac97ali.sys
[2010/02/08 09:06:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\abp480n5.sys
[2010/02/08 09:06:03 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS.0\System32\dllcache\a3dapi.dll
[2010/02/08 09:05:54 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\8514a.dll
[2010/02/08 09:05:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\61883.sys
[2010/02/08 09:05:30 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\4mmdat.sys
[2010/02/08 09:05:21 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS.0\System32\dllcache\3dfxvsm.sys
[2010/02/08 09:05:19 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS.0\System32\dllcache\3dfxvs.dll
[2010/02/08 09:05:04 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS.0\System32\dllcache\3cwmcru.sys
[2010/02/08 09:04:56 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\1394vdbg.sys
[2010/02/08 09:04:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\wamregps.dll
[2010/02/08 09:04:37 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\tcptest.exe
[2010/02/08 09:04:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\tcptsat.dll
[2010/02/08 09:04:35 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\smtpsnap.dll
[2010/02/08 09:04:35 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\smtpadm.dll
[2010/02/08 09:04:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\staxmem.dll
[2010/02/08 09:04:34 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\shtml.exe
[2010/02/08 09:04:33 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\shtml.dll
[2010/02/08 09:04:30 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\s3legacy.dll
[2010/02/08 09:04:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\logui.ocx
[2010/02/08 09:04:11 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\isatq.dll
[2010/02/08 09:04:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\infoadmn.dll
[2010/02/08 09:04:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\inetsloc.dll
[2010/02/08 09:04:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\inetmgr.exe
[2010/02/08 09:04:09 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\inetmgr.dll
[2010/02/08 09:04:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\iisui.dll
[2010/02/08 09:04:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\iisrtl.dll
[2010/02/08 09:04:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\iisrstas.exe
[2010/02/08 09:04:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\iisrstap.dll
[2010/02/08 09:04:07 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\iisext51.dll
[2010/02/08 09:04:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\iismap.dll
[2010/02/08 09:04:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\iisreset.exe
[2010/02/08 09:04:06 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fpremadm.exe
[2010/02/08 09:04:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\ftpsapi2.dll
[2010/02/08 09:04:05 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fpmmc.dll
[2010/02/08 09:04:05 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fpmmcsat.dll
[2010/02/08 09:04:04 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fpcount.exe
[2010/02/08 09:04:04 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fpexedll.dll
[2010/02/08 09:04:03 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp98swin.exe
[2010/02/08 09:04:01 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4awel.dll
[2010/02/08 09:04:01 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp98sadm.exe
[2010/02/08 09:04:00 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4awebs.dll
[2010/02/08 09:04:00 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4avnb.dll
[2010/02/08 09:04:00 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4avss.dll
[2010/02/08 09:03:59 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4atxt.dll
[2010/02/08 09:03:59 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4areg.dll
[2010/02/08 09:03:58 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4apws.dll
[2010/02/08 09:03:58 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4anscp.dll
[2010/02/08 09:03:57 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\fp4amsft.dll
[2010/02/08 09:03:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\coadmin.dll
[2010/02/08 09:03:54 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cnfgprts.ocx
[2010/02/08 08:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Virus Secure Lab
[2010/02/07 21:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Office Genuine Advantage
[2010/02/07 03:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\zh-TW
[2010/02/07 03:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\zh-HK
[2010/02/07 03:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\tr-TR
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\sv-SE
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\pt-BR
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\nl-NL
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\nb-NO
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\ko-KR
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\it-IT
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\he-IL
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\fr-FR
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\fi-FI
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\es-ES
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\el-GR
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\de-DE
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\da-DK
[2010/02/07 03:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\ar-SA
[2010/02/07 00:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/06 17:43:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Application Data\drivers
[2010/02/03 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Producer Lite
[2010/02/02 01:26:30 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS.0\System32\drivers\aswmon.sys
[2010/02/02 01:25:38 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS.0\System32\aswBoot.exe
[2010/02/02 01:25:38 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS.0\System32\avastSS.scr
[2010/02/02 01:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/02 01:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Alwil Software
[2010/01/29 16:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Xilisoft Corporation
[2010/01/29 16:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Xilisoft Corporation
[2010/01/29 16:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2010/01/22 21:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\kern-ads-2hotlinks-greatstuff_files
[2010/01/22 14:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\payday_files
[2009/11/07 06:29:10 | 000,361,666 | ---- | C] (RegNow.com) -- C:\Program Files\Download_webplayer_premium.exe
[2008/11/09 11:12:08 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS.0\System32\Implode.dll
[2007/05/28 13:42:39 | 000,094,080 | ---- | C] (VSO Software) -- C:\Documents and Settings\Admin\Application Data\ezplay.sys
[2007/05/28 13:42:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Admin\Application Data\pcouffin.sys
[2007/05/14 12:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/05/14 12:48:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/05/14 12:48:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/11/09 13:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/02/24 22:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[243 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[1 C:\Documents and Settings\Admin\*.tmp files -> C:\Documents and Settings\Admin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/17 15:24:22 | 000,061,440 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS.0\System32\W32N50.dll
[2013/03/17 15:24:22 | 000,015,577 | ---- | M] () -- C:\WINDOWS.0\System32\Pcandis3.vxd
[2013/03/17 15:19:52 | 000,008,311 | ---- | M] () -- C:\WINDOWS.0\System32\MPSTUB.VXD
[2010/02/18 10:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/18 08:25:55 | 000,000,426 | -H-- | M] () -- C:\WINDOWS.0\tasks\User_Feed_Synchronization-{99F855B5-FFE1-499C-94D2-CA8113761326}.job
[2010/02/18 03:30:13 | 000,146,826 | ---- | M] () -- C:\prvdata.pik
[2010/02/18 03:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS.0\tasks\RegCure.job
[2010/02/17 20:48:46 | 022,806,528 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/17 18:28:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/17 17:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS.0\tasks\RegCure Program Check.job
[2010/02/17 03:43:22 | 000,000,005 | ---- | M] () -- C:\WINDOWS.0\Twain001.Mtx
[2010/02/17 03:43:17 | 000,000,156 | ---- | M] () -- C:\WINDOWS.0\Twunk001.MTX
[2010/02/14 19:35:17 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 20:30:13 | 000,008,402 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Attach.rar
[2010/02/13 16:53:56 | 000,007,168 | ---- | M] () -- C:\WINDOWS.0\System32\srosa2.sys
[2010/02/13 16:52:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2010/02/13 16:51:52 | 000,000,240 | ---- | M] () -- C:\WINDOWS.0\tasks\OGALogon.job
[2010/02/13 16:19:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/02/13 10:55:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT
[2010/02/13 10:55:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2010/02/13 10:55:03 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/13 00:09:23 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2010/02/11 18:28:45 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2010/02/11 18:13:25 | 000,318,408 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\sell-dinan-co.pdf
[2010/02/11 01:58:27 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\system-process-list.xls
[2010/02/10 21:53:20 | 000,103,515 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\sokule-receipt.jpg
[2010/02/10 03:12:39 | 000,549,316 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2010/02/10 03:12:38 | 000,107,056 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2010/02/10 03:12:28 | 000,670,228 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI
[2010/02/09 16:29:44 | 000,112,262 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\MEMBERSPEED-147-00-YR.jpg
[2010/02/08 08:37:44 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Virus Effect Remover.lnk
[2010/02/07 11:26:58 | 000,000,013 | ---- | M] () -- C:\WINDOWS.0\System32\WinSys32.crc
[2010/02/07 10:56:15 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\FLV Producer Lite.lnk
[2010/02/07 02:39:26 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Malware.doc
[2010/02/06 12:21:29 | 000,372,155 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\eMarketingPlan.pdf
[2010/02/04 01:50:08 | 000,000,072 | ---- | M] () -- C:\WINDOWS.0\ANS2000.INI
[2010/02/04 00:09:13 | 000,024,800 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\PCMI-lies- LETTER TO LENDERS.pdf
[2010/02/03 01:01:50 | 000,210,331 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\marlin-ard-billing06-09.pdf
[2010/02/03 00:51:39 | 000,373,255 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\june2009-leon2.jpg
[2010/02/03 00:47:52 | 000,218,937 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\june2009-leon.jpg
[2010/02/02 20:47:12 | 000,198,267 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Go-fish-Product-Download2.jpg
[2010/02/02 20:47:12 | 000,109,054 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Go-fish-Product-Download1.jpg
[2010/02/02 20:47:12 | 000,107,103 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Go-fish-Product-Download3.jpg
[2010/02/02 20:47:12 | 000,032,433 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Go-fish-Product-Download4.jpg
[2010/02/02 08:33:47 | 000,171,269 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\still-the-same-but-worse-20053.jpg
[2010/02/02 08:33:47 | 000,148,579 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\still-the-same-but-worse-20052.jpg
[2010/02/02 08:33:47 | 000,090,881 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\still-the-same-but-worse-20054.jpg
[2010/02/02 08:33:46 | 000,144,974 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\still-the-same-but-worse-20051.jpg
[2010/02/02 01:26:46 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\avast! Free Antivirus.lnk
[2010/02/02 01:26:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS.0\System32\CONFIG.NT
[2010/02/01 21:35:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS.0\NeroDigital.ini
[2010/01/29 14:59:37 | 000,152,875 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\VIDEO-FILES.cida
[2010/01/29 06:39:09 | 000,186,299 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish11.jpg
[2010/01/29 06:39:09 | 000,158,769 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish12.jpg
[2010/01/29 06:39:09 | 000,074,633 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish13.jpg
[2010/01/29 06:36:18 | 000,220,798 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish1.jpg
[2010/01/29 06:36:18 | 000,028,749 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish2.jpg
[2010/01/29 06:34:34 | 000,235,046 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\mmf-products1.jpg
[2010/01/29 06:34:34 | 000,030,270 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\mmf-products2.jpg
[2010/01/29 06:32:56 | 000,209,780 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish.jpg
[2010/01/28 15:07:11 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Download(1).xls
[2010/01/28 14:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS.0\System32\avastSS.scr
[2010/01/28 14:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS.0\System32\aswBoot.exe
[2010/01/28 13:54:12 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS.0\System32\drivers\aswmon.sys
[2010/01/28 00:27:18 | 000,058,240 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\citicard-statement.jpg
[2010/01/26 08:17:41 | 000,238,708 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\domains.xlsx
[2010/01/26 00:18:48 | 000,136,945 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\fax-paypal.jpg
[2010/01/26 00:08:54 | 000,124,899 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\paypal-30-70.jpg
[2010/01/25 21:47:34 | 000,149,051 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\2001-ME 400x474.jpg
[2010/01/25 21:08:42 | 000,223,010 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Wholesalesources.pdf
[2010/01/25 18:06:27 | 000,236,402 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\travel.jpg
[2010/01/24 14:11:47 | 000,063,243 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\LAST-ONE-97-00-GOLD-plus.jpg
[2010/01/23 22:38:03 | 000,058,357 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Code_of-ethics.pdf
[2010/01/23 21:30:05 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\decalstore.html
[2010/01/23 21:13:50 | 000,000,037 | ---- | M] () -- C:\WINDOWS.0\TemplateWizard.INI
[2010/01/23 16:46:14 | 000,187,823 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\ClassifiedGeneration.mht
[2010/01/22 21:41:11 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\kern-ads-2hotlinks-greatstuff.htm
[2010/01/22 14:02:59 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\payday.htm
[2010/01/21 02:21:43 | 000,057,405 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\orders-wrong-12-30-09.jpg
[2010/01/21 02:15:13 | 000,043,206 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\orders-1-20-10.jpg
[2010/01/21 02:02:07 | 000,008,703 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\sig-leon.jpg
[2010/01/21 00:55:04 | 002,033,829 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\fax-eric.jpg
[2010/01/20 16:08:44 | 022,544,384 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT_BAK_62829
[2010/01/20 13:58:21 | 000,133,092 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\www.accountonline.jpg
[2010/01/20 13:38:39 | 000,057,665 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\citibank-6142.jpg
[243 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[1 C:\Documents and Settings\Admin\*.tmp files -> C:\Documents and Settings\Admin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/17 15:24:22 | 000,015,577 | ---- | C] () -- C:\WINDOWS.0\System32\Pcandis3.vxd
[2013/03/17 15:19:52 | 000,008,311 | ---- | C] () -- C:\WINDOWS.0\System32\MPSTUB.VXD
[2010/02/13 20:30:13 | 000,008,402 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Attach.rar
[2010/02/13 20:00:32 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\gmer.exe
[2010/02/13 00:09:23 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2010/02/11 18:13:25 | 000,318,408 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\sell-dinan-co.pdf
[2010/02/11 01:24:44 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\system-process-list.xls
[2010/02/10 21:53:19 | 000,103,515 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\sokule-receipt.jpg
[2010/02/09 16:29:44 | 000,112,262 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\MEMBERSPEED-147-00-YR.jpg
[2010/02/08 09:07:22 | 000,553,984 | ---- | C] () -- C:\WINDOWS.0\System32\dllcache\adm8820.sys
[2010/02/08 08:37:44 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Virus Effect Remover.lnk
[2010/02/07 03:05:23 | 000,000,240 | ---- | C] () -- C:\WINDOWS.0\tasks\OGALogon.job
[2010/02/07 02:39:23 | 000,169,984 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Malware.doc
[2010/02/06 17:45:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS.0\System32\srosa2.sys
[2010/02/06 12:21:29 | 000,372,155 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\eMarketingPlan.pdf
[2010/02/04 00:09:13 | 000,024,800 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\PCMI-lies- LETTER TO LENDERS.pdf
[2010/02/03 23:17:07 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\FLV Producer Lite.lnk
[2010/02/03 01:01:50 | 000,210,331 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\marlin-ard-billing06-09.pdf
[2010/02/03 00:51:38 | 000,373,255 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\june2009-leon2.jpg
[2010/02/03 00:47:52 | 000,218,937 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\june2009-leon.jpg
[2010/02/02 20:47:12 | 000,198,267 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Go-fish-Product-Download2.jpg
[2010/02/02 20:47:12 | 000,109,054 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Go-fish-Product-Download1.jpg
[2010/02/02 20:47:12 | 000,107,103 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Go-fish-Product-Download3.jpg
[2010/02/02 20:47:12 | 000,032,433 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Go-fish-Product-Download4.jpg
[2010/02/02 08:33:47 | 000,171,269 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\still-the-same-but-worse-20053.jpg
[2010/02/02 08:33:47 | 000,148,579 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\still-the-same-but-worse-20052.jpg
[2010/02/02 08:33:47 | 000,090,881 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\still-the-same-but-worse-20054.jpg
[2010/02/02 08:33:46 | 000,144,974 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\still-the-same-but-worse-20051.jpg
[2010/02/02 01:28:46 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2010/02/02 01:26:46 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\avast! Free Antivirus.lnk
[2010/01/29 14:00:18 | 000,152,875 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\VIDEO-FILES.cida
[2010/01/29 06:39:09 | 000,186,299 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish11.jpg
[2010/01/29 06:39:09 | 000,158,769 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish12.jpg
[2010/01/29 06:39:09 | 000,074,633 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish13.jpg
[2010/01/29 06:36:18 | 000,220,798 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish1.jpg
[2010/01/29 06:36:18 | 000,028,749 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish2.jpg
[2010/01/29 06:34:34 | 000,235,046 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\mmf-products1.jpg
[2010/01/29 06:34:34 | 000,030,270 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\mmf-products2.jpg
[2010/01/29 06:32:55 | 000,209,780 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\mymoneyfish.jpg
[2010/01/28 00:27:17 | 000,058,240 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\citicard-statement.jpg
[2010/01/26 00:18:48 | 000,136,945 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\fax-paypal.jpg
[2010/01/26 00:08:53 | 000,124,899 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\paypal-30-70.jpg
[2010/01/25 21:47:34 | 000,149,051 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\2001-ME 400x474.jpg
[2010/01/25 21:08:42 | 000,223,010 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Wholesalesources.pdf
[2010/01/25 18:03:28 | 000,236,402 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\travel.jpg
[2010/01/24 14:11:47 | 000,063,243 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\LAST-ONE-97-00-GOLD-plus.jpg
[2010/01/23 22:38:03 | 000,058,357 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Code_of-ethics.pdf
[2010/01/23 16:46:13 | 000,187,823 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\ClassifiedGeneration.mht
[2010/01/22 21:41:09 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\kern-ads-2hotlinks-greatstuff.htm
[2010/01/22 14:02:53 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\payday.htm
[2010/01/21 02:21:43 | 000,057,405 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\orders-wrong-12-30-09.jpg
[2010/01/21 02:15:13 | 000,043,206 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\orders-1-20-10.jpg
[2010/01/21 02:02:07 | 000,008,703 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\sig-leon.jpg
[2010/01/21 00:55:03 | 002,033,829 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\fax-eric.jpg
[2010/01/20 14:09:06 | 000,000,156 | ---- | C] () -- C:\WINDOWS.0\Twunk001.MTX
[2010/01/20 13:58:21 | 000,133,092 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\www.accountonline.jpg
[2010/01/20 13:38:39 | 000,057,665 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\citibank-6142.jpg
[2010/01/02 15:14:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS.0\ArticleAssistant.ini
[2010/01/02 00:02:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS.0\ovas.ini
[2009/12/29 02:19:08 | 000,000,086 | ---- | C] () -- C:\WINDOWS.0\aasinst.ini
[2009/12/03 00:32:48 | 000,000,949 | ---- | C] () -- C:\WINDOWS.0\WebPage.INI
[2009/11/23 05:30:41 | 000,000,101 | ---- | C] () -- C:\WINDOWS.0\aebmark.ini
[2009/11/23 04:06:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS.0\AEBFONT.INI
[2009/11/23 04:06:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS.0\ANS2000.INI
[2009/11/23 04:06:05 | 000,000,020 | -H-- | C] () -- C:\WINDOWS.0\akebook.ini
[2009/11/23 04:06:05 | 000,000,004 | -H-- | C] () -- C:\WINDOWS.0\a3kebook.ini
[2009/11/07 09:40:55 | 001,558,866 | ---- | C] () -- C:\Program Files\bonus.zip
[2009/09/19 06:20:53 | 000,013,523 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\vomodeqeci.db
[2009/09/18 21:53:09 | 000,012,399 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\esacox.db
[2009/07/01 17:17:30 | 002,118,144 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\cooliris-win-ie-release-1.11.0.26762.en-US.msi
[2009/04/30 09:33:10 | 000,000,206 | ---- | C] () -- C:\WINDOWS.0\EurekaLog.ini
[2009/04/15 11:25:44 | 002,545,152 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2009/04/05 18:27:29 | 000,000,157 | ---- | C] () -- C:\WINDOWS.0\System32\nat11.dll
[2009/03/28 15:30:42 | 000,000,151 | ---- | C] () -- C:\WINDOWS.0\ULEAD.INI
[2009/03/28 15:19:52 | 000,000,350 | ---- | C] () -- C:\WINDOWS.0\cardiris.INI
[2009/03/28 15:16:50 | 000,000,162 | ---- | C] () -- C:\WINDOWS.0\Readiris.ini
[2009/03/28 15:03:32 | 000,015,360 | R--- | C] () -- C:\WINDOWS.0\System32\GetInst32.dll
[2009/02/25 18:03:18 | 000,000,060 | ---- | C] () -- C:\WINDOWS.0\ContentCheckup.ini
[2009/02/13 11:26:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS.0\System32\fxsperf.ini
[2008/12/25 07:38:26 | 000,000,075 | ---- | C] () -- C:\WINDOWS.0\pdf2web.INI
[2008/12/21 22:29:03 | 000,000,026 | ---- | C] () -- C:\WINDOWS.0\dbqwiksite.ini
[2008/12/07 15:54:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS.0\dbqwik~2.ini
[2008/12/07 15:19:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS.0\System32\DBQARM.dll
[2008/11/22 14:51:23 | 000,038,497 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft Excel 97-2003.ADR
[2008/11/09 11:12:09 | 000,054,272 | ---- | C] () -- C:\WINDOWS.0\System32\P2irdao.dll
[2008/11/09 11:12:08 | 000,748,160 | ---- | C] () -- C:\WINDOWS.0\System32\Co2c40en.dll
[2008/11/09 11:12:08 | 000,050,176 | ---- | C] () -- C:\WINDOWS.0\System32\P2ctdao.dll
[2008/10/24 20:52:09 | 000,021,906 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Tab Separated Values (Windows).ADR
[2008/10/13 12:46:43 | 000,022,683 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Comma Separated Values (Windows).ADR
[2008/10/07 02:36:20 | 000,000,108 | RHS- | C] () -- C:\WINDOWS.0\neoqaz2.dll
[2008/09/29 01:23:08 | 000,005,021 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\uzvyslhl.frr
[2008/09/27 09:42:19 | 000,004,936 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\elihgnqs.czb
[2008/09/24 13:17:13 | 000,115,712 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\SharedSettings.ccs
[2008/09/19 23:23:27 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\keyfile3.drm
[2008/09/11 03:55:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS.0\InstantHandwriting.ini
[2008/09/03 03:53:36 | 000,000,208 | ---- | C] () -- C:\WINDOWS.0\System32\xpysys.dll
[2008/09/03 03:52:39 | 000,000,083 | ---- | C] () -- C:\WINDOWS.0\forminfo.ini
[2008/07/15 03:28:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS.0\System32\WshExtra.dll
[2008/06/27 11:07:50 | 000,000,083 | ---- | C] () -- C:\WINDOWS.0\IMSExtract.INI
[2008/05/25 15:27:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\barginmgr.INI
[2008/05/25 02:27:53 | 000,007,009 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Comma Separated Values (Windows).EML
[2008/05/22 09:18:16 | 000,000,149 | ---- | C] () -- C:\WINDOWS.0\emext32.ini
[2008/05/20 14:41:16 | 000,009,183 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Tab Separated Values (Windows).EML
[2008/05/12 22:34:28 | 000,000,719 | ---- | C] () -- C:\WINDOWS.0\XMLEditor3.INI
[2008/05/05 02:03:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS.0\odbcddp.ini
[2008/05/01 03:52:33 | 000,000,421 | ---- | C] () -- C:\WINDOWS.0\FPStudio.INI
[2008/04/19 16:52:58 | 000,000,058 | ---- | C] () -- C:\WINDOWS.0\cgminivw.ini
[2008/04/15 15:19:54 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Simone_Prefs
[2008/04/09 18:01:56 | 000,001,532 | ---- | C] () -- C:\WINDOWS.0\WBLOCKS2.INI
[2008/04/09 02:04:39 | 000,001,188 | ---- | C] () -- C:\WINDOWS.0\WBLOCKSP.INI
[2008/04/09 01:52:09 | 000,000,086 | ---- | C] () -- C:\WINDOWS.0\WB3USER.INI
[2008/04/07 22:37:22 | 000,000,173 | ---- | C] () -- C:\WINDOWS.0\ConnMgr.ini
[2008/04/07 22:34:29 | 000,000,089 | ---- | C] () -- C:\WINDOWS.0\ImportClient.INI
[2008/04/07 21:55:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\PretzelSpellCheck.dll
[2008/04/07 21:55:10 | 000,000,751 | ---- | C] () -- C:\WINDOWS.0\Bti.ini
[2008/04/07 21:55:07 | 000,116,640 | ---- | C] () -- C:\WINDOWS.0\System32\Ptsaci40.dll
[2008/04/07 21:49:17 | 000,000,591 | ---- | C] () -- C:\WINDOWS.0\SBE.INI
[2008/04/07 21:49:17 | 000,000,155 | ---- | C] () -- C:\WINDOWS.0\PARSONS.INI
[2008/04/07 21:01:13 | 000,000,749 | ---- | C] () -- C:\WINDOWS.0\TOC4.INI
[2008/04/07 13:53:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS.0\System32\BinCoder.dll
[2008/04/06 16:56:33 | 000,120,200 | ---- | C] () -- C:\WINDOWS.0\System32\DLLDEV32i.dll
[2008/04/06 16:55:53 | 000,006,211 | ---- | C] () -- C:\WINDOWS.0\mgxoschk.ini
[2008/04/05 20:09:46 | 000,000,030 | ---- | C] () -- C:\WINDOWS.0\WlanDfu.INI
[2008/03/16 20:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\PROTOCOL.INI
[2008/03/13 02:01:55 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\closedList.awt
[2008/03/13 02:01:55 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\openList.awt
[2008/03/02 12:45:15 | 000,000,246 | ---- | C] () -- C:\WINDOWS.0\FieldPro.INI
[2008/03/02 11:36:17 | 000,000,971 | ---- | C] () -- C:\WINDOWS.0\ODBC.INI
[2008/02/23 19:15:48 | 000,252,416 | ---- | C] () -- C:\WINDOWS.0\System32\wi32wid.dll
[2008/02/23 19:15:47 | 000,058,880 | ---- | C] () -- C:\WINDOWS.0\System32\TALPDF32.dll
[2008/02/23 19:15:47 | 000,041,472 | ---- | C] () -- C:\WINDOWS.0\System32\TAL12832.dll
[2008/02/23 19:15:47 | 000,034,816 | ---- | C] () -- C:\WINDOWS.0\System32\TALC9332.dll
[2008/02/23 19:15:47 | 000,034,304 | ---- | C] () -- C:\WINDOWS.0\System32\Talc3932.dll
[2008/02/23 19:15:47 | 000,033,792 | ---- | C] () -- C:\WINDOWS.0\System32\TALEAN32.dll
[2008/02/23 19:15:47 | 000,033,280 | ---- | C] () -- C:\WINDOWS.0\System32\TALUPC32.dll
[2008/02/23 19:15:47 | 000,032,768 | R--- | C] () -- C:\WINDOWS.0\System32\RegPCSC.dll
[2008/02/23 19:15:47 | 000,025,088 | ---- | C] () -- C:\WINDOWS.0\System32\TALITF32.dll
[2008/02/23 19:15:47 | 000,023,552 | ---- | C] () -- C:\WINDOWS.0\System32\TALCBR32.dll
[2008/02/23 19:15:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS.0\System32\TALZIP32.dll
[2008/02/23 19:15:46 | 000,338,944 | ---- | C] () -- C:\WINDOWS.0\System32\lffpx7.dll
[2008/02/23 19:15:46 | 000,118,784 | ---- | C] () -- C:\WINDOWS.0\System32\lfkodak.dll
[2008/02/23 19:15:46 | 000,031,744 | ---- | C] () -- C:\WINDOWS.0\System32\lfvec13n.dll
[2008/02/23 15:03:51 | 000,037,888 | ---- | C] () -- C:\WINDOWS.0\System32\setupnt.dll
[2008/02/22 16:58:12 | 000,000,037 | ---- | C] () -- C:\WINDOWS.0\TemplateWizard.INI
[2008/02/13 18:12:14 | 000,000,194 | ---- | C] () -- C:\WINDOWS.0\webcloner.INI
[2007/12/06 10:11:04 | 000,002,045 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\whlpusp32.dll
[2007/10/01 23:57:18 | 000,000,246 | ---- | C] () -- C:\WINDOWS.0\WININIT.INI
[2007/07/09 10:00:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2007/07/09 07:27:11 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\hpzinstall.log
[2007/07/07 10:36:27 | 000,003,171 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\QTSBandwidthCache
[2007/05/29 20:21:44 | 000,000,151 | ---- | C] () -- C:\WINDOWS.0\PhotoSnapViewer.INI
[2007/05/29 17:24:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS.0\NeroDigital.ini
[2007/05/29 03:49:54 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/28 13:42:43 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\NHXHLJDL.log
[2007/05/28 13:42:39 | 000,007,812 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\ezplay.cat
[2007/05/28 13:42:39 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\NHXHLJDL.inf
[2007/05/28 13:42:39 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\NHXHLJDL.ini
[2007/05/28 13:42:38 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\pcouffin.log
[2007/05/28 13:42:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\ezpinst.exe
[2007/05/28 13:42:25 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\pcouffin.cat
[2007/05/28 13:42:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\pcouffin.inf
[2007/05/28 13:27:36 | 001,138,688 | ---- | C] () -- C:\WINDOWS.0\System32\xvidcore.dll
[2007/05/28 13:27:35 | 000,217,088 | ---- | C] () -- C:\WINDOWS.0\System32\xvidvfw.dll
[2007/05/28 13:27:35 | 000,005,120 | ---- | C] () -- C:\WINDOWS.0\System32\ff_vfw.dll
[2007/05/28 13:27:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS.0\System32\ff_vfw.dll.manifest
[2007/04/22 16:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS.0\System32\qt-dx331.dll
[2007/04/22 16:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS.0\System32\DivXWMPExtType.dll
[2007/03/05 12:34:28 | 000,403,816 | ---- | C] () -- C:\WINDOWS.0\System32\OGACheckControl.DLL
[2007/01/03 10:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS.0\System32\idxcntrs.ini
[2007/01/03 10:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS.0\System32\gsrvctr.ini
[2007/01/03 10:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS.0\System32\gthrctr.ini
[2006/10/22 12:32:12 | 000,000,562 | ---- | C] () -- C:\WINDOWS.0\dev.ini
[2004/10/13 07:16:56 | 000,335,872 | ---- | C] () -- C:\WINDOWS.0\System32\pageville-utility.dll
[2003/07/24 21:21:08 | 000,345,088 | ---- | C] () -- C:\WINDOWS.0\System32\renMM.dll
[2003/07/01 10:24:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS.0\System32\lame_enc.dll
[2002/09/18 15:14:56 | 000,274,432 | ---- | C] () -- C:\WINDOWS.0\System32\therename.dll
[2002/09/18 15:13:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS.0\System32\renogg.dll
[2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS.0\System32\UNACEV2.DLL
[2002/03/20 21:01:06 | 000,006,688 | ---- | C] () -- C:\WINDOWS.0\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS.0\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS.0\System32\TransportSerial.dll
[2002/03/20 21:00:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS.0\System32\TransportIrDA.dll
[2002/03/20 21:00:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS.0\System32\TransportIrCOMM.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[243 C:\WINDOWS.0\system32\*.tmp files -> C:\WINDOWS.0\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/05/27 20:37:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS.0\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2002/08/29 04:00:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/05/27 20:37:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS.0\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2002/08/29 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 14:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\IBMTOOLS DRIVERS\My Drivers\IBM\Intel® 82801DB Ultra ATA Storage Controller - 24CB\atapi.sys
[2004/08/03 14:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\IBMTOOLS DRIVERS\My Drivers\IBM\Primary IDE Channel\atapi.sys
[2004/08/03 14:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\IBMTOOLS DRIVERS\My Drivers\IBM\Secondary IDE Channel\atapi.sys
[2004/08/03 14:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS.0\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.0\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/03 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS.0\ERDNT\cache\eventlog.dll
[2004/08/03 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS.0\system32\eventlog.dll
[2002/08/29 04:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS.0\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2002/08/29 04:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS.0\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS.0\system32\dllcache\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS.0\system32\netlogon.dll
[2004/08/03 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS.0\$NtUninstallKB968389$\netlogon.dll
[2004/08/03 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS.0\ERDNT\cache\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS.0\ERDNT\cache\scecli.dll
[2004/08/03 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS.0\system32\scecli.dll
[2002/08/29 04:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.0\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS.0\System32\winlogon.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Admin\Desktop\InternetDirectory.exe:SummaryInformation
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:78CE0B72
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 108 bytes -> C:\WINDOWS.0:
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:2FD5CBA1
< End of report >


___________________________________EXTRAS.TXT

OTL Extras logfile created on: 2/18/2010 10:27:02 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 292.00 Mb Available Physical Memory | 29.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 25.17 Gb Free Space | 13.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 524.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- C:\Windows\notepad (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [open_x2] -- "C:\Program Files\zabkat\xplorer2\xplorer2_uc.exe" /1 /M /T "%1" (ZabKat)
Directory [THE Rename] -- "C:\Program Files\THE Rename\rename.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"6197:TCP" = 6197:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2078:TCP" = 2078:TCP:*:Disabled:BlueHost WebDisk
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"6197:TCP" = 6197:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\WINDOWS.0\system32\dpvsetup.exe" = C:\WINDOWS.0\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Namo\WebEditor 2006\bin\WebEditor.exe" = C:\Program Files\Namo\WebEditor 2006\bin\WebEditor.exe:*:Enabled:Namo WebEditor 2006 -- (Sejoong Namo Interactive, Inc.)
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Program Files\WinHTTrack\WinHTTrack.exe" = C:\Program Files\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes -- (HTTrack)
"C:\Program Files\Namo\WebCanvas 2006\bin\WebCanvas.exe" = C:\Program Files\Namo\WebCanvas 2006\bin\WebCanvas.exe:*:Enabled:WebCanvas Application -- (Sejoong Namo Interactive, inc.)
"C:\Program Files\Web Publish\WPWIZ.EXE" = C:\Program Files\Web Publish\WPWIZ.EXE:*:Enabled:Web Publishing Wizard executable -- (Microsoft Corporation)
"C:\Program Files\VonageTalk\vonagetalk.exe" = C:\Program Files\VonageTalk\vonagetalk.exe:*:Enabled:VonageTalk -- ()
"C:\Program Files\SourceTec\Sothink HTML Editor 2.5\SiteManager.exe" = C:\Program Files\SourceTec\Sothink HTML Editor 2.5\SiteManager.exe:*:Enabled:Sothink SiteManager -- (SourceTec Software Co., LTD)
"C:\Documents and Settings\Admin\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Admin\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook -- ()
"C:\Program Files\VCOM\Web Easy Professional 6\WebEasy6.exe" = C:\Program Files\VCOM\Web Easy Professional 6\WebEasy6.exe:*:Enabled:Web Easy Application -- (Avanquest Publishing USA, Inc.)
"C:\WINDOWS.0\system32\fxsclnt.exe" = C:\WINDOWS.0\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\TSW\phpCoder 2008\TSW PhpCoder.exe" = C:\Program Files\TSW\phpCoder 2008\TSW PhpCoder.exe:*:Enabled:TSW PhpCoder 2008 -- ()
"C:\Documents and Settings\Admin\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Admin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- ()
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS.0\explorer.exe" = C:\WINDOWS.0\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012C6848-FE41-4074-9770-DE622D18E331}" = Advanced RSS Mixer
"{0A64756B-89CD-4C79-BD2A-AD0CA1B322DE}" = Weight Loss Oracle
"{0C72E552-45F3-44BC-9D8C-231976A986C6}" = Cycline3 Connection
"{0C9E332C-A366-48A0-8E09-5B1D7E8508D4}" = IFilter Explorer
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0DC9919A-2758-4CB7-9ED3-1FBE4FEEB07A}_is1" = Turbo Page Editor 1.6
"{1129361D-2D8B-4B73-AEB3-038460BCFEC5}" = Business-in-a-Box (Pro Version)
"{130FA2D4-E5B3-4BA8-9C4A-70B615655319}" = Jing
"{193DD0DC-004A-4545-A301-E4A7335C8E41}" = 2400
"{1D1F5791-2425-4D36-AA19-B0574750BC61}_is1" = Trellian WebPage
"{1DF064B9-AA24-11D3-A809-525400DA15B9}" = CyberKit 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD
"{20585CDC-114E-4372-986A-0686B1A37A30}" = Business Plan Pro 2007
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{226F9059-56F3-45E2-BF55-6C3896CB190A}" = Belkin SOHO Networking Utilities
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230A2591-B58D-4008-A8E2-0D2F83527BAC}" = Cycline3 A Simple Dictionary
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{253FCC55-E03D-40D4-A407-3470BE4101C0}" = VistaPrint Electronic Business Card
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{271B64EE-3E1B-4381-A8FE-012390050492}" = ACDSee 6.0 PowerPack
"{294B5513-9A4D-414C-ABC9-6D6656D1C32D}" = Keypict Photo Search
"{295C7ABA-3D12-11D5-99EB-0080C82BC2DE}" = Sothink HTML Editor 2.5
"{2AE6BEFF-867C-4D41-BDC5-F5DE80AED37B}" = Superior SQL Builder v2.1
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2D7D9D86-923A-41A8-919F-437332AB1033}" = Nero 7 Premium
"{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}" = Zoner GIF Animator 5
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{35D4B689-722A-413B-BC6E-8ACA8C1E8636}" = Foxit Reader
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45EC1D8B-57DA-47AD-834F-F7716BE77FF3}" = EasyRecovery FileRepair
"{4B14D5DD-3A2E-452C-822C-876786F58457}" = Testimonials Generator
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51592ABE-532F-4E96-8AE3-97A5AA0FB5D2}" = Desktop Notifier
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54BAD393-E426-4882-A906-7D0DE425CCA8}" = Screencast.com Desktop Uploader
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{578082DB-B171-48D3-B22E-5B1662181051}" = simpleology Wimiki
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5EFA4EA3-0604-458C-A06D-485F6B2724C9}" = PrintKey-Pro v1.05
"{622CD7C3-D46A-1572-E4AA-A437794D049C}" = SocialProfilePro
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A5FE305-1147-400D-9795-8B80E693476A}" = Serif WebPlus SE
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6EEE934B-F292-4995-95BF-4AE871AC42E8}" = Diskeeper 2007 Pro Premier
"{6F396FFB-CC3A-4335-BC0B-2AEF38F4492C}" = Microsoft WSE 2.0 SP3
"{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{743AD0AB-7DA9-4DB7-945A-7485DB785F01}" = MyDesktopHelp.Com's MakoButton
"{76169163-891E-4BC5-88AF-7FA4B8CAC235}" = FLV Producer Lite
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{826C3E36-A1C6-4183-B220-34A113E0CE9F}" = SiteSpinner
"{82FCAE49-4A84-480D-873B-197BAE39CFC2}" = Xara ScreenMaker3D
"{85A70850-C7B5-469C-943A-6D220FA63305}" = Web Easy Professional 6
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{471159EB-BECC-453C-B6F2-FE4FAB29B3F3}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A3C34-1652-472D-84AC-2A4D3D4955BF}" = Namo WebEditor 2006
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
"{9BF0758F-08B5-8CB6-ACE7-FC6EF4263BAA}" = Affiliate Commissions Instantly
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F58867C-1E63-4690-9214-D37B4F976960}" = KeywordCorral
"{a0a67a82-c0ca-11d6-9823-444553540000}" = Magic Subscriber
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7B5CF5F-6BB3-4616-950E-0CF3C9A023AD}" = Namo WebUtilities 2006
"{a92dab39-4e2c-4304-9ab6-bc44e68b55e2}" = Google Update Helper
"{A9DE7D74-A4D9-465A-9EE1-49D1577983AA}" = Namo WebCanvas 2006
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B3C125F4-D272-494C-B55F-7D74763056B0}" = RealOptimizer ACD plug-in
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB46AB60-F603-4FEA-8A0C-590EA4982C0B}" = Web Easy Professional 6
"{BB66FBD5-3283-11D6-9360-0040F60C3ED7}" = Outlook Email Address Extractor
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BCA541B4-00B4-4D20-B38D-6623BF2F68BF}" = Serif PagePlus 9.0
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C8F4800F-52F4-4115-BE64-FF1C23604E86}_is1" = Sothink SWF Easy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D393F85B-474B-404E-BEA3-0D0E846694E3}" = zeta producer Desktop 8 ENU
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{E2BD7723-ACBD-482D-9ADF-7946A132D198}" = Disk Manager
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E7C036E2-C7E4-4964-9BDA-81973341930E}" = Xara Webstyle 4
"{EA82F09E-8991-313C-A015-061D1B14DE25}" = Cooliris for Internet Explorer
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1094D39-431E-4FC5-81CF-67DE4CECEE46}" = EasyRecovery DataRecovery
"{F43867C9-68FD-46C7-B0AF-214356305B5E}" = Microsoft SQL Server Management Studio Express
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FC0F1F55-DB40-462C-9B2E-ABFF2187C147}" = Web-Based Email Tools
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FE9A7847-4496-451B-B39F-CF2C11AFABE5}" = Serif WebManager 1.0
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"3D Button Creator Gold" = 3D Button Creator Gold
"90_Second_Website_Builder" = 90 Second Website Builder 5.5
"AB Keyword Research Tool_is1" = AB Keyword Research Tool
"Abrosoft FantaMorph 4_is1" = Abrosoft FantaMorph 4.0
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.4 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alliterate_is1" = HotBounce Alliterate (1.0.0.0)
"Animated GIF Banner Maker" = Animated GIF Banner Maker
"Antenna" = Antenna
"Article Assistant" = Article Assistant
"Article Notepad_is1" = Article Notepad 1.0
"Article Page Machine_is1" = Article Page Machine 1.0
"AskWeb_is1" = AskWeb
"avast5" = avast! Free Antivirus
"Banner Generator 1.00" = Banner Generator 1.00
"Barcode Magic_is1" = Barcode Magic
"Basic Inventory Control" = Basic Inventory Control
"BizAutomator" = BizAutomator (remove only)
"BlindWrite 6_is1" = BlindWrite 6.0.1.19
"Blog Warrior_is1" = Blog Warrior
"Caterpillar" = Caterpillar
"CDBurn_is1" = CDBurn
"CLC 2002 Registration" = CLC 2002 Registration
"Clip2Net_is1" = Clip2Net 0.7.5b
"CoffeeCup Ad Producer" = CoffeeCup Ad Producer
"CoffeeCup Direct FTP 6.5.5" = CoffeeCup Direct FTP 6.5.5
"CoffeeCup Flash Blogger - Registered" = CoffeeCup Flash Blogger - Registered
"CoffeeCup Flash FireStarter" = CoffeeCup Flash FireStarter
"CoffeeCup Flash Menu Builder" = CoffeeCup Flash Menu Builder
"CoffeeCup Flash Website Font" = CoffeeCup Flash Website Font
"CoffeeCup Flash Website Font Pack" = CoffeeCup Flash Website Font Pack
"CoffeeCup Free Viewer Plus" = CoffeeCup Free Viewer Plus
"CoffeeCup GIF Animator" = CoffeeCup GIF Animator
"CoffeeCup Google SiteMapper" = CoffeeCup Google SiteMapper
"CoffeeCup HTML Editor 2008" = CoffeeCup HTML Editor 2008
"CoffeeCup Image Mapper" = CoffeeCup Image Mapper
"CoffeeCup Live Chat - Registered" = CoffeeCup Live Chat - Registered
"CoffeeCup LockBox" = CoffeeCup LockBox
"CoffeeCup Photo Gallery - Registered" = CoffeeCup Photo Gallery - Registered
"CoffeeCup PixConverter" = CoffeeCup PixConverter
"CoffeeCup Visual Site Designer Software" = CoffeeCup Visual Site Designer Software
"CoffeeCup Web Calendar" = CoffeeCup Web Calendar
"CoffeeCup Web Form Builder - Registered" = CoffeeCup Web Form Builder - Registered
"CoffeeCup Website Color Schemer" = CoffeeCup Website Color Schemer
"Color replacer_is1" = Color replacer
"Content Rewriter Pro_is1" = Content Rewriter Pro v2.0
"CoolSpeech 5.0 with Mary" = CoolSpeech 5.0 with Mary
"Corel Applications" = Corel Applications
"Corporate Identity Designer 1.0" = Corporate Identity Designer 1.0
"CutePage CoolText 1.5" = CutePage CoolText 1.5
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DeadEasy Greeting eCard Maker" = DeadEasy Greeting eCard Maker
"Desktop Viewer_is1" = Desktop Viewer
"DiskEditor" = Acronis DiskEditor
"DriverGuide Toolkit" = DriverGuide Toolkit
"Dynamic Email Validator" = Dynamic Email Validator
"Easy Login" = Easy Login
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Email Templates LITE" = Email Templates LITE
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Evrsoft First Page 2006 Pro_is1" = Evrsoft First Page 2006
"eWhiz Ad Creator V.1" = eWhiz Ad Creator V.1
"FileZilla Client" = FileZilla Client 3.3.1
"FinePrint" = FinePrint
"Flash Photo Show1.1" = Flash Photo Show
"Flash Wizard" = Flash Wizard
"Flash-Creator 1" = Flash-Creator 1
"FlashFXP v3.02 (Build 1045) Scene Edition" = FlashFXP v3.02 (Build 1045) Scene Edition
"Font FX Version 2.50" = Font FX Version 2.50
"FontTwister" = FontTwister 1.3
"GenieLamp1.0.0.2" = GenieLamp
"GetRight Pro_is1" = GetRight
"GetWebPics_is1" = GetWebPics 2.7
"Gigaware Gigaware Multimedia keyboard driver" = Gigaware Multimedia keyboard driver 5.0
"Good Keywords v2.01_is1" = Good Keywords v2.01.100107
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"HTML Stripper" = HTML Stripper
"HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{45EC1D8B-57DA-47AD-834F-F7716BE77FF3}" = EasyRecovery FileRepair Edition
"InstallShield_{F1094D39-431E-4FC5-81CF-67DE4CECEE46}" = EasyRecovery DataRecovery
"IrfanView" = IrfanView (remove only)
"JavaScript Vault" = JavaScript Vault
"Jian - Agreement Builder" = Jian - Agreement Builder (remove only)
"Keyword Cloud Generator_is1" = Keyword Cloud Generator 1.0.21
"Klipfolio" = Klipfolio (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.80 Full
"Load SWF_is1" = Load SWF 1.1
"Macro Marketer" = Macro Marketer
"Magic ISO Maker v5.0 (build 0166)" = Magic ISO Maker v5.0 (build 0166)
"Magic Swf2Gif_is1" = Magic Swf2Gif 1.35
"MagniBar - The Magnificant Toolbar" = MagniBar - The Magnificant Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MigrateEasy" = Acronis MigrateEasy
"moneysiphonvip viral rebrander_is1" = moneysiphonvip viral rebrander
"morpher" = Morpher
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Multiplication Game" = Multiplication Game
"MyPhotoIndex" = My Photo Index
"name_numerology toolbar" = Name_Numerology Toolbar
"News Scroller Wizard" = News Scroller Wizard 2.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Offline Email Extractor 2.0_is1" = Offline Email Extractor 2.0
"Oven Fresh Meta Tag Maker 3.5" = Oven Fresh Meta Tag Maker 3.5
"Page Generator_is1" = Page Generator 1.0
"PaRaMeter_is1" = PaRaMeter 1.3
"PDF2Web v1.6_is1" = PDF2Web v1.6
"Personal Web Search" = Personal Web Search
"PersonalInfoKeeper" = Personal Info Keeper 2.0
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PrivacyExpert" = Acronis Privacy Expert Suite
"Project Organizer_is1" = Project Organizer
"Promobuddy 2.0" = Promobuddy 2.0
"ProposalSmartz Desktop 4.0" = ProposalSmartz Desktop 4.0
"PROSet" = Intel® PRO Network Connections Drivers
"QuickArticlePro 3 .0" = QuickArticlePro 3 .0
"QuickEdit" = QuickEdit (remove only)
"QuickLogin" = QuickLogin 3.0
"QuicktimeAlt_is1" = QuickTime Alternative 1.70
"RapidKey" = RapidKey 1.6
"RealAlt_is1" = Real Alternative 1.49
"RecoveryExpert" = Acronis RecoveryExpert
"RedShift Freestyle" = RedShift Freestyle
"RegCure" = RegCure 1.5.0.0
"Rolodex Poster_is1" = Rolodex Poster
"Salehoo Alert_is1" = Salehoo Alert 1.1.3
"Sales Letter Creator 1.4" = Sales Letter Creator 1.4
"Search Engine Commando" = Search Engine Commando
"Security Task Manager" = Security Task Manager 1.7h
"SelfAccounts" = SelfAccounts 1.01
"SEO Altimeter_is1" = SEO Altimeter 2.3
"SEOLab Professional_is1" = SEOLab Professional v2009.011009
"SEOToolkit30_is1" = Trellian SEO Toolkit v3.0
"Shockwave" = Shockwave
"Show.kit 1.3_is1" = Show.kit 1.3
"Show.kit_is1" = Show.kit
"SilverName_is1" = SilverName v2.0
"Simple Sales Copy_is1" = Simple Sales Copy
"Site Profit Bot 1.4" = Site Profit Bot 1.4
"Snazzy Affiliate Organizer_is1" = Snazzy Affiliate Organizer V1.0.0
"Sound Editor_is1" = Sound Editor
"spywareblaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = Background Magic
"ST6UNST #2" = GCDCreator v1.1.0
"ST6UNST #3" = Cycline3's Jesse6 HTML/TXT Editor 6
"ST6UNST #4" = CommissionStats
"ST6UNST #5" = Cycline3 Simone 5
"ST6UNST #6" = URL.BIZ Site Submitter
"ST6UNST #8" = Cycline3 Auction Listing Creator 6.5.1
"stealthadvertiser_is1" = stealthadvertiser
"textBEAST FREE CLIPBOARD+_is1" = textBEAST FREE CLIPBOARD+ 1.9.14
"TextSound" = TextSound
"Texture Maker_is1" = Texture Maker 3.03
"The Logo Creator v3" = The Logo Creator v3
"THE Rename_is1" = THE Rename 2.1.6
"TheDowser Free Edition_is1" = TheDowser Free Edition v5.3.0
"ToolbarBrowser_is1" = ToolbarBrowser v2.4
"TopMail" = TopMail
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"Traffic Travis_is1" = Traffic Travis 3.1.12
"Trellian CodePad_is1" = Trellian CodePad 1.3
"Trellian Dictionary_is1" = Trellian Dictionary v1.0
"Trellian LiveUpgrade_is1" = Trellian LiveUpgrade v2.0
"tswphpcoder2008_is1" = TSW phpCoder 2008
"tswsitesync100_is1" = TSW SiteSync
"tswwebcoder700_is1" = TSW WebCoder 2007
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Twitter FriendAdder" = Twitter FriendAdder
"UltraISO_is1" = UltraISO Premium V8.6
"Viral Article Publisher_is1" = Viral Article Publisher
"Virus Effect Remover - Version 3.2.1.25_20100131_is1" = Virus Effect Remover©
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Design Group CSS Reference_is1" = Web Design Group CSS Reference
"Web Design Group HTML Reference_is1" = Web Design Group HTML Reference
"Web Page Maker_is1" = Web Page Maker v1.52
"Web Site Software_is1" = Web Site Software 9.03.16
"WebCEO70_is1" = Web CEO 7.7
"WebDesigner" = Microsoft Expression Web
"WebPage-O-Matic Business Edition" = WebPage-O-Matic Business Edition
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Website Downloader 1.6_is1" = Website Downloader 1.6
"WebSmartz 3.0 Professional" = WebSmartz 3.0 Professional
"whereisit-wii_is1" = WhereIsIt? 3.51
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.42
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinRAR Themes Addon" = WinRAR Themes Addon
"WinZip 10 Pro" = WinZip 10 Pro
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Writer's Blocks" = Writer's Blocks
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xara Web Designer UK" = Xara Web Designer
"Xara Xtreme 4 UK" = Xara Xtreme 4
"XHeader" = XHeader
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"xplorer2p" = xplorer² professional
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XSitePro2" = XSitePro2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe ConnectNow" = Adobe ConnectNow
"dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.1.0.366
"magicJack Outlook Add-In" = magicJack Outlook Add-In 1.0.3.521
"speed typing" = Speed Typing

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2010 8:03:41 AM | Computer Name = IBM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/7/2010 8:15:34 AM | Computer Name = IBM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/7/2010 1:29:39 PM | Computer Name = IBM | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/7/2010 1:32:28 PM | Computer Name = IBM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/7/2010 1:40:48 PM | Computer Name = IBM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/7/2010 1:52:18 PM | Computer Name = IBM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/7/2010 1:58:42 PM | Computer Name = IBM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2/8/2010 4:22:09 AM | Computer Name = IBM | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

Error - 2/10/2010 7:28:05 PM | Computer Name = IBM | Source = Google Update | ID = 20
Description =

Error - 2/10/2010 8:28:05 PM | Computer Name = IBM | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 8/23/2008 5:42:38 PM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1165
seconds with 900 seconds of active time. This session ended with a crash.

Error - 12/28/2008 2:10:40 AM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 599
seconds with 540 seconds of active time. This session ended with a crash.

Error - 1/2/2009 6:44:49 AM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3835
seconds with 900 seconds of active time. This session ended with a crash.

Error - 1/17/2009 8:11:49 AM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3242
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 3/22/2009 8:44:07 PM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2009 5:20:31 AM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7260
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 6/16/2009 12:38:31 PM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/16/2009 12:38:49 PM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/2/2009 10:00:36 AM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 128
seconds with 120 seconds of active time. This session ended with a crash.

Error - 9/23/2009 10:25:55 PM | Computer Name = IBM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1223
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/12/2010 6:14:02 PM | Computer Name = IBM | Source = Print | ID = 23
Description = Printer LogoSmartz failed to initialize because a suitable Xerox DocuTech
135 PS2 driver could not be found.

Error - 2/12/2010 6:22:01 PM | Computer Name = IBM | Source = PlugPlayManager | ID = 12
Description = The device 'Plug and Play Software Device Enumerator' (Root\SYSTEM\0000)
disappeared from the system without first being prepared for removal.

Error - 2/12/2010 6:22:01 PM | Computer Name = IBM | Source = PlugPlayManager | ID = 12
Description = The device 'Microcode Update Device' (Root\SYSTEM\0001) disappeared
from the system without first being prepared for removal.

Error - 2/12/2010 6:22:01 PM | Computer Name = IBM | Source = PlugPlayManager | ID = 12
Description = The device 'Microsoft System Management BIOS Driver' (Root\SYSTEM\0002)
disappeared from the system without first being prepared for removal.

Error - 2/13/2010 2:55:16 PM | Computer Name = IBM | Source = Workstation | ID = 5727
Description = Could not load Rdbss device driver.

Error - 2/13/2010 2:55:16 PM | Computer Name = IBM | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 2/13/2010 2:55:31 PM | Computer Name = IBM | Source = Print | ID = 23
Description = Printer LogoSmartz failed to initialize because a suitable Xerox DocuTech
135 PS2 driver could not be found.

Error - 2/13/2010 3:07:52 PM | Computer Name = IBM | Source = PlugPlayManager | ID = 12
Description = The device 'Plug and Play Software Device Enumerator' (Root\SYSTEM\0000)
disappeared from the system without first being prepared for removal.

Error - 2/13/2010 3:07:52 PM | Computer Name = IBM | Source = PlugPlayManager | ID = 12
Description = The device 'Microcode Update Device' (Root\SYSTEM\0001) disappeared
from the system without first being prepared for removal.

Error - 2/13/2010 3:07:52 PM | Computer Name = IBM | Source = PlugPlayManager | ID = 12
Description = The device 'Microsoft System Management BIOS Driver' (Root\SYSTEM\0002)
disappeared from the system without first being prepared for removal.


< End of report > thumbup.gif


#4 thriftgirl62

thriftgirl62
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 18 February 2010 - 03:10 PM

where is the randomized version of gmer? wizardball.gif

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:37 AM

Posted 18 February 2010 - 03:20 PM

Please download GMER fromthids location and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)

If that won't work please run mbr.exe:
Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 thriftgirl62

thriftgirl62
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 21 February 2010 - 07:35 AM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86A7C378]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x86a7c378
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x8659f690
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x017BD1417 wacko.gif
malicious code @ sector 0x017BD141A !
PE file found in sector at 0x017BD1430 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.



SO FAR THE ONLY FUN THING WAS GOING BACK TO THE DAYS WHEN DOS WAS KING!!

THESE RESULTS ARE NOT GOOD... NOW WHAT?

Edited by thriftgirl62, 21 February 2010 - 07:36 AM.


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:37 AM

Posted 21 February 2010 - 09:37 AM

Hi,

I believe you have been infected by a MBR rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to clean please run:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -f >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 thriftgirl62

thriftgirl62
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 21 February 2010 - 10:06 AM


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x86a7c378
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x8659f690
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x017BD1417
malicious code @ sector 0x017BD141A !
PE file found in sector at 0x017BD1430 !
Use "Recovery Console" command "fixmbr" to clear infection !


I went to the Recovery Console a long time ago but I didn't know what to do with it.
The mbr.log won't overwrite the old file so I had to delete it first.




#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:37 AM

Posted 21 February 2010 - 01:02 PM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 thriftgirl62

thriftgirl62
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 21 February 2010 - 10:18 PM


It will not run that ComboFix at all. It opens it for about 12 seconds and then shuts down.

I do have the RECOVERY CONSOLE in this computer, I've been there already but what

do I do to fix this thing??



crazy.gifRight now it's running the CPU at what seems like 100% but why?


#11 thriftgirl62

thriftgirl62
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 22 February 2010 - 05:47 AM

SHOCKING UPDATE!!


Like I reported above, it would not run that combofix so I went into the RECOVERY CONSOLE and did the fixmbr

which it did partially. Something was still wrong but I don't know what and then I forgot about the emergency boot

cd that was still in the cd drive with alot of dos tools and antivirus programs so after running rkill a few times and trying

at least 8 more times to get combofix to run - it almost did but wouldn't go more than 25-30 seconds


I decided to go back to the cd and try the spy bot - but that had to be downloaded so then I went to Ad-Aware and quickly

started that up and it ran all the way through with the CPU at 100% at the end it found the root thing and 2 other files which

I removed. Here's the shocking part: it was AD-Aware 5.0 with definitions dated 6-15-2002



Now it's sitting there - what's next? How did it remove it with 2002 definitions?

It said it was in the registry?
clapping.gif

Edited by thriftgirl62, 22 February 2010 - 05:51 AM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:37 AM

Posted 22 February 2010 - 04:11 PM

Hi,

please remove ComboFix from your Desktop, download a fresh copy and save it as fun.exe.
Try running it again then.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 thriftgirl62

thriftgirl62
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 23 February 2010 - 04:58 PM

c:\documents and settings\Admin\Application Data\drivers\downld\97032687.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97033171.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97033843.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97034328.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97034546.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97034718.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97035046.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97035281.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97036109.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97036609.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97037218.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97037671.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97037937.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97038109.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97038296.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97043437.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97044265.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97044703.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97045187.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97051968.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97052546.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97052953.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97053984.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97054437.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97054765.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97054984.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97056265.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97057593.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97058218.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97058671.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97058875.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97058984.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97059218.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97059421.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97060296.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97065703.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97066031.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97066203.exe
c:\documents and settings\Admin\Application Data\drivers\downld\97066406.exe
c:\documents and settings\Admin\Application Data\drivers\winupgro.exe
c:\documents and settings\Admin\Application Data\EurekaLog
c:\documents and settings\Admin\Cookies\fujibin._sy
c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Shortcuts
C:\ErrLog.txt
C:\Thumbs.db
c:\windows.0\a3kebook.ini
c:\windows.0\akebook.ini
c:\windows.0\ANS2000.INI
c:\windows.0\EventSystem.log
c:\windows.0\system32\_003513_.tmp.dll
c:\windows.0\system32\_003514_.tmp.dll
c:\windows.0\system32\_003515_.tmp.dll
c:\windows.0\system32\_003516_.tmp.dll
c:\windows.0\system32\_003523_.tmp.dll
c:\windows.0\system32\_003524_.tmp.dll
c:\windows.0\system32\_003525_.tmp.dll
c:\windows.0\system32\_003527_.tmp.dll
c:\windows.0\system32\_003528_.tmp.dll
c:\windows.0\system32\_003531_.tmp.dll
c:\windows.0\system32\_003532_.tmp.dll
c:\windows.0\system32\_003535_.tmp.dll
c:\windows.0\system32\_003536_.tmp.dll
c:\windows.0\system32\_003538_.tmp.dll
c:\windows.0\system32\_003541_.tmp.dll
c:\windows.0\system32\_003542_.tmp.dll
c:\windows.0\system32\_003547_.tmp.dll
c:\windows.0\system32\_003549_.tmp.dll
c:\windows.0\system32\_003551_.tmp.dll
c:\windows.0\system32\_003552_.tmp.dll
c:\windows.0\system32\_003554_.tmp.dll
c:\windows.0\system32\_003555_.tmp.dll
c:\windows.0\system32\_003556_.tmp.dll
c:\windows.0\system32\_003557_.tmp.dll
c:\windows.0\system32\_003560_.tmp.dll
c:\windows.0\system32\_003561_.tmp.dll
c:\windows.0\system32\_003562_.tmp.dll
c:\windows.0\system32\_003563_.tmp.dll
c:\windows.0\system32\_003564_.tmp.dll
c:\windows.0\system32\_003569_.tmp.dll
c:\windows.0\system32\_003571_.tmp.dll
c:\windows.0\system32\_003572_.tmp.dll
c:\windows.0\system32\nat11.dll
c:\windows.0\system32\SHELLLNK.TLB
c:\windows.0\system32\srosa2.sys
c:\windows.0\system32\Thumbs.db
c:\windows.0\system32\wfsintwq.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2013-03-17 23:24 . 2013-03-17 23:24 61440 ----a-w- c:\windows.0\system32\W32N50.dll
2010-02-22 03:43 . 2010-02-22 14:42 -------- d-----w- c:\program files\Lavasoft Ad-Aware
2010-02-22 03:32 . 2010-02-22 03:32 -------- d-----w- C:\!KillBox
2010-02-21 12:27 . 2010-02-21 12:27 77312 ----a-w- C:\mbr.exe
2010-02-14 00:51 . 2010-02-14 00:51 -------- d-----w- c:\documents and settings\Administrator.IBM\Local Settings\Application Data\Google
2010-02-13 23:52 . 2010-02-13 23:52 -------- d-----w- c:\documents and settings\Administrator.IBM\Local Settings\Application Data\Microsoft
2010-02-13 23:52 . 2009-10-21 16:12 -------- d-sh--w- c:\documents and settings\Administrator.IBM\IETldCache
2010-02-13 23:52 . 2008-06-10 10:09 -------- d-----w- c:\documents and settings\Administrator.IBM\Local Settings\Application Data\Microsoft Help
2010-02-13 23:52 . 2010-02-13 23:52 -------- d-----w- c:\documents and settings\Administrator.IBM
2010-02-12 19:07 . 2010-02-12 19:07 -------- d-sh--w- c:\documents and settings\Website Files\PrivacIE
2010-02-12 19:05 . 2010-02-12 19:05 -------- d-----w- c:\documents and settings\Website Files\Application Data\TuneUp Software
2010-02-11 01:13 . 2010-02-11 01:13 -------- d-----w- c:\documents and settings\Website Files\Application Data\Malwarebytes
2010-02-08 17:07 . 2001-08-17 20:19 553984 ----a-w- c:\windows.0\system32\dllcache\adm8820.sys
2010-02-08 17:07 . 2001-08-17 20:19 584448 ----a-w- c:\windows.0\system32\dllcache\adm8810.sys
2010-02-08 17:07 . 2001-08-17 20:11 20160 ----a-w- c:\windows.0\system32\dllcache\adm8511.sys
2010-02-08 17:06 . 2001-08-17 21:53 7424 ----a-w- c:\windows.0\system32\dllcache\adicvls.sys
2010-02-08 17:06 . 2001-08-18 06:36 61440 ----a-w- c:\windows.0\system32\dllcache\acerscad.dll
2010-02-08 17:06 . 2004-08-04 06:32 84480 ----a-w- c:\windows.0\system32\dllcache\ac97via.sys
2010-02-08 17:06 . 2001-08-17 20:20 297728 ----a-w- c:\windows.0\system32\dllcache\ac97sis.sys
2010-02-08 17:06 . 2001-08-17 20:20 96256 ----a-w- c:\windows.0\system32\dllcache\ac97intc.sys
2010-02-08 17:06 . 2004-08-04 06:32 231552 ----a-w- c:\windows.0\system32\dllcache\ac97ali.sys
2010-02-08 17:06 . 2001-08-17 21:52 23552 ----a-w- c:\windows.0\system32\dllcache\abp480n5.sys
2010-02-08 17:06 . 2001-08-18 06:36 462848 ----a-w- c:\windows.0\system32\dllcache\a3dapi.dll
2010-02-08 17:05 . 2001-08-17 22:55 38400 ----a-w- c:\windows.0\system32\dllcache\8514a.dll
2010-02-08 17:05 . 2004-08-04 07:10 48128 ----a-w- c:\windows.0\system32\dllcache\61883.sys
2010-02-08 17:05 . 2004-08-04 07:00 12288 ----a-w- c:\windows.0\system32\dllcache\4mmdat.sys
2010-02-08 17:05 . 2001-08-17 20:48 148352 ----a-w- c:\windows.0\system32\dllcache\3dfxvsm.sys
2010-02-08 17:05 . 2001-08-17 22:55 689216 ----a-w- c:\windows.0\system32\dllcache\3dfxvs.dll
2010-02-08 17:05 . 2001-08-17 21:28 762780 ----a-w- c:\windows.0\system32\dllcache\3cwmcru.sys
2010-02-08 17:03 . 2003-03-25 00:52 49210 ----a-w- c:\windows.0\system32\dllcache\fp4areg.dll
2010-02-08 17:03 . 2003-03-25 00:52 102509 ----a-w- c:\windows.0\system32\dllcache\fp4atxt.dll
2010-02-08 17:03 . 2003-03-25 00:52 82035 ----a-w- c:\windows.0\system32\dllcache\fp4anscp.dll
2010-02-08 17:03 . 2003-03-25 00:52 147513 ----a-w- c:\windows.0\system32\dllcache\fp4apws.dll
2010-02-08 17:03 . 2004-05-13 08:39 184435 ----a-w- c:\windows.0\system32\dllcache\fp4amsft.dll
2010-02-08 17:03 . 2004-08-04 04:00 46592 ----a-w- c:\windows.0\system32\dllcache\coadmin.dll
2010-02-08 16:37 . 2010-02-08 16:37 -------- d-----w- c:\program files\Virus Secure Lab
2010-02-08 05:15 . 2010-02-08 05:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Office Genuine Advantage
2010-02-07 08:24 . 2010-02-08 04:42 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-07 01:43 . 2010-02-23 09:40 -------- d--h--w- c:\documents and settings\Admin\Application Data\drivers
2010-02-04 07:16 . 2010-02-07 18:58 -------- d-----w- c:\program files\FLV Producer Lite
2010-02-02 09:26 . 2010-01-28 21:54 94800 ----a-w- c:\windows.0\system32\drivers\aswmon.sys
2010-02-02 09:25 . 2010-01-28 22:09 38848 ----a-w- c:\windows.0\system32\avastSS.scr
2010-02-02 09:25 . 2010-01-28 22:09 152672 ----a-w- c:\windows.0\system32\aswBoot.exe
2010-02-02 09:24 . 2010-02-02 09:24 -------- d-----w- c:\program files\Alwil Software
2010-02-02 09:24 . 2010-02-02 09:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Alwil Software
2010-01-30 00:57 . 2010-01-30 00:57 -------- d-----w- c:\documents and settings\Admin\Application Data\Xilisoft Corporation
2010-01-30 00:52 . 2010-01-30 00:52 -------- d-----w- c:\program files\Xilisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 09:50 . 2009-03-07 21:36 -------- d-----w- c:\documents and settings\Admin\Application Data\Dropbox
2010-02-23 02:29 . 2008-11-09 19:12 -------- d-----w- c:\program files\QuickArticlePro 3 .0
2010-02-21 16:00 . 2008-03-09 09:12 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-20 07:58 . 2008-02-23 05:43 -------- d-----w- c:\documents and settings\Admin\Application Data\FileZilla
2010-02-18 04:39 . 2009-02-23 00:41 -------- d-----w- c:\program files\SpecialOperationsSoftware
2010-02-13 08:13 . 2008-02-13 23:49 -------- d---a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2010-02-12 19:06 . 2007-05-28 21:14 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-02-11 01:16 . 2008-05-02 14:39 276800 ----a-w- c:\documents and settings\Website Files\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-10 11:10 . 2009-10-11 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 19:26 . 2008-04-30 04:30 -------- d-----w- c:\program files\CoffeeCup Software
2010-02-07 18:13 . 2006-02-26 02:39 -------- d-----w- c:\program files\Lavasoft
2010-02-07 18:13 . 2007-07-10 07:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Lavasoft
2010-02-07 12:21 . 2008-03-08 16:14 -------- d-----w- c:\program files\SpywareBlaster
2010-02-07 11:57 . 2008-05-06 08:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-07 11:08 . 2007-05-28 21:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2010-02-07 08:01 . 2008-03-07 14:16 -------- d-----w- c:\program files\CyberKit 3.0
2010-02-07 02:14 . 2009-12-30 22:55 -------- d-----w- c:\program files\Security Task Manager
2010-02-03 14:01 . 2010-01-16 08:43 0 ----a-w- c:\documents and settings\HelpAssistant\ntuser.tmp
2010-02-02 09:29 . 2007-01-10 21:59 -------- d-----w- c:\program files\Google
2010-01-21 02:45 . 2009-12-30 22:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\SecTaskMan
2010-01-18 18:04 . 2010-01-05 05:51 -------- d-----w- c:\program files\Tweet Whistle
2010-01-18 18:00 . 2006-02-26 02:43 -------- d-----w- c:\program files\Broderbund
2010-01-17 03:13 . 2009-12-07 07:34 -------- d-----w- c:\program files\Data Doctor Back Link Checker Trial Version
2010-01-15 15:53 . 2009-12-07 07:34 48 ----a-w- c:\windows.0\system32\regddlc.DAT
2010-01-14 19:12 . 2010-01-14 23:57 181120 ------w- c:\windows.0\system32\MpSigStub.exe
2010-01-12 04:29 . 2008-03-31 05:53 -------- d-----w- c:\program files\IrfanView
2010-01-08 00:07 . 2009-10-11 15:34 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-10-11 15:34 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2010-01-07 16:58 . 2008-02-23 05:07 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-06 18:53 . 2009-04-06 06:13 -------- d-----w- c:\program files\Easy Login
2010-01-06 18:53 . 2010-01-01 09:13 -------- d-----w- c:\program files\FileFactory Turbo
2010-01-05 17:27 . 2010-01-01 23:39 -------- d-----w- c:\documents and settings\Admin\Application Data\FileFactory Turbo
2010-01-04 21:17 . 2008-05-22 17:16 -------- d-----w- c:\program files\emext
2010-01-04 16:08 . 2009-12-02 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Article Architect
2010-01-03 18:49 . 2009-11-29 13:13 -------- d-----w- c:\program files\Affiliate Elite
2010-01-02 10:20 . 2009-10-08 08:52 -------- d-----w- c:\program files\Blog Warrior
2009-12-31 04:06 . 2008-05-20 03:34 -------- d-----w- c:\program files\VonageTalk
2009-12-31 04:05 . 2007-05-28 21:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\FLEXnet
2009-12-31 02:21 . 2006-02-26 00:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 23:05 . 2008-11-09 16:39 -------- d-----w- c:\program files\Search Engine Commando
2009-12-27 18:08 . 2009-12-10 07:44 -------- d-----w- c:\program files\Site Profit Bot
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows.0\system32\GPhotos.scr
2009-12-09 09:03 . 2007-05-29 01:41 276800 -c--a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 17:41 . 2009-11-07 17:40 1558866 ----a-w- c:\program files\bonus.zip
2009-11-07 14:29 . 2009-11-07 14:29 361666 ----a-w- c:\program files\Download_webplayer_premium.exe
2008-10-07 10:36 . 2008-10-07 10:36 108 --sha-r- c:\windows.0\neoqaz2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ab61b189-50ed-49fd-b840-9d2fb06bbf73}"= "c:\program files\Name_Numerology\tbNam1.dll" [2010-02-12 2349080]

[HKEY_CLASSES_ROOT\clsid\{ab61b189-50ed-49fd-b840-9d2fb06bbf73}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ab61b189-50ed-49fd-b840-9d2fb06bbf73}]
2010-02-12 19:07 2349080 ----a-w- c:\program files\Name_Numerology\tbNam1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ab61b189-50ed-49fd-b840-9d2fb06bbf73}"= "c:\program files\Name_Numerology\tbNam1.dll" [2010-02-12 2349080]

[HKEY_CLASSES_ROOT\clsid\{ab61b189-50ed-49fd-b840-9d2fb06bbf73}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{AB61B189-50ED-49FD-B840-9D2FB06BBF73}"= "c:\program files\Name_Numerology\tbNam1.dll" [2010-02-12 2349080]

[HKEY_CLASSES_ROOT\clsid\{ab61b189-50ed-49fd-b840-9d2fb06bbf73}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunPikeeper"="c:\program files\HighCriteria\PersonalInfoKeeper\pikeeper.exe" [2001-06-22 450560]
"Adaware Bootup"="c:\program files\Lavasoft Ad-Aware\Ad-aware.exe" [2002-06-17 343552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2009-01-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Mozy Status.lnk.disabled [2009-8-3 618]
Yahoo! Widget Engine.lnk.disabled [2006-2-25 786]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2009-12-30 21968784]
VistaMessage.exe [2009-4-30 585728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows.0\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk.disabled]
backup=c:\windows.0\pss\Adobe Acrobat Speed Launcher.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk.disabled]
backup=c:\windows.0\pss\Adobe Acrobat Synchronizer.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows.0\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows.0\pss\HP Image Zone Fast Start.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 04:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 22:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 20:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=c:\windows.0\system32\ctfmon.exe
"OfotoNow USB Detection"=c:\windows.0\system32\RunDLL32.exe c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
"Jing"=c:\program files\TechSmith\Jing\Jing.exe
"cdloader"="c:\documents and settings\Admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" autostart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Acronis Scheduler2 Service"=c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"HotKeysCmds"=c:\windows.0\system32\hkcmd.exe
"IgfxTray"=c:\windows.0\system32\igfxtray.exe
"LWBKEYBOARD"=c:\program files\Gigaware\Gigaware keyboard driver\5.0\KbdAp32A.exe
"Acronis Popup Blocker"=RunDll32.exe c:\progra~1\Acronis\PRIVAC~1\POP-UP~1.DLL,Run
"wben"="c:\program files\Starfield\Desktop Notifier\wben.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS.0\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Namo\\WebEditor 2006\\bin\\WebEditor.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Program Files\\Namo\\WebCanvas 2006\\bin\\WebCanvas.exe"=
"c:\\Program Files\\Web Publish\\WPWIZ.EXE"=
"c:\\Program Files\\VonageTalk\\vonagetalk.exe"=
"c:\\Program Files\\SourceTec\\Sothink HTML Editor 2.5\\SiteManager.exe"=
"c:\documents and settings\Admin\Application Data\Facebook\facebook.exe"= c:\documents and settings\Admin\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\VCOM\\Web Easy Professional 6\\WebEasy6.exe"=
"c:\\WINDOWS.0\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TSW\\phpCoder 2008\\TSW PhpCoder.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS.0\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2078:TCP"= 2078:TCP:*:Disabled:BlueHost WebDisk
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6197:TCP"= 6197:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3246:TCP"= 3246:TCP:Services

R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [6/22/2007 8:22 AM 95592]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/8/2009 11:31 PM 133104]
S2 SECScheduleService;Search Engine Commando Schedule Service;c:\program files\Search Engine Commando\ScheduleService.exe --> c:\program files\Search Engine Commando\ScheduleService.exe [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows.0\system32\DRIVERS\klmouflt.sys --> c:\windows.0\system32\DRIVERS\klmouflt.sys [?]
S3 USB Wireless USB Adapter®;USB Wireless USB Adapter® Service for Wireless USB Adapter;c:\windows.0\system32\drivers\vnetusbr.sys [8/6/2002 3:38 PM 87168]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows.0\system32\drivers\netusbxp.sys [4/7/2008 12:10 PM 72576]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 07:31]

2010-02-23 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 07:31]

2010-02-23 c:\windows.0\Tasks\OGALogon.job
- c:\windows.0\system32\OGAEXEC.exe [2009-08-03 23:07]

2010-02-23 c:\windows.0\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2010-02-18 c:\windows.0\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2010-02-21 c:\windows.0\Tasks\User_Feed_Synchronization-{99F855B5-FFE1-499C-94D2-CA8113761326}.job
- c:\windows.0\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{7468D7EB-1172-4554-B91D-4E4A845EBF91} - www.infosaic.com
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795}
IE: {{CB3177A5-DE46-496C-91CC-EC63CCF9BEF4} - c:\program files\Easy Login\EasyLogin.js
IE: {{6170AB22-F1E5-4D4F-8F6C-826C73838581} - {30E44B64-8FCD-43BC-BB6A-84BD312B8E0C} -
Trusted Zone: amazon.com\www
Trusted Zone: blinkweb.com\www
Trusted Zone: comcast.net\smartzone.mail
Trusted Zone: comcast.net\www
Trusted Zone: google.com\www
Trusted Zone: hotmail.com\www
Trusted Zone: infosaic.com\www
Trusted Zone: linkshare.com\helpcenter
Trusted Zone: linkshare.com\www
Trusted Zone: linksynergy.com\cli
Trusted Zone: maximumplr.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: nicheprofitclassroom.com\www
Trusted Zone: nvo.com\www
Trusted Zone: paypal.com\www
Trusted Zone: productioncarcare.net\www
Trusted Zone: traffickahuna.com\www
Trusted Zone: virallinktracker.com\www
Trusted Zone: yahoo.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows.0\Java\classes\xmldso.cab
DPF: Pathworks Clipboard Handler ActiveX Control - hxxps://pw0003354.helpstream.biz/ActiveX/ClipboardHandler.CAB
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkpz1o4r.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\OpenOffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {4DCD16A7-C8E0-4D32-BC36-BB28B7607349} - c:\documents and settings\Admin\Local Settings\Application Data\{4DCD16A7-C8E0-4D32-BC36-BB28B7607349}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: browser.blink_allowed - false
FF - user.js: ui.submenuDelay - 65000
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 01:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQLEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6D95C0E3-F75F-05C9-813E-06AB93D6F371}*]
"daojfmki"=hex:64,62,6a,6c,63,70,66,64,6b,69,64,6d,6f,69,6a,6c,62,70,66,6e,6e,
69,65,6c,6b,63,68,6e,6b,6a,68,61,70,68,6b,62,63,70,66,6b,00,00
"iankmagnghnjlijnej"=hex:69,61,61,67,6a,68,6b,65,6e,6c,66,6c,6b,63,6f,6d,6a,61,
00,00
"hallcfcbhglglncn"=hex:69,61,61,67,6a,68,6b,65,6e,6c,66,6c,6b,63,6f,6d,6a,61,
00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="5C799BA6EE6621A767F25A85127565664355965F494A1E91D435CD78F6AABDFAA20F5B584A3FA188833F8213D655C68C9911D62BF8B1D5AD1FD463000974775A830DB1486086824F58251824AFA36DAF8CC15C3E9E669DAD78971E73C6EEFABBBED49F15F313D9D6719E50B939A036DB159AAF97D533B7ED69077DF3E9108C6E08E9B823FA221480CFC87497C8F2D022216F717C6FC439D16B5314E85FAE49C508F5A69920536EAFE9E260C5E4244117143CD1F66F2E09BE6E4E0BFA49049B175BC124E2C22C7C4B27D30811499FDDD3439C18D31066661D556F9B1A7DB2C63D1040812FF392A4BFE4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CBA7FD869164D67949DB7CE019D40AA5CF5E78836625A77ECDC2AF3A8952B9F11C17E18F43DF0086CB3E2EED2471258EDA3437678F90ACC5D4FBB70E01E507A05B527B45DC790A72FA97F08FBA5B8AEF0E50D913C6247794C3E6B57119D7D8496D1564AB7E3D1F535DB4BE55DCC3C442E8C78638F144C6F037101EE83519140DA7588802B39D5A802639833196E2520B408CDB3B168A524BBD5D8C3375F3FB6DAA64F46935595778A00CEDA8823514C86F067901B9FB693A7FA62245DD00E72140E504800A95D9F3A13E50FB863F0541B02B4CD74DE343DE915A322DE105783777943FD348BCB61EDA16E46E80F09CA5E1B3981992A28A19BFAB31754EE4B7DE9D7F69D28B45402F8D589B68F67F046AEBC0D041E7070C848A83F9C0DA2EB78C4BF4C238642BFCA1F7DEDE0531357DF5E1059F4C7FD3FBD70BE07920C428F905468B84F30B52B861C8AE404129C3DB4365E5FB58D88988C86025D9B8649E2E3D9B04527B77483871F944EA45B737467EF18F16D1FA6594BF3D7AC9FE79A62168B190FF0E3488D21C6D21B8DF3E7A89DBA4F77845DD22C0F95CE7048CDF8E1511144473A315D62AC2C25524B55B1567F3A3AEB2B5EED94723914B9868C0D883E87FDB452CFC7EB86D80C0EAE2B6ACCBB0435DED26B3B6793247EAB0C29E3D08E0132AD4E2279EA10C8AE7B4D5592B104253E73310161CF168F837E515FEC09F380F0A285BFCE73ADEF565F00E90A7E8E1BF8E0C052EB4A20A4C000919CFCD42902701394F482EC47B4700EE3B098FE93D92B713FC24AA95C85758E4A834C2AE66F8894DAC0B81349EE8FF15AA5E85352474085AFED509279C58520BFEA77546E2CB6507ED67575A6EEE90A887A07728A40C710D621B500AA6D78BAF85DFEF1820C9B83E49EA0F751F4D8E7D792E8A30491741940DC94BDA6787A7D4199C6F46A58FC803CB38A5344395AB2F407628387001CBA3957EC70A6D6DB96271219A6F3CE42AAF3656311F96290A350A4AE0462423AA455F8230BE9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3380)
c:\windows.0\system32\WININET.dll
c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\webcheck.dll
c:\windows.0\system32\WPDShServiceObj.dll
c:\windows.0\system32\PortableDeviceTypes.dll
c:\windows.0\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows.0\system32\netdde.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows.0\system32\fxssvc.exe
c:\windows.0\system32\SearchIndexer.exe
c:\program files\zabkat\xplorer2\xplorer2_uc.exe
c:\documents and settings\Admin\Start Menu\Programs\Startup\VistaMessage.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows.0\system32\SearchProtocolHost.exe
c:\windows.0\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-02-23 02:07:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-23 10:07

Pre-Run: 28,609,425,408 bytes free
Post-Run: 28,487,499,776 bytes free

- - End Of File - - 27620635C70E900427E221EAC7044B3B


This was 41 pages so I attached it and posted the last 14 pages, Now what?
busy.gif



Attached Files



#14 thriftgirl62

thriftgirl62
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 23 February 2010 - 08:12 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3728
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/23/2010 3:29:39 PM
mbam-log-2010-02-23 (15-29-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 1111810
Time elapsed: 9 hour(s), 46 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\InfoKeeper (Rogue.InfoKeeper) -> No action taken.

Files Infected:
C:\System Volume Information\_restore{355BDDBE-B2E3-4C8A-B119-E06579507FFE}\RP117\A0035079.exe (Backdoor.IRCbot) -> No action taken.
C:\System Volume Information\_restore{355BDDBE-B2E3-4C8A-B119-E06579507FFE}\RP132\A0114410.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\InfoKeeper\database.dat (Rogue.InfoKeeper) -> No action taken.
C:\Program Files\InfoKeeper\myitems.dat (Rogue.InfoKeeper) -> No action taken.
C:\Program Files\InfoKeeper\settings.dat (Rogue.InfoKeeper) -> No action taken.



Could those files be the problem? I use InfoKeeper every day and don't want to delete it. How do I get rid of the problem and keep the files?



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:37 AM

Posted 26 February 2010 - 10:09 AM

Hi,

I don't think that InfoKeeper is your main problem right now. Do you use remote desktop to log into your PC from other PCs?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users