Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Trojan.DNSChanger Infection

Started by Xtyy , Mar 19 2009 08:43 AM

  • Please log in to reply

#1
Xtyy
Posted 19 March 2009 - 08:43 AM

Xtyy

    New Member

  • Member
  • Pip
  • 1 posts
I have been having random (3 or 4 in the last month) BSOD's also random Active Desktop Error Screen (white w/ blue warning? 5 or 6 last month). What I could find in descriptions on the Stop Error Codes led me to believe I have a driver issue. I won't go into all the fixes for that mess but last night my computer (XP Pro/MCE Sp3) got hung on boot. It had restarted when no one was around so I don't know why. Anyway I did a hard shutdown and all it would do was get to the boot screen and hang. I also could not boot in safe-mode. My only option was Last Known Good Config. I tried to boot several times only to resort to LKGConfig. every time. Ran chkdsk f/ and a couple of other possible fixes, etc. The other thing was that when I was logged in I couldn't open drives w/ double-click or r-click open only right-click explore. Found a couple fixes for that. After all of that mess I could boot, log-in, etc. Got into safe-mode and figured I'd run MBAM and it came up with these TROJANS so now I'm wondering if this has been my issue all along or just an additional problem. Please see MBAM logs and others as follow.
P.S. Thanks in advance for any help w/ this!!

MBAM LOG *This was run a couple days ago NOT in SAFE-MODE* Please see NEXT for TROJANS:

Malwarebytes' Anti-Malware 1.34
Database version: 1859
Windows 5.1.2600 Service Pack 3

3/17/2009 9:14:18 PM
mbam-log-2009-03-17 (21-14-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 299240
Time elapsed: 1 hour(s), 32 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MBAM LOG W/ TROJANS:

Malwarebytes' Anti-Malware 1.34
Database version: 1859
Windows 5.1.2600 Service Pack 3

3/19/2009 8:29:59 AM
mbam-log-2009-03-19 (08-29-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 300771
Time elapsed: 3 hour(s), 34 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.120,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8ac08713-b962-4c5b-9191-4d24ad3461fb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.120,85.255.112.83 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.9,85.255.112.24 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8ac08713-b962-4c5b-9191-4d24ad3461fb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.9,85.255.112.24 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8ac08713-b962-4c5b-9191-4d24ad3461fb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.185,85.255.112.193 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.181,85.255.112.81 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{8ac08713-b962-4c5b-9191-4d24ad3461fb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.181,85.255.112.81 -> Quarantined and deleted successfully.


SMITFRAUDFIX TOOL LOG (Ran this after reading forums)

SmitFraudFix v2.405

Scan done at 8:52:34.50, Thu 03/19/2009
Run from C:\Documents and Settings\Compaq_Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\PROGRA~1\Returnil\Returnil.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\RocketDock2\RocketDock.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\IDM\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45D29BCE68FB}"="Deskscapes"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45D29BCE68FD}"="Stardock Vista ControlPanel Extension"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45D29BCE68FF}"="StardockDreamController"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
"Startup"="MCPSystemStartup"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AC08713-B962-4C5B-9191-4D24AD3461FB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AC08713-B962-4C5B-9191-4D24AD3461FB}: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-7-9-96-100032201-100000729-100000687-6727.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.


ROOTER ROOTKIT DETECTOR LOG:

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:182574 Mo/Free:2227 Mo)
D:\ [Fixed] - FAT32 - (Total:7030 Mo/Free:50 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Z:\ [Fixed] - NTFS - (Total:2003 Mo/Free:1789 Mo)

Thu 03/19/2009| 9:28

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\Program Files\USB Safely Remove\USBSRService.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\arservice.exe
---------- C:\Program Files\Cobian Backup 9\cbService.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\CDBurnerXP\NMSAccessU.exe
---------- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
---------- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\ThreatFire\TFService.exe
---------- C:\WINDOWS\ARPWRMSG.EXE
---------- C:\HP\KBD\KBD.EXE
---------- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
---------- C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
---------- C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
---------- C:\PROGRA~1\Returnil\Returnil.exe
---------- C:\Program Files\Winamp\winampa.exe
---------- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
---------- C:\Program Files\ThreatFire\TFTray.exe
---------- C:\Program Files\Microsoft IntelliType Pro\itype.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
---------- C:\Program Files\Cobian Backup 9\cbInterface.exe
---------- C:\Program Files\UPHClean\uphclean.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\CursorXP\CursorXP.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
---------- C:\Program Files\RocketDock2\RocketDock.exe
---------- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
---------- C:\Program Files\Internet Download Manager\IDMan.exe
---------- C:\Program Files\AnVir Task Manager Free\AnVir.exe
---------- C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
---------- c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Internet Download Manager\IEMonitor.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- c:\windows\system\hpsysdrv.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Documents and Settings\Compaq_Administrator\Application Data\IDM\SmitfraudFix\Policies.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Thu 03/19/2009| 9:32

----------------------\\ Scan completed at 9:32



OTListIt2 LOGS

OTListIt.Txt

OTListIt logfile created on: 3/19/2009 9:36:37 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\Programs
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 418.27 Mb Available Physical Memory | 43.64% Memory free
2.26 Gb Paging File | 1.47 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 82.17 Gb Free Space | 46.09% Space Free | Partition Type: NTFS
Drive D: | 6.87 Gb Total Space | 0.05 Gb Free Space | 0.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1.96 Gb Total Space | 1.75 Gb Free Space | 89.29% Space Free | Partition Type: NTFS

Computer Name: FRED-2
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\USB Safely Remove\USBSRService.exe ()
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Cobian Backup 9\cbService.exe (Luis Cobian)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe (Maxtor)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe (Maxtor)
PRC - C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe (Maxtor)
PRC - C:\Program Files\Returnil\Returnil.exe (Returnil SIA)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\Cobian Backup 9\cbInterface.exe (Luis Cobian)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\CursorXP\CursorXP.exe ( )
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\RocketDock2\RocketDock.exe ()
PRC - C:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
PRC - C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe (Sunbelt Software, Inc.)
PRC - c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Compaq_Administrator\Application Data\IDM\SmitfraudFix\Policies.exe ()
PRC - C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\Programs\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [On_Demand | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CobianBackupAmanita [Auto | Running]) -- C:\Program Files\Cobian Backup 9\cbService.exe (Luis Cobian)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Imapi Helper [On_Demand | Stopped]) -- C:\Program Files\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MaxSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe (Maxtor)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (McrdSvc [Disabled | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RichVideo [On_Demand | Stopped]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (RUBotted [Auto | Running]) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
SRV - (SBAMSvc [Auto | Running]) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SbPF.Launcher [Auto | Running]) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)
SRV - (SPF4 [Auto | Running]) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)
SRV - (ThreatFire [Auto | Running]) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (UPHClean [Auto | Running]) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (USBSafelyRemoveService [Auto | Running]) -- C:\Program Files\USB Safely Remove\USBSRService.exe ()
SRV - (usnjsvc [Disabled | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (amdide [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AmdTools [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdTools.sys (AMD, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (BootScreen [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\vidstub.sys ()
DRV - (CoachUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachUsb.sys (FotoNation Ltd.)
DRV - (CoachVc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachVc.sys (Accapella Ltd.)
DRV - (DCamUSBSQTECH [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys (Service & Quality Technology.)
DRV - (fasttx2k [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (gameenum [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (hotcore3 [Boot | Running]) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NPF.sys (CACE Technologies)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (ProtoWall [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ProtoWall.sys ()
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (PSI [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\psi_mf.sys (Secunia)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (RVSDISK [Boot | Running]) -- C:\WINDOWS\system32\Drivers\RVSDISK.sys ()
DRV - (RVSYSTEM [Boot | Running]) -- C:\WINDOWS\system32\Drivers\RVSYSTEM.sys (Returnil SIA)
DRV - (SAMFILT [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\drivers\samfilt.sys (Dolphin, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sbaphd [System | Running]) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (sbapifs [Auto | Running]) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (SbFw [System | Running]) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sbfwim.sys (Sunbelt Software, Inc.)
DRV - (sbhips [System | Running]) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SBRE [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\SBREdrv.sys (Sunbelt Software)
DRV - (sbtis [System | Running]) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (snapman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (tdrpman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (TfFsMon [Boot | Running]) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfSysMon [Boot | Running]) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (TMPassthru [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TMPassthru.sys (Trend Micro Inc.)
DRV - (TMPassthruMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\TMPassthru.sys (Trend Micro Inc.)
DRV - (UimBus [System | Running]) -- C:\WINDOWS\system32\DRIVERS\UimBus.sys (Windows ® 2000 DDK provider)
DRV - (Uim_IM [System | Running]) -- C:\WINDOWS\System32\Drivers\Uim_IM.sys (Paragon)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (winachsx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (WmBEnum [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WMDrive [Auto | Running]) -- C:\WINDOWS\system32\drivers\WMDrive.sys ()
DRV - (WmFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmVirHid [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (XAudio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.addSBtoToolbar: false
FF - prefs.js..browser.search.autosizerwizard: ""
FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-cneta&type=biennesoft_10647340"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-cneta&type=biennesoft_10647340"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...om/webhp?hl=en"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {ba243cb0-b824-4a26-9418-73ee795d9b9d}:0.7.5
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.1
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.5.1
FF - prefs.js..extensions.enabledItems: [email protected]hostery.com:1.3.9
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.98
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.22
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.11
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {655397ca-4766-496b-b7a8-3a5b176ee4c2}:1.4.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://search.yahoo....=ytff-cneta&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/03/17 07:15:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/27 04:02:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/23 19:18:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/05 00:38:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/12 23:11:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/02/10 04:02:34 | 00,000,000 | ---D | M]

[2008/06/22 23:30:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions
[2008/06/22 23:30:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/19 08:47:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions
[2009/03/13 18:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/12/08 06:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{2a68be71-20ef-48df-9ac0-faa78fa0afab}
[2008/12/08 06:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{2cab7fb0-70eb-40c5-b332-96d1c17c9860}
[2009/01/16 02:24:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/08 06:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{43505cd0-6e9a-11da-8cd6-0800200c9a66}
[2009/01/26 03:32:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/02/02 23:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{53956727-674b-49df-b62c-0d40bebe590b}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2008/12/08 10:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{5aee7040-9782-11db-b606-0800200c9a66}
[2008/12/08 10:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{71C54606-83ED-4ea6-9315-1AAB29466D33}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{759F3C3E-A3FC-474b-A6F0-66B14404AA07}
[2009/02/12 16:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2009/01/29 22:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2009/03/18 09:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2009/01/29 22:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{db0de900-5ee3-11da-8cd6-0800200c9a66}
[2009/03/06 18:17:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/12/08 06:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2008/12/08 06:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{f86e6264-e877-5fce-c3e4-8668a7d99da2}
[2009/01/25 04:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/03/05 11:48:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\[email protected]
[2009/03/06 18:16:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\[email protected]
[2008/12/08 06:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\[email protected]
[2008/12/08 06:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\[email protected]
[2009/01/11 02:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\[email protected]
[2009/01/16 02:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\[email protected]
[2009/01/27 17:18:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\[email protected]
[2009/03/13 18:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\gg3wxqi6.default\extensions\[email protected]
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\gg3wxqi6.default\searchplugins\MySpace.xml
[2008/12/08 11:10:32 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\gg3wxqi6.default\searchplugins\winamp-search.xml
[2009/03/19 08:37:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/05 00:38:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/04 04:32:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/11/23 19:18:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/13 00:44:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/05 00:38:13 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/05 00:38:13 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/30 17:38:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/30 17:38:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/18 07:42:08 | 00,000,927 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.xml
[2008/09/30 17:38:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 04:05:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/30 17:38:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/30 17:38:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/30 17:38:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (301734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 10427 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - Reg Error: Key error. File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs ()
O4 - HKLM..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service (Luis Cobian)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM (Stardock and Luca Saggese)
O4 - HKLM..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe (Maxtor)
O4 - HKLM..\Run: [Maxtor Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" (Maxtor)
O4 - HKLM..\Run: [Rvsystem] C:\PROGRA~1\Returnil\Returnil.exe (Returnil SIA)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp (IObit)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" (Trend Micro Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [AnVir Task Manager Free] "C:\Program Files\AnVir Task Manager Free\AnVir.exe" Minimized (AnVir Software)
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [EPSON NX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE /FU "C:\WINDOWS\TEMP\E_S4.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash (Gadwin Systems, Inc)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock2\RocketDock.exe" ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XP Keep Per User Display Settings.lnk = C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe ()
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 02 F8 FF 01 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - Reg Error: Value error.
O8 - Extra context menu item: &Translate English Word - Reg Error: Value error.
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - Reg Error: Value error.
O8 - Extra context menu item: Cached Snapshot of Page - Reg Error: Value error.
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - Reg Error: Value error.
O8 - Extra context menu item: Translate Page into English - Reg Error: Value error.
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra Button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Key error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {15BC34E3-81B5-41EF-8704-A6421FAD29F9} https://endpointasse.../webagentNT.cab (AgentObj Class)
O16 - DPF: {167C192D-44C1-4EAB-9279-496EA91C75D2} https://endpointasse...nt/credlist.cab (CredListObj Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1237187384718 (MUCatalogWebControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1175842182250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-mem2 {1B2A56AA-ABC0-47FF-A80D-302E4FA2A118} - C:\Program Files\Screenbook Maker\eztoolslib2lite.dll (EzTools Software)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MCPClient: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[2009/03/19 09:28:39 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/19 08:53:07 | 00,004,828 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/03/19 08:31:32 | 10,051,13344 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/19 02:39:53 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxmdtymagodkecrnnaklnqqrvpvlrxrbqf.sys
[2009/03/19 02:10:48 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/03/19 02:10:31 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2009/03/19 02:10:24 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/03/19 02:10:19 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/03/19 02:10:19 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/03/19 02:10:18 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/03/19 02:10:17 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/03/19 02:10:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/03/19 02:10:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/03/19 02:10:09 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/03/19 01:57:51 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxjqltxrcjityeaamyuvdylqbrmntobgwd.sys
[2009/03/19 01:57:51 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\gaopdxlmxilvuxjyivaxtlqsblugdmjlrcaqov.dll
[2009/03/19 00:03:45 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxkillrmupfulopwfpxroblxehbgommhwb.sys
[2009/03/19 00:03:45 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\gaopdxeuqxqelolhygvyixgwuhoexaeppptxvt.dll
[2009/03/18 23:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\ACW
[2009/03/18 22:35:24 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxqigegpuuilxydeodmcvpttlodovxxbyq.sys
[2009/03/18 22:35:24 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\gaopdxldtuliakpssxivlhrphyiivnycoaksjf.dll
[2009/03/18 22:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\Empty Temp Folders 2.8.3
[2009/03/18 17:56:02 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\gaopdxlxksepibkolhaedyxdlielihcwpposrn.dll
[2009/03/18 17:56:01 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxvyatkvkfrdirqiygojbnwbvxeseroaxp.sys
[2009/03/18 13:39:09 | 00,000,821 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2009/03/18 13:39:09 | 00,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2009/03/18 12:31:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Bcgsoft
[2009/03/18 12:31:10 | 00,001,052 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\PictureCollageMaker.lnk
[2009/03/18 12:30:02 | 00,000,000 | ---D | C] -- C:\Program Files\PearlMountain Soft
[2009/03/18 11:02:08 | 00,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/03/18 10:23:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/03/18 10:19:28 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/03/18 10:16:12 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/03/18 10:13:54 | 00,000,000 | ---D | C] -- C:\ATI
[2009/03/18 01:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\P2PFilter
[2009/03/18 01:19:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
[2009/03/18 01:14:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Readon
[2009/03/18 00:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Readon_Technology
[2009/03/18 00:16:11 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\Readon Player
[2009/03/18 00:15:26 | 00,000,000 | ---D | C] -- C:\Program Files\Readon Technology
[2009/03/17 23:53:57 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/17 09:32:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/03/17 08:25:14 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/17 04:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\DriverCleanerDotNET
[2009/03/17 04:10:03 | 00,000,000 | ---D | C] -- C:\Program Files\DH-ATIfileVer
[2009/03/17 04:06:35 | 00,000,000 | ---D | C] -- C:\Program Files\DHFPCI
[2009/03/17 03:14:40 | 00,000,000 | ---D | C] -- C:\Intel
[2009/03/17 01:59:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Logitech
[2009/03/17 01:54:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/03/17 01:54:44 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/03/16 18:55:57 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2009/03/16 18:54:36 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2009/03/16 18:20:33 | 00,102,380 | ---- | C] () -- C:\DOCUME~1\COMPAQ~1\My Documents\20090316182033.pdf
[2009/03/16 18:12:52 | 00,102,448 | ---- | C] () -- C:\DOCUME~1\COMPAQ~1\My Documents\20090316181252.pdf
[2009/03/16 18:11:43 | 00,127,377 | ---- | C] () -- C:\DOCUME~1\COMPAQ~1\My Documents\20090316181143.pdf
[2009/03/16 06:01:24 | 00,065,320 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2009/03/16 01:08:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\eSupport.com
[2009/03/16 00:13:10 | 00,036,352 | -HS- | C] () -- C:\DOCUME~1\COMPAQ~1\My Documents\Thumbs.db
[2009/03/16 00:12:37 | 00,305,152 | ---- | C] () -- C:\DOCUME~1\COMPAQ~1\My Documents\windiag.iso
[2009/03/14 23:17:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PowerDVDCox
[2009/03/14 23:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PowerDVDCinema
[2009/03/14 23:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2009/03/14 03:38:41 | 00,000,000 | ---D | C] -- C:\Program Files\MP3MyMP3 3.0
[2009/03/13 23:51:04 | 00,000,000 | ---D | C] -- C:\Program Files\Everything
[2009/03/13 19:39:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/03/13 19:27:09 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\CyberLink
[2009/03/13 19:27:04 | 00,000,000 | -H-D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\ShadowEditFiles
[2009/03/13 19:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\CyberLink
[2009/03/13 19:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/03/13 17:03:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/03/13 17:02:25 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/03/13 04:32:30 | 01,575,670 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\IconCache.db
[2009/03/13 01:20:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Software Informer
[2009/03/13 01:20:29 | 00,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2009/03/12 23:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/12 22:51:36 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2009/03/09 02:03:57 | 00,000,000 | ---D | C] -- C:\Program Files\Extra DVD Tools
[2009/03/09 01:49:30 | 00,000,000 | ---D | C] -- C:\temp_dvd
[2009/03/09 01:48:23 | 00,000,000 | ---D | C] -- C:\Program Files\Dvd-cloner
[2009/03/08 16:26:35 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\DVDFab
[2009/03/08 16:14:16 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
[2009/03/08 16:14:16 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/03/08 16:14:16 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
[2009/03/08 16:14:16 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.cat
[2009/03/08 16:14:16 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.inf
[2009/03/08 16:14:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Vso
[2009/03/08 16:14:16 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\PcSetup
[2009/03/08 16:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 5
[2009/03/08 01:12:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Ashampoo
[2009/03/08 01:08:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ashampoo
[2009/03/08 01:08:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/03/08 01:08:34 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/03/08 00:05:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ukl
[2009/03/08 00:05:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\uklpr
[2009/03/06 19:23:12 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2009/03/04 22:47:50 | 00,000,000 | ---D | C] -- C:\Program Files\MyConnection PC Lite Edition
[2009/03/04 10:29:35 | 00,000,320 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2009/03/04 10:27:16 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
[2009/03/04 10:26:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2009/03/02 22:08:14 | 00,099,325 | ---- | C] () -- C:\DOCUME~1\COMPAQ~1\My Documents\20090302210813.pdf
[2009/02/27 22:36:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Stardock_Corporation
[2009/02/27 15:03:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2009/02/27 15:03:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2009/02/27 15:03:23 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\Insight Software Solutions
[2009/02/27 15:03:23 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\Insight Software
[2009/02/27 15:03:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Insight Software Solutions
[2009/02/27 15:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\Zip Express
[2009/02/27 14:48:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Thinstall
[2009/02/27 11:18:00 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/02/27 04:34:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/02/27 04:33:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2009/02/27 04:01:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/02/27 04:01:25 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/02/27 04:01:14 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/02/27 04:00:08 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/02/27 04:00:08 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/02/27 04:00:08 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/02/27 04:00:08 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/02/27 04:00:08 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/02/27 04:00:08 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/02/27 04:00:08 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/02/27 04:00:08 | 00,000,000 | ---D | C] -- C:\a80d07c2447f5c8b79
[2009/02/27 00:23:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EPSON
[2009/02/26 15:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\IDM
[2009/02/26 15:08:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinMount
[2009/02/26 14:53:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DMCache
[2009/02/26 14:53:33 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\Downloads
[2009/02/26 14:52:58 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2009/02/26 12:33:34 | 00,051,472 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/02/26 12:33:34 | 00,039,184 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/02/26 12:33:34 | 00,033,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/02/26 12:33:34 | 00,012,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2009/02/26 12:33:32 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2009/02/26 12:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/02/26 12:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Sunbelt
[2009/02/26 12:19:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2009/02/26 12:17:26 | 00,202,928 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2009/02/26 01:30:24 | 00,000,000 | ---D | C] -- C:\Program Files\USB Safely Remove
[2009/02/26 00:04:22 | 00,086,016 | ---- | C] (Giganology Inc.) -- C:\WINDOWS\System32\gigagetbho_v10.dll
[2009/02/25 23:43:11 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
[2009/02/25 23:43:11 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\My Notebook
[2009/02/25 23:38:06 | 00,000,000 | --SD | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\My Shapes
[2009/02/25 14:22:40 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\iiiHomeInventory Projects
[2009/02/25 14:22:39 | 00,000,000 | ---D | C] -- C:\Program Files\Insurance Information Institute
[2009/02/25 13:40:07 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
[2009/02/25 04:05:42 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\Corel VideoStudio
[2009/02/25 04:04:20 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000104.DLL
[2009/02/25 03:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2009/02/25 03:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Liquid Story Binder XE
[2009/02/25 03:14:22 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\My Liquid Story Binder XE
[2009/02/25 03:14:09 | 00,000,000 | ---D | C] -- C:\Program Files\Black Obelisk Software
[2009/02/25 03:04:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinRAR
[2009/02/25 03:03:28 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/02/25 02:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\USBSafelyRemove
[2009/02/25 02:05:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\USBSRService
[2009/02/25 02:03:26 | 00,000,000 | ---D | C] -- C:\Program Files\QuickSFV
[2009/02/25 01:10:00 | 00,000,000 | ---D | C] -- C:\Program Files\[bleep] NFO Viewer
[2009/02/25 01:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Local Settings
[2009/02/25 01:01:44 | 00,000,000 | ---D | C] -- C:\Program Files\WinMount3
[2009/02/25 01:01:42 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\WMDrive.sys
[2009/02/25 00:26:25 | 00,000,000 | ---D | C] -- C:\DOCUME~1\COMPAQ~1\My Documents\My Recordings
[2009/02/25 00:20:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Acoustica
[2009/02/25 00:19:52 | 00,057,344 | ---- | C] (NexiTech, Inc.) -- C:\WINDOWS\System32\Wnaspint.dll
[2009/02/25 00:19:48 | 00,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2009/02/25 00:09:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2009/02/25 00:09:22 | 00,000,000 | ---D | C] -- C:\Program Files\Acoustica Mixcraft 4
[2009/02/23 15:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/02/23 15:54:45 | 00,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2009/02/23 15:54:09 | 00,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBEDA.DLL
[2009/02/23 15:54:09 | 00,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BEDA.DLL
[2009/02/23 15:52:46 | 00,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2009/02/23 15:52:46 | 00,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2009/02/23 15:52:46 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2009/02/23 15:52:46 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/23 15:52:46 | 00,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/23 15:52:46 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/23 15:52:46 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/23 15:52:46 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/23 15:52:45 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicMgr.dll
[2009/02/23 15:52:45 | 00,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/23 15:52:45 | 00,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/23 15:52:45 | 00,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/23 15:52:45 | 00,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/23 15:52:45 | 00,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/23 15:52:45 | 00,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/23 15:52:45 | 00,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2009/02/23 15:52:45 | 00,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2009/02/23 15:52:45 | 00,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2009/02/23 15:52:45 | 00,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2009/02/23 15:52:45 | 00,006,226 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2009/02/23 15:52:45 | 00,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/23 15:52:45 | 00,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/23 15:51:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/02/23 15:50:53 | 00,071,680 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiad.dll
[2009/02/23 15:50:50 | 00,000,000 | ---D | C] -- C:\Program Files\epson
[2009/02/23 15:50:00 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPNX100.ini

========== Files - Modified Within 30 Days ==========

[2009/03/19 08:53:08 | 00,004,828 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/03/19 08:36:09 | 00,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/03/19 08:32:58 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/19 08:32:12 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009/03/19 08:31:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/19 08:31:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/19 08:31:32 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/19 02:39:53 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxmdtymagodkecrnnaklnqqrvpvlrxrbqf.sys
[2009/03/19 01:57:51 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxjqltxrcjityeaamyuvdylqbrmntobgwd.sys
[2009/03/19 01:57:51 | 00,019,456 | ---- | M] () -- C:\WINDOWS\System32\gaopdxlmxilvuxjyivaxtlqsblugdmjlrcaqov.dll
[2009/03/19 01:49:13 | 10,051,46112 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/03/19 00:03:45 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxkillrmupfulopwfpxroblxehbgommhwb.sys
[2009/03/19 00:03:45 | 00,019,456 | ---- | M] () -- C:\WINDOWS\System32\gaopdxeuqxqelolhygvyixgwuhoexaeppptxvt.dll
[2009/03/18 22:58:47 | 00,179,712 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/18 22:35:24 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxqigegpuuilxydeodmcvpttlodovxxbyq.sys
[2009/03/18 22:35:24 | 00,019,456 | ---- | M] () -- C:\WINDOWS\System32\gaopdxldtuliakpssxivlhrphyiivnycoaksjf.dll
[2009/03/18 17:56:02 | 00,019,456 | ---- | M] () -- C:\WINDOWS\System32\gaopdxlxksepibkolhaedyxdlielihcwpposrn.dll
[2009/03/18 17:56:01 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gaopdxvyatkvkfrdirqiygojbnwbvxeseroaxp.sys
[2009/03/18 13:39:09 | 00,000,821 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2009/03/18 13:15:20 | 00,395,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/18 12:32:14 | 00,130,088 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/03/18 12:31:10 | 00,001,052 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\PictureCollageMaker.lnk
[2009/03/18 11:02:08 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/03/18 10:32:15 | 01,575,670 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\IconCache.db
[2009/03/18 09:38:32 | 00,003,372 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/17 08:24:36 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/16 18:20:34 | 00,102,380 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\My Documents\20090316182033.pdf
[2009/03/16 18:12:52 | 00,102,448 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\My Documents\20090316181252.pdf
[2009/03/16 18:11:44 | 00,127,377 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\My Documents\20090316181143.pdf
[2009/03/16 18:10:22 | 00,036,352 | -HS- | M] () -- C:\DOCUME~1\COMPAQ~1\My Documents\Thumbs.db
[2009/03/16 06:01:24 | 00,065,320 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2009/03/16 03:45:49 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/16 03:45:49 | 00,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/16 03:45:49 | 00,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/16 00:12:37 | 00,305,152 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\My Documents\windiag.iso
[2009/03/08 16:14:16 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
[2009/03/08 16:14:16 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/03/08 16:14:16 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
[2009/03/08 16:14:16 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.cat
[2009/03/08 16:14:16 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.inf
[2009/03/08 03:10:17 | 00,000,588 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\My Documents\My Sharing Folders.lnk
[2009/03/04 23:30:16 | 00,069,936 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2009/03/04 12:09:53 | 00,000,926 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/04 10:44:20 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
[2009/03/04 10:44:20 | 00,000,320 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2009/03/03 14:19:58 | 00,039,184 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/03/03 14:19:56 | 00,033,040 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/03/03 14:19:55 | 00,012,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2009/03/03 14:19:54 | 00,051,472 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/03/02 22:08:14 | 00,099,325 | ---- | M] () -- C:\DOCUME~1\COMPAQ~1\My Documents\20090302210813.pdf
[2009/02/28 16:55:26 | 00,087,028 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/26 09:13:40 | 00,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/02/26 02:07:37 | 00,301,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/02/26 02:04:20 | 00,002,969 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/02/25 23:43:11 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
[2009/02/25 17:30:02 | 00,204,800 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2009/02/25 17:29:49 | 00,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2009/02/25 17:29:41 | 00,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2009/02/25 17:29:32 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2009/02/25 16:58:55 | 00,151,824 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/02/25 16:54:59 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/02/25 13:48:12 | 00,000,488 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/02/25 13:40:07 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
[2009/02/25 01:01:42 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\WMDrive.sys
[2009/02/23 16:03:35 | 00,000,044 | ---- | M] () -- C:\WINDOWS\EPNX100.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\advapi32.dll:SummaryInformation
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


OTListItEXTRAS LOG:

OTListIt Extras logfile created on: 3/19/2009 9:36:37 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\Programs
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 418.27 Mb Available Physical Memory | 43.64% Memory free
2.26 Gb Paging File | 1.47 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 82.17 Gb Free Space | 46.09% Space Free | Partition Type: NTFS
Drive D: | 6.87 Gb Total Space | 0.05 Gb Free Space | 0.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 1.96 Gb Total Space | 1.75 Gb Free Space | 89.29% Space Free | Partition Type: NTFS

Computer Name: FRED-2
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections (Hewlett-Packard)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 File not found
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections (Hewlett-Packard)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk (Google)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 File not found
C:\Program Files\Online Services\PeoplePC\HPPeoplePC.exe:*:Enabled:PeoplePC File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader File not found
C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found
C:\Program Files\Common Files\AOL\1144018300\EE\AOLServiceHost.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\1153457488\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1153457488\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite (ICQ Ltd.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~os242.tmp\ossproxy.exe:*:Enabled:ossproxy.exe File not found
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console (Microsoft Corporation)
C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire (FrostWire Group)
C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System File not found
C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub File not found
C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player (Musiccity Co.Ltd.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM ()
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09348778-FDD7-4D5A-A518-583DB64D936E}" = Picture Collage Maker Full
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BFD2603-0F69-4AAC-9189-60EC466CA348}" = ArcSoft VideoImpression 2
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{110DEFF6-1BC3-4C3C-8A9D-F482EA6BA70F}" = Avatar Sizer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{1827CBF9-6760-46FE-9992-2F578253149A}" = FastPictureViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{20ED157B-1A84-4DF7-945E-4951A38A9CBA}" = iPod Reset Utility
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = ViviCam 3350
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{230CCBE9-14B0-4008-97AF-30C10F99E42C}" = ArcSoft PhotoStudio 5.5
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{242BE687-C571-4EEC-B2E3-A395C6B397E3}" = ArcSoft MediaConverter
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{50C9E7FB-FF2A-4E37-AA87-068ACA70D4C2}" = Paragon Hard Disk Manager 8.5 Special Edition
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}" = ArtRage 2 Starter Edition
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{65D30520-CFB9-4E46-A101-68C0AADAE40C}" = ArcSoft PhotoPrinter 5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{797703D4-461B-4BC9-AACA-292917F3A47F}" = ArcSoft PhotoImpression
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{8576AFD6-5402-4579-ACCD-9ABD7248B137}" = ArcSoft PhotoImpression 5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BB2F715D-2030-4689-8070-4415185A2412}" = VIPRE Antivirus + Antispyware
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Maxtor MaxBlast
"{C6783FB4-2E95-4ED0-8A32-1BF32821689F}" = AMD CPUInfo
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF4BB937-4FA9-41FE-8BF2-C003D3B2C324}" = Readon TV Movie Radio Player 4.5.0.0
"{CF72DC2F-F292-4D2B-B4E8-7D2060F095DA}" = ArtRage
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4CB7852-8308-4BBB-AF7D-48F073B58507}" = Polaroid Digital Cam
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DCBD0769-BAD5-40AD-BCD9-68FADC5231D5}" = ArcSoft Funhouse
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EBCBA952-DA46-4687-9784-D8B4E25A6B14}" = Passwords Plus
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"123 Free Solitaire_is1" = 123 Free Solitaire 2008 v6.0
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.2" = Acoustica Mixcraft 4.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"AnVir Task Manager Free" = AnVir Task Manager Free
"Any Video Converter_is1" = Any Video Converter 2.7.0
"AP Tuner 3.08" = AP Tuner 3.08
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AwayMode160" = Microsoft Away Mode
"A-Z Typing Test" = A-Z Typing Test
"Belarc Advisor" = Belarc Advisor 7.2
"Big Sums Professional_is1" = Big Sums Professional 2.1
"Blender" = Blender (remove only)
"BootSkin" = BootSkin
"Calc98" = Calc98
"CCleaner" = CCleaner (remove only)
"Childsplay_is1" = Childsplay 0.85
"ChristmasTree_is1" = ChristmasTree 1.5
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CobBackup9" = Cobian Backup 9
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CursorXP" = CursorXP
"Defraggler" = Defraggler (remove only)
"Desktop Icon Toy_is1" = Desktop Icon Toy 3.3
"Diagram Designer" = Diagram Designer
"DMX4_is1" = DriverMax 4
"Driver Magician_is1" = Driver Magician 3.4
"DriverCleanerDotNET" = DH Driver Cleaner.NET
"Driverheaven Full PC Info" = Driverheaven Full PC Info 2
"Dropbox" = Dropbox
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD-CLONER VI_is1" = DVD-CLONER V6.00 Build 977
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mob~1E5269F9_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile/Blu-ray/Mov
"Easy-WebPrint" = Easy-WebPrint
"Empty Temp Folders 2.8.3" = Empty Temp Folders 2.8.3
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Everything" = Everything 1.2.1.371
"EvilLyrics" = EvilLyrics
"Extra DVD Tools_is1" = Extra DVD Tools 6.4
"FishTales_is1" = Fish Tales ver 1.0
"Foxit Reader" = Foxit Reader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Frog Hunt_is1" = Frog Hunt v1.0
"FrostWire" = FrostWire 4.17.2
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"Guitar Shed" = Guitar Shed 2.9
"Happy Holidays from Mr Hankey" = Happy Holidays from Mr Hankey Screen Saver
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"Hyperscore" = Hyperscore
"I.I.I. Home Inventory" = I.I.I. Home Inventory 3.08
"IconX" = IconX
"ICQLite" = ICQ 5.1
"iDailyDiary_is1" = iDailyDiary 3.52
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image Analyzer" = Image Analyzer
"Impulse" = Impulse
"Inkscape" = Inkscape 0.46
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstantStorm_is1" = InstantStorm 1.5
"InterActual Player" = InterActual Player
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"Jingle Screensaver" = Jingle Screensaver
"KC Softwares Vampix_is1" = KC Softwares Vampix
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Liquid Story Binder XE_is1" = Liquid Story Binder XE 3.81
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Metes and Bounds" = Metes and Bounds
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MP3MyMP3 2.0_is1" = MP3MyMP3 2.0
"MP3MyMP3_is1" = MP3MyMP3 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyConnection PC Lite Edition" = MyConnection PC Lite Edition
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTREGOPT_is1" = NTREGOPT 1.1j
"ObjectDock Plus" = ObjectDock Plus
"P2PFilter" = P2PFilter 3.0.5
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"pd-FirePlace-v2" = pd-FirePlace-v2
"pdfsam" = pdfsam
"PeerGuardian_is1" = PeerGuardian 2.0
"Photo Viewer" = Photo Viewer 2.4
"PhotoWipe_is1" = PhotoWipe 1.0
"Picasa 3" = Picasa 3
"Pingus" = Pingus
"Police Chase" = Police Chase
"Popims Animator" = Popims Animator
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickSFV" = QuickSFV (Remove only)
"Rainlendar2" = Rainlendar2 (remove only)
"Rainmeter" = Rainmeter (remove only)
"RapidTyping_is1" = RapidTyping 1.1.9.9
"Recuva" = Recuva (remove only)
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Revo Uninstaller" = Revo Uninstaller 1.80
"RocketDock_is1" = RocketDock 1.3.5
"Rvsystem" = Returnil Virtual System Premium Edition
"secretmaryo" = Secret Maryo Chronicles
"secretmaryo_music" = Secret Maryo Chronicles Addon : Music
"Secunia PSI" = Secunia PSI
"SkinStudio 6 Professional" = SkinStudio 6 Professional
"Smart Defrag_is1" = Smart Defrag 1.11
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"Snood_is1" = Snood for Windows version 3.52-W
"Software Informer_is1" = Software Informer 1.0 BETA
"Space Rancher" = Space Rancher
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SuperTux_is1" = SuperTux 0.1.3
"The Blocklist Manager_is1" = BLM 2.7.7
"TheSage" = TheSage
"Time Trek" = Time Trek 1.31
"Titan Backup" = Titan Backup
"Touch Typing Course Trial" = Touch Typing Course Trial
"Trillian" = Trillian
"Tux Paint Stamps_is1" = Tux Paint Stamps 2008.06.30
"Tux Paint_is1" = Tux Paint 0.9.20
"TuxMath" = Tux of Math Command (remove only)
"TuxPaint" = Tux Paint (remove only)
"TuxType" = Tux Typing (remove only)
"Tweak UI 2.10" = Tweak UI
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"USB Safely Remove_is1" = USB Safely Remove 4.0
"VeohProxy" = VeohProxy
"Video Camera Drivers_is1" = Video Camera Drivers V1.1
"WhiteBoard" = WhiteBoard 2.0
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinMount3_is1" = WinMount V3.2.0213
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wubi" = Kubuntu
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.94.2
"Xoomer" = Xoomer 1.3
"XP Keep Per User Display Settings_is1" = XP Keep Per User Display Settings 1.1
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Widget Engine" = Yahoo! Widgets
"Zip Express v 2" = Zip Express v 2
"ZSoft Uninstaller" = ZSoft Uninstaller 2.4.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ca8cc2749afe3f46" = SumStamper
"FrinikaWebStart" = FrinikaWebStart
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2008 5:41:53 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/28/2008 5:46:42 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/28/2008 6:09:49 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/28/2008 6:10:07 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/28/2008 6:10:20 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/28/2008 6:10:52 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/28/2008 6:12:26 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/28/2008 6:13:34 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/28/2008 6:19:20 PM | Computer Name = FRED-2 | Source = Livedrive | ID = 0
Description =

Error - 12/29/2008 1:03:58 AM | Computer Name = FRED-2 | Source = Application Error | ID = 1000
Description = Faulting application defraggler.exe, version 1.4.0.98, faulting module
defraggler.exe, version 1.4.0.98, fault address 0x000901e0.

[ System Events ]
Error - 3/19/2009 3:50:20 AM | Computer Name = FRED-2 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 3/19/2009 3:50:20 AM | Computer Name = FRED-2 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 3/19/2009 3:50:20 AM | Computer Name = FRED-2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VIPRE Antivirus + Antispyware
service to connect.

Error - 3/19/2009 3:50:20 AM | Computer Name = FRED-2 | Source = Service Control Manager | ID = 7000
Description = The VIPRE Antivirus + Antispyware service failed to start due to the
following error: %%1053

Error - 3/19/2009 3:50:20 AM | Computer Name = FRED-2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 BANTExt fasttx2k Fips ftsata2 IntelIde IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd
Rdbss
SASDIFSV
SASKUTIL
sbaphd
sbhips
sbtis
ssmdrv
Tcpip
UimBus
Uim_IM
ViaIde

Error - 3/19/2009 3:50:33 AM | Computer Name = FRED-2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/19/2009 3:53:11 AM | Computer Name = FRED-2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/19/2009 8:30:29 AM | Computer Name = FRED-2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/19/2009 8:32:17 AM | Computer Name = FRED-2 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 3/19/2009 8:32:27 AM | Computer Name = FRED-2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k ftsata2 IntelIde ViaIde


< End of report >

Jeez thats long! A few more things I may need to say, All of these scans were run in regular mode Except the 2nd MBAM Scan was run in SAFE-MODE. I also recently (in the last month) changed my A/V set-up from Avira to VIPRE and SpywareBlaster to Threatfire (for the HIPs protection because Comodo firewall will not play nice with my system). Threatfire seems fine but I have been concerned about VIPRE insomuch as I'm not sure how stable it is. Anyway, if someone could please read this "book" that I've now written and get back w/ me. Thanks again. I am going to boot back into safe-mode and see what MBAM says now.


Xtyy
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP