I downloaded a video and then MS Media player stated I need media usage rights to play video. Of course I trusted MS(mistake there) and installed Video Com Version 1.90 I clicked to download and a program was installed. I do not recall the name as I uninstalled it. i tried to get it again but because of the hijack it will not go to the site to download. I did see this listed at the top of the popup window, a website called goldrushg.net Image attached.
Problems - internet, Mozilla Firefox & IE8 gets redirectied(i was lucky to get this site), cannot run MS system restore, Malwarebytes' Anti-Malware, MS malicious checker. Here are my logs files. Please let me know what else is needed. I thank you for your time and attention. Aaron
OTListIt logfile created on: 4/19/2009 1:27:31 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Aaron Stewart\Desktop\Rosetta
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
766.10 Mb Total Physical Memory | 219.98 Mb Available Physical Memory | 28.71% Memory free
3.33 Gb Paging File | 2.84 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): C:\pagefile.sys 2688 2688;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.21 Gb Total Space | 12.94 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Drive D: | 53.70 Gb Total Space | 7.79 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AJHOME
Current User Name: Aaron Stewart
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\AstSrv.exe (Nalpeiron Ltd.)
PRC - C:\WINDOWS\system32\crypserv.exe (Kenonic Controls Ltd.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Aaron Stewart\Desktop\Rosetta\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AcrSch2Svc [Disabled | Stopped]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Arrakis3 [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (astcc [Auto | Running]) -- C:\WINDOWS\system32\AstSrv.exe (Nalpeiron Ltd.)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Brother XP spl Service [Disabled | Stopped]) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Crypkey License [Auto | Running]) -- C:\WINDOWS\system32\crypserv.exe (Kenonic Controls Ltd.)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Disabled | Stopped]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Irmon [On_Demand | Stopped]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LightScribeService [On_Demand | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LIVESRV [Auto | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (McrdSvc [On_Demand | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- File not found
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- File not found
SRV - (Roxio Upnp Server 9 [On_Demand | Stopped]) -- File not found
SRV - (RoxLiveShare9 [On_Demand | Stopped]) -- File not found
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- File not found
SRV - (RoxWatch9 [On_Demand | Stopped]) -- File not found
SRV - (scan [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (V2i Protector [On_Demand | Stopped]) -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe (PowerQuest Corporation)
SRV - (VSSERV [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- File not found
========== Driver Services (SafeList) ==========
DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (Ambfilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AR5211 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys (Atheros Communications, Inc.)
DRV - (AR5416 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\athw.sys (Atheros Communications, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bdfm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Bdfndisf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys (BitDefender LLC)
DRV - (bdfsfltr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdftdif [System | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (BDSelfPr [On_Demand | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
DRV - (BDVEDISK [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.)
DRV - (BrScnUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Cam5603D [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DKbFltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO [Auto | Running]) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (EMSCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\EMS7SK.sys (ENE Technology Inc.)
DRV - (ENETHUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\enethusb.sys (Efficient Networks, Inc.)
DRV - (ESDCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ESM7SK.sys (ENE Technology Inc.)
DRV - (GearAspiWDM [System | Running]) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys (GEAR Software)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (int15.sys [On_Demand | Stopped]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (irsir [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech Inc.)
DRV - (L8042pr2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidFlt2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouFlt2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV - (LUsbFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Monfilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NCBULK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NcBulk.sys (NetChip Technology, Inc.)
DRV - (NetworkX [System | Running]) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (NTIDrvr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (PQIMount [System | Running]) -- C:\WINDOWS\System32\drivers\PQIMount.sys (PowerQuest Corporation)
DRV - (PQNTDrv [System | Running]) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (PQV2i [Boot | Running]) -- C:\WINDOWS\System32\drivers\PQV2i.sys (StorageCraft)
DRV - (Profos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RxFilter [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ser2pl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMSC)
DRV - (snapman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (Trufos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (UBHelper [Boot | Running]) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\S-1-5-21-3766046748-2585909713-2437875348-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - user.js..browser.search.openintab: false
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/18 16:37:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\ [2009/04/01 20:04:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009/04/13 21:11:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/13 21:02:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/13 21:02:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/04/01 20:04:53 | 00,000,000 | ---D | M]
[2008/06/19 20:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Extensions
[2008/06/19 20:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/19 13:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions
[2009/03/28 19:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/03/17 23:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/03/30 18:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/04/18 18:30:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/12/16 10:37:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/04/18 18:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2009/02/11 19:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/13 22:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2009/04/13 16:38:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2007/12/16 10:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2009/04/19 13:18:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 17:27:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/06 02:40:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/09/08 02:12:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/14 01:18:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/01 22:21:58 | 00,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (313258 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 10786 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{D9D063C0-FA8A-47E5-95CC-5C8AAE3B8059}\\NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{F6EE877D-07C4-4EFF-8123-1C061438816B}\\NameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf () - [ NTFS ]
O32 - Autorun File - D:\autorun.inf () - [ NTFS ]
O33 - MountPoints2\{124d1352-ba91-11dc-8253-0016d45d518f}\Shell - "" = AutoRun
O33 - MountPoints2\{124d1352-ba91-11dc-8253-0016d45d518f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{124d1352-ba91-11dc-8253-0016d45d518f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{be4f84c9-363b-11dc-8cf9-0016d45d518f}\Shell - "" = AutoRun
O33 - MountPoints2\{be4f84c9-363b-11dc-8cf9-0016d45d518f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be4f84c9-363b-11dc-8cf9-0016d45d518f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c427ec98-ccf2-11dc-8260-0016d45d518f}\Shell - "" = AutoRun
O33 - MountPoints2\{c427ec98-ccf2-11dc-8260-0016d45d518f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c427ec98-ccf2-11dc-8260-0016d45d518f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[19 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
File not found -- C:\DOCUME~1\AARONS~1\Desktop\CA49EZCT.
[2009/04/19 13:25:50 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\VIRUS
[2009/04/19 13:23:23 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/19 13:01:04 | 00,001,738 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\HijackThis.lnk
[2009/04/19 13:01:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/19 04:13:45 | 00,000,332 | RHS- | C] () -- C:\autorun.inf
[2009/04/18 19:45:58 | 00,001,132 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Buy DivX for Windows.lnk
[2009/04/18 19:32:09 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/04/18 19:31:29 | 00,000,786 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Windows Media Player.lnk
[2009/04/18 19:16:48 | 00,000,000 | ---D | C] -- C:\3fc549c4dd6b93feb1e0dc6a149628d7
[2009/04/18 18:56:41 | 00,000,132 | ---- | C] () -- C:\httpdwl.dat
[2009/04/18 18:47:15 | 00,290,673 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\April18bookmarks.html
[2009/04/18 18:46:40 | 00,277,939 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Bookmarks 2009-04-18.json
[2009/04/18 01:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/04/18 01:00:35 | 00,071,022 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\SECURITY SPEC.docx
[2009/04/15 17:10:58 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\DEPRESSION
[2009/04/15 16:06:38 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\OneNote Notebooks
[2009/04/13 21:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/04/13 21:06:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/13 21:05:02 | 00,000,634 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\µTorrent.lnk
[2009/04/13 20:51:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/12 04:14:24 | 00,000,069 | ---- | C] () -- C:\WINDOWS\cdsutil.INI
[2009/04/12 04:11:05 | 00,000,036 | ---- | C] () -- C:\WINDOWS\ndet2000.INI
[2009/04/12 03:45:19 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2009/04/12 02:38:04 | 00,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2009/04/12 01:20:53 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/12 01:20:53 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/11 12:36:00 | 00,011,161 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Case Study Marlene.docx
[2009/04/08 23:25:48 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\TAXES
[2009/04/07 17:24:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\USAA
[2009/04/06 02:16:55 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\Fire
[2009/04/05 23:34:39 | 00,058,057 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft9.jpg
[2009/04/05 23:25:02 | 00,077,524 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft8.jpg
[2009/04/05 23:24:24 | 00,025,793 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft7.jpg
[2009/04/05 23:24:08 | 00,097,154 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft6.jpg
[2009/04/05 23:23:26 | 00,049,747 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft5.jpg
[2009/04/05 23:23:06 | 00,030,771 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft4.jpg
[2009/04/05 23:22:34 | 00,043,120 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft3.jpg
[2009/04/05 23:22:15 | 00,005,279 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft2.jpg
[2009/04/05 23:18:17 | 00,056,159 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft1.jpg
[2009/04/04 12:32:16 | 00,267,510 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Bookmarks 2009-04-04.json
[2009/04/03 20:06:54 | 04,920,374 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Part 1 of 3.docx
[2009/04/03 20:05:21 | 04,947,364 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Part 2 of 3.docx
[2009/04/03 20:04:42 | 04,744,941 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Part3 Final.docx
[2009/04/03 18:42:29 | 04,920,379 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Picture 1.docx
[2009/04/03 18:25:38 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\10000
[2009/04/01 23:52:12 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\Certificates
[2009/04/01 23:13:33 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/01 23:12:46 | 00,000,675 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/01 22:53:20 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/01 22:52:20 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/04/01 22:52:20 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/04/01 22:28:54 | 00,228,672 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys.bak
[2009/04/01 22:28:54 | 00,108,864 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.bak
[2009/04/01 22:28:54 | 00,102,208 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak
[2009/04/01 22:28:53 | 00,082,568 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys.bak
[2009/04/01 20:27:35 | 00,012,188 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Please follow the steps given below.docx
[2009/04/01 20:06:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2009/04/01 20:05:44 | 00,001,867 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\BitDefender Total Security 2009.lnk
[2009/04/01 20:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\BitDefender
[2009/04/01 20:04:30 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/04/01 20:04:30 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\BitDefender
[2009/04/01 19:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/04/01 10:33:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/03/31 19:26:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/31 02:19:49 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\Pinnacle VideoSpin
[2009/03/31 02:17:12 | 00,000,826 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Pinnacle VideoSpin.lnk
[2009/03/31 02:16:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2009/03/31 02:16:24 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\Pinnacle
[2009/03/31 02:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/03/31 02:16:23 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle VideoSpin
[2009/03/31 02:14:34 | 00,000,349 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Documents\PCLECHAL.INI
[2009/03/31 02:14:33 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle
[2009/03/31 00:12:09 | 00,000,790 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\video test.mpeg
[2009/03/31 00:10:07 | 00,000,785 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\video test
[2009/03/31 00:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\avidemux
[2009/03/30 23:58:15 | 00,011,420 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Case Study.docx
[2009/03/30 17:47:40 | 00,949,392 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Binge.pptx
[2009/03/30 17:39:31 | 00,000,634 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Audacity.lnk
[2009/03/30 17:39:29 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/03/30 17:36:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\Cool Record Edit Pro
[2009/03/30 17:14:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\Free Sound Recorder
[2009/03/30 17:13:57 | 00,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2009/03/30 17:13:57 | 00,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2009/03/30 17:13:57 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/03/30 17:13:57 | 00,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll
[2009/03/30 17:13:57 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2009/03/30 17:13:57 | 00,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/03/30 17:13:57 | 00,001,608 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Cool Record Edit Pro.lnk
[2009/03/30 17:13:57 | 00,001,497 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Free Sound Recorder.lnk
[2009/03/30 17:13:56 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2009/03/30 17:13:56 | 01,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2009/03/30 17:13:56 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2009/03/30 17:13:56 | 00,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/03/30 17:13:56 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/03/30 17:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\Free Sound Recorder
[2009/03/28 18:26:38 | 00,474,794 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\bookmarks.html
[2009/03/25 23:18:24 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\Joe antenna
[2009/03/23 19:43:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/03/23 17:33:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Calculator Plus
[2009/03/21 22:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\Uniblue
[2009/03/21 22:44:37 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\DriverScanner
[2009/03/21 18:58:01 | 00,456,279 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Scan0001.JPG
[2009/03/13 18:36:17 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/03/13 18:36:13 | 00,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/03/13 18:36:13 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/02/20 18:55:23 | 00,055,828 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2009/02/20 17:44:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AUDIO.INI
[2009/02/18 17:23:28 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/13 17:01:16 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/02/11 21:47:13 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/11 21:24:08 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/02/11 21:24:08 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/02/11 21:24:08 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/02/11 21:24:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/11/27 12:47:56 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/11/20 01:49:55 | 00,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2008/08/25 13:31:32 | 00,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/07/20 10:54:41 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/05/19 19:05:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2008/04/23 18:34:48 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/03/26 15:43:33 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2007/10/09 04:22:19 | 00,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/06 20:48:13 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/07/30 01:49:22 | 00,000,139 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/07/30 01:49:19 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/06/20 04:40:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/06/16 17:38:15 | 00,000,032 | ---- | C] () -- C:\WINDOWS\HMSCCgi4Pro.INI
[2007/05/30 13:30:36 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/01 18:49:53 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/23 13:24:38 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/22 18:35:48 | 00,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2007/04/22 17:45:53 | 00,000,522 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/21 10:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/04/19 03:35:03 | 00,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/04/19 03:35:03 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/04/19 03:35:02 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/04/17 23:31:21 | 00,002,790 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2007/04/11 02:06:32 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2007/03/27 11:45:22 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/05 13:34:28 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2007/01/26 01:04:12 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 01:04:12 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/16 16:47:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 04:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/07/11 17:29:00 | 00,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[2006/06/01 21:30:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/01 19:56:54 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/06/01 19:55:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/06/01 19:55:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/06/01 19:55:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/06/01 19:55:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/06/01 19:25:44 | 00,000,694 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/01 19:16:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/05/12 16:50:28 | 00,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2006/03/10 17:15:44 | 00,036,404 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/14 23:59:52 | 00,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/10/14 06:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 06:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 06:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 06:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 06:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 06:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 06:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/08/05 17:01:54 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\sbe(2).dll
[2005/08/05 17:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 14:35:56 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/06/28 21:55:08 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/06/28 21:55:08 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/03/28 18:45:26 | 00,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 19:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/02/13 16:49:00 | 00,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2003/10/02 04:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 04:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/12/26 18:12:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
========== Files - Modified Within 30 Days ==========
[19 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
File not found -- C:\DOCUME~1\AARONS~1\Desktop\CA49EZCT.
[2009/04/19 13:11:13 | 00,617,264 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/19 13:11:13 | 00,511,720 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/19 13:11:13 | 00,095,110 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/19 13:07:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/19 13:06:56 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/19 13:06:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/19 13:06:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/19 13:04:47 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/19 13:01:04 | 00,001,738 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\HijackThis.lnk
[2009/04/19 12:47:11 | 00,000,332 | RHS- | M] () -- C:\autorun.inf
[2009/04/19 12:28:00 | 00,226,816 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/18 21:50:38 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{83B05C96-5FF3-4FC2-B6DB-2463C8E050AA}.job
[2009/04/18 19:45:58 | 00,001,132 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Buy DivX for Windows.lnk
[2009/04/18 19:36:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/18 19:35:40 | 00,000,786 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Windows Media Player.lnk
[2009/04/18 19:31:36 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/18 19:31:36 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/18 19:31:23 | 00,000,694 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/18 19:31:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/18 19:31:23 | 00,000,221 | RHS- | M] () -- C:\boot.ini
[2009/04/18 18:56:41 | 00,000,132 | ---- | M] () -- C:\httpdwl.dat
[2009/04/18 18:47:15 | 00,290,673 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\April18bookmarks.html
[2009/04/18 18:46:41 | 00,277,939 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Bookmarks 2009-04-18.json
[2009/04/18 01:00:37 | 00,071,022 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\SECURITY SPEC.docx
[2009/04/17 10:44:04 | 00,000,675 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/13 21:11:58 | 00,000,901 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\RealPlayer.lnk
[2009/04/13 21:11:00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/04/13 21:05:02 | 00,000,634 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\µTorrent.lnk
[2009/04/13 20:55:25 | 00,001,490 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\MagicISO.lnk
[2009/04/13 20:52:57 | 00,000,799 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\DivX Player.lnk
[2009/04/13 20:52:34 | 00,000,835 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\DivX Converter.lnk
[2009/04/13 20:51:02 | 00,001,459 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\DivX Movies.lnk
[2009/04/13 20:19:50 | 00,001,733 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 9.lnk
[2009/04/13 15:48:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/12 04:14:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\cdsutil.INI
[2009/04/12 04:11:05 | 00,000,036 | ---- | M] () -- C:\WINDOWS\ndet2000.INI
[2009/04/12 01:20:54 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/12 01:20:53 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/11 15:22:50 | 00,313,258 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/11 12:36:05 | 00,011,161 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Case Study Marlene.docx
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 23:34:41 | 00,058,057 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft9.jpg
[2009/04/05 23:25:03 | 00,077,524 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft8.jpg
[2009/04/05 23:24:25 | 00,025,793 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft7.jpg
[2009/04/05 23:24:09 | 00,097,154 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft6.jpg
[2009/04/05 23:23:27 | 00,049,747 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft5.jpg
[2009/04/05 23:23:08 | 00,030,771 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft4.jpg
[2009/04/05 23:22:35 | 00,043,120 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft3.jpg
[2009/04/05 23:22:16 | 00,005,279 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft2.jpg
[2009/04/05 23:18:32 | 00,056,159 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft1.jpg
[2009/04/04 12:32:17 | 00,267,510 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Bookmarks 2009-04-04.json
[2009/04/04 11:10:48 | 00,000,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/04/03 20:08:09 | 04,947,364 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Part 2 of 3.docx
[2009/04/03 20:06:56 | 04,920,374 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Part 1 of 3.docx
[2009/04/03 20:06:43 | 04,920,379 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Picture 1.docx
[2009/04/03 20:04:47 | 04,744,941 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Part3 Final.docx
[2009/04/01 23:05:31 | 00,000,816 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Yahoo! Messenger.lnk
[2009/04/01 22:53:20 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/04/01 22:52:20 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/04/01 22:52:20 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/04/01 22:23:10 | 00,192,512 | ---- | M] () -- C:\WINDOWS\System32\txmlutil.dll
[2009/04/01 22:23:09 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2009/04/01 22:23:08 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2009/04/01 22:23:07 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2009/04/01 22:23:07 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys
[2009/04/01 20:27:38 | 00,012,188 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Please follow the steps given below.docx
[2009/04/01 20:05:44 | 00,001,867 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\BitDefender Total Security 2009.lnk
[2009/04/01 01:27:43 | 00,949,392 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Binge.pptx
[2009/03/31 19:34:38 | 00,000,084 | -HS- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\desktop.ini
[2009/03/31 19:23:02 | 02,292,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/31 02:42:59 | 00,000,349 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Documents\PCLECHAL.INI
[2009/03/31 02:17:12 | 00,000,826 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Pinnacle VideoSpin.lnk
[2009/03/31 00:12:09 | 00,000,790 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\video test.mpeg
[2009/03/31 00:10:07 | 00,000,785 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\video test
[2009/03/30 23:58:16 | 00,011,420 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Case Study.docx
[2009/03/30 17:39:31 | 00,000,634 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Audacity.lnk
[2009/03/30 17:13:57 | 00,001,608 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Cool Record Edit Pro.lnk
[2009/03/30 17:13:57 | 00,001,497 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Free Sound Recorder.lnk
[2009/03/28 18:26:38 | 00,474,794 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\bookmarks.html
[2009/03/28 17:27:19 | 00,001,606 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/03/23 17:19:56 | 00,029,829 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\truck fuel.xlsx
[2009/03/21 19:30:46 | 00,304,068 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090411-152249.backup
[2009/03/21 19:30:37 | 00,304,068 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090321-193046.backup
[2009/03/21 18:58:02 | 00,456,279 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Scan0001.JPG
[2009/03/21 10:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 10:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\main.cpl:SummaryInformation
< End of report >
OTListIt Extras logfile created on: 4/19/2009 1:27:31 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Aaron Stewart\Desktop\Rosetta
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
766.10 Mb Total Physical Memory | 219.98 Mb Available Physical Memory | 28.71% Memory free
3.33 Gb Paging File | 2.84 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): C:\pagefile.sys 2688 2688;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.21 Gb Total Space | 12.94 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Drive D: | 53.70 Gb Total Space | 7.79 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AJHOME
Current User Name: Aaron Stewart
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Messenger (Microsoft Corporation)
C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe File not found
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup File not found
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BaUPnP.exe:*:Enabled:BaUPnP File not found
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 (Adobe Systems Incorporated)
C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager (Pinnacle Systems)
C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi (Pinnacle Systems)
C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin (Pinnacle Systems)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20ACA1B0-8043-11D4-AEB1-00C04F590412}" = MapSource
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACF317C-CA66-4363-AEBF-A073B124AA1A}" = BitDefender Total Security 2009
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA396ABC-98AF-4F4A-B0F8-EB160DFF344B}" = Acer OrbiCam Utility Bar
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.7
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Belltech Business Card Designer Pro 4.7 (Trial)_is1" = Belltech Business Card Designer Pro 4.7
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"filehippo.com" = filehippo.com Update Checker
"Free Sound Recorder" = Free Sound Recorder
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"KillProcess" = KillProcess 2.43 Alpha
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.89 Basic
"Loader_is1" = Loader
"Magic ISO Maker v5.4 (build 0246)" = Magic ISO Maker v5.4 (build 0246)
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealPlayer 6.0" = RealPlayer
"RegDoctor_is1" = RegDoctor 2.03
"SatCalc" = SatCalc 1.2
"SightSpeed" = SightSpeed (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"Tweak UI 2.10" = Tweak UI
"USBExplorer for MAIN S/W ver 01.34 and above_is1" = USBExplorer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/31/2009 6:57:44 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/31/2009 7:22:43 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/31/2009 7:22:43 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/31/2009 7:23:04 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/31/2009 7:23:04 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/31/2009 10:46:12 PM | Computer Name = AJHOME | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 12.0.6331.5000, faulting
module sptip.dll, version 5.1.2600.2180, fault address 0x0000851d.
Error - 3/31/2009 10:49:29 PM | Computer Name = AJHOME | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 12.0.6331.5000, faulting
module sptip.dll, version 5.1.2600.2180, fault address 0x0000851d.
Error - 3/31/2009 11:02:48 PM | Computer Name = AJHOME | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 12.0.6331.5000, faulting
module sptip.dll, version 5.1.2600.2180, fault address 0x0000851d.
Error - 3/31/2009 11:03:11 PM | Computer Name = AJHOME | Source = Application Error | ID = 1001
Description = Fault bucket 1209967530.
Error - 3/31/2009 11:27:17 PM | Computer Name = AJHOME | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 12.0.6331.5000, faulting
module sptip.dll, version 5.1.2600.2180, fault address 0x0000851d.
[ ODiag Events ]
Error - 7/23/2007 11:35:19 PM | Computer Name = AJHOME | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 81vb. Error code: N/A
[ OSession Events ]
Error - 11/24/2007 8:52:42 PM | Computer Name = AJHOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 77
seconds with 60 seconds of active time. This session ended with a crash.
Error - 11/24/2007 9:57:10 PM | Computer Name = AJHOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3753
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/24/2007 9:57:20 PM | Computer Name = AJHOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/19/2009 7:54:31 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 4/19/2009 8:54:46 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 4/19/2009 9:55:02 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 4/19/2009 10:55:17 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 4/19/2009 11:55:32 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 4/19/2009 12:45:34 PM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 4/19/2009 12:46:57 PM | Computer Name = AJHOME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 4/19/2009 12:58:48 PM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 4/19/2009 12:58:48 PM | Computer Name = AJHOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747
Error - 4/19/2009 1:07:16 PM | Computer Name = AJHOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747
< End of report >
Microsoft Windows XP Professional (5.1.2600) Service Pack 2
C:\ [Fixed] - NTFS - (Total:54486 Mo/Free:960 Mo)
D:\ [Fixed] - NTFS - (Total:54988 Mo/Free:3882 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Sun 04/19/2009|13:23
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- livesrv.exe
--Locked-- vsserv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\AstSrv.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\WINDOWS\system32\crypserv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\Documents and Settings\Aaron Stewart\Desktop\Rosetta\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{D9D063C0-FA8A-47E5-95CC-5C8AAE3B8059}]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{D9D063C0-FA8A-47E5-95CC-5C8AAE3B8059}]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{D9D063C0-FA8A-47E5-95CC-5C8AAE3B8059}]
NameServer REG_SZ 85.255.112.71,85.255.112.105
==> WAREOUT <==
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\AARONS~1\Application Data\U3\temp\48c833610\Acronis.True.Image.Home.v10.0.4942.Incl.Keymaker-CORE\keygen-CORE.exe
C:\DOCUME~1\AARONS~1\Application Data\uTorrent\PFConfig 1.0.163 + Crack.rar.1.torrent
C:\DOCUME~1\AARONS~1\Application Data\uTorrent\PFConfig 1.0.163 + Crack.rar.torrent
C:\DOCUME~1\AARONS~1\Application Data\uTorrent\Texas Holdem Genius 2008 Poker Cheat Bot - Crack Free 100% Working!.zip.torrent
C:\DOCUME~1\AARONS~1\Application Data\uTorrent\WinRar 3.71 + keygen (Works 100% - I tested).torrent
1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/19/2009|13:24
----------------------\\ Scan completed at 13:24