Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer taken over by someting


  • Please log in to reply

#1
AaronOhio

AaronOhio

    New Member

  • Member
  • Pip
  • 1 posts
My computer recently has been taken over. I am not that smart at computer stuff so tech. talk is above my understanding. I have basic knowledge of computers. I have read the malware guide previous to posting. I am running MS XP Home SP2
I downloaded a video and then MS Media player stated I need media usage rights to play video. Of course I trusted MS(mistake there) and installed Video Com Version 1.90 I clicked to download and a program was installed. I do not recall the name as I uninstalled it. i tried to get it again but because of the hijack it will not go to the site to download. I did see this listed at the top of the popup window, a website called goldrushg.net Image attached.

Problems - internet, Mozilla Firefox & IE8 gets redirectied(i was lucky to get this site), cannot run MS system restore, Malwarebytes' Anti-Malware, MS malicious checker. Here are my logs files. Please let me know what else is needed. I thank you for your time and attention. Aaron

OTListIt logfile created on: 4/19/2009 1:27:31 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Aaron Stewart\Desktop\Rosetta
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.10 Mb Total Physical Memory | 219.98 Mb Available Physical Memory | 28.71% Memory free
3.33 Gb Paging File | 2.84 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): C:\pagefile.sys 2688 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.21 Gb Total Space | 12.94 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Drive D: | 53.70 Gb Total Space | 7.79 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AJHOME
Current User Name: Aaron Stewart
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\AstSrv.exe (Nalpeiron Ltd.)
PRC - C:\WINDOWS\system32\crypserv.exe (Kenonic Controls Ltd.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Aaron Stewart\Desktop\Rosetta\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcrSch2Svc [Disabled | Stopped]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Arrakis3 [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (astcc [Auto | Running]) -- C:\WINDOWS\system32\AstSrv.exe (Nalpeiron Ltd.)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Brother XP spl Service [Disabled | Stopped]) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Crypkey License [Auto | Running]) -- C:\WINDOWS\system32\crypserv.exe (Kenonic Controls Ltd.)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEARSecurity [Disabled | Stopped]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Irmon [On_Demand | Stopped]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LightScribeService [On_Demand | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LIVESRV [Auto | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (McrdSvc [On_Demand | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- File not found
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- File not found
SRV - (Roxio Upnp Server 9 [On_Demand | Stopped]) -- File not found
SRV - (RoxLiveShare9 [On_Demand | Stopped]) -- File not found
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- File not found
SRV - (RoxWatch9 [On_Demand | Stopped]) -- File not found
SRV - (scan [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (V2i Protector [On_Demand | Stopped]) -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe (PowerQuest Corporation)
SRV - (VSSERV [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (Ambfilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AR5211 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys (Atheros Communications, Inc.)
DRV - (AR5416 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\athw.sys (Atheros Communications, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bdfm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Bdfndisf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys (BitDefender LLC)
DRV - (bdfsfltr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdftdif [System | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (BDSelfPr [On_Demand | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
DRV - (BDVEDISK [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.)
DRV - (BrScnUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Cam5603D [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DKbFltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO [Auto | Running]) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (EMSCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\EMS7SK.sys (ENE Technology Inc.)
DRV - (ENETHUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\enethusb.sys (Efficient Networks, Inc.)
DRV - (ESDCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ESM7SK.sys (ENE Technology Inc.)
DRV - (GearAspiWDM [System | Running]) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys (GEAR Software)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (int15.sys [On_Demand | Stopped]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (irsir [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech Inc.)
DRV - (L8042pr2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidFlt2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LMouFlt2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV - (LUsbFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Monfilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NCBULK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NcBulk.sys (NetChip Technology, Inc.)
DRV - (NetworkX [System | Running]) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (NTIDrvr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (PQIMount [System | Running]) -- C:\WINDOWS\System32\drivers\PQIMount.sys (PowerQuest Corporation)
DRV - (PQNTDrv [System | Running]) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (PQV2i [Boot | Running]) -- C:\WINDOWS\System32\drivers\PQV2i.sys (StorageCraft)
DRV - (Profos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RxFilter [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ser2pl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMSC)
DRV - (snapman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (Trufos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (UBHelper [Boot | Running]) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\S-1-5-21-3766046748-2585909713-2437875348-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/18 16:37:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\ [2009/04/01 20:04:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009/04/13 21:11:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/13 21:02:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/13 21:02:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/04/01 20:04:53 | 00,000,000 | ---D | M]

[2008/06/19 20:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Extensions
[2008/06/19 20:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/19 13:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions
[2009/03/28 19:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/03/17 23:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/03/30 18:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/04/18 18:30:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/12/16 10:37:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/04/18 18:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2009/02/11 19:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/13 22:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2009/04/13 16:38:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2007/12/16 10:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aaron Stewart\Application Data\mozilla\Firefox\Profiles\esfs2v0h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2009/04/19 13:18:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 17:27:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/06 02:40:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/09/08 02:12:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/14 01:18:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/01 22:21:58 | 00,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (313258 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 10786 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3766046748-2585909713-2437875348-1005\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{D9D063C0-FA8A-47E5-95CC-5C8AAE3B8059}\\NameServer = 85.255.112.71,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{F6EE877D-07C4-4EFF-8123-1C061438816B}\\NameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf () - [ NTFS ]
O32 - Autorun File - D:\autorun.inf () - [ NTFS ]
O33 - MountPoints2\{124d1352-ba91-11dc-8253-0016d45d518f}\Shell - "" = AutoRun
O33 - MountPoints2\{124d1352-ba91-11dc-8253-0016d45d518f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{124d1352-ba91-11dc-8253-0016d45d518f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{be4f84c9-363b-11dc-8cf9-0016d45d518f}\Shell - "" = AutoRun
O33 - MountPoints2\{be4f84c9-363b-11dc-8cf9-0016d45d518f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be4f84c9-363b-11dc-8cf9-0016d45d518f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c427ec98-ccf2-11dc-8260-0016d45d518f}\Shell - "" = AutoRun
O33 - MountPoints2\{c427ec98-ccf2-11dc-8260-0016d45d518f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c427ec98-ccf2-11dc-8260-0016d45d518f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
File not found -- C:\DOCUME~1\AARONS~1\Desktop\CA49EZCT.
[2009/04/19 13:25:50 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\VIRUS
[2009/04/19 13:23:23 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/19 13:01:04 | 00,001,738 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\HijackThis.lnk
[2009/04/19 13:01:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/19 04:13:45 | 00,000,332 | RHS- | C] () -- C:\autorun.inf
[2009/04/18 19:45:58 | 00,001,132 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Buy DivX for Windows.lnk
[2009/04/18 19:32:09 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/04/18 19:31:29 | 00,000,786 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Windows Media Player.lnk
[2009/04/18 19:16:48 | 00,000,000 | ---D | C] -- C:\3fc549c4dd6b93feb1e0dc6a149628d7
[2009/04/18 18:56:41 | 00,000,132 | ---- | C] () -- C:\httpdwl.dat
[2009/04/18 18:47:15 | 00,290,673 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\April18bookmarks.html
[2009/04/18 18:46:40 | 00,277,939 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Bookmarks 2009-04-18.json
[2009/04/18 01:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/04/18 01:00:35 | 00,071,022 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\SECURITY SPEC.docx
[2009/04/15 17:10:58 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\DEPRESSION
[2009/04/15 16:06:38 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\OneNote Notebooks
[2009/04/13 21:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/04/13 21:06:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/13 21:05:02 | 00,000,634 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\µTorrent.lnk
[2009/04/13 20:51:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/12 04:14:24 | 00,000,069 | ---- | C] () -- C:\WINDOWS\cdsutil.INI
[2009/04/12 04:11:05 | 00,000,036 | ---- | C] () -- C:\WINDOWS\ndet2000.INI
[2009/04/12 03:45:19 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2009/04/12 02:38:04 | 00,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2009/04/12 01:20:53 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/12 01:20:53 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/11 12:36:00 | 00,011,161 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Case Study Marlene.docx
[2009/04/08 23:25:48 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\TAXES
[2009/04/07 17:24:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\USAA
[2009/04/06 02:16:55 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\Fire
[2009/04/05 23:34:39 | 00,058,057 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft9.jpg
[2009/04/05 23:25:02 | 00,077,524 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft8.jpg
[2009/04/05 23:24:24 | 00,025,793 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft7.jpg
[2009/04/05 23:24:08 | 00,097,154 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft6.jpg
[2009/04/05 23:23:26 | 00,049,747 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft5.jpg
[2009/04/05 23:23:06 | 00,030,771 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft4.jpg
[2009/04/05 23:22:34 | 00,043,120 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft3.jpg
[2009/04/05 23:22:15 | 00,005,279 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft2.jpg
[2009/04/05 23:18:17 | 00,056,159 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft1.jpg
[2009/04/04 12:32:16 | 00,267,510 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Bookmarks 2009-04-04.json
[2009/04/03 20:06:54 | 04,920,374 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Part 1 of 3.docx
[2009/04/03 20:05:21 | 04,947,364 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Part 2 of 3.docx
[2009/04/03 20:04:42 | 04,744,941 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Part3 Final.docx
[2009/04/03 18:42:29 | 04,920,379 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Picture 1.docx
[2009/04/03 18:25:38 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\10000
[2009/04/01 23:52:12 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\Certificates
[2009/04/01 23:13:33 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/01 23:12:46 | 00,000,675 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/01 22:53:20 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/01 22:52:20 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/04/01 22:52:20 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/04/01 22:28:54 | 00,228,672 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys.bak
[2009/04/01 22:28:54 | 00,108,864 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.bak
[2009/04/01 22:28:54 | 00,102,208 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak
[2009/04/01 22:28:53 | 00,082,568 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys.bak
[2009/04/01 20:27:35 | 00,012,188 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Please follow the steps given below.docx
[2009/04/01 20:06:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2009/04/01 20:05:44 | 00,001,867 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\BitDefender Total Security 2009.lnk
[2009/04/01 20:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\BitDefender
[2009/04/01 20:04:30 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/04/01 20:04:30 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\BitDefender
[2009/04/01 19:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/04/01 10:33:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/03/31 19:26:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/31 02:19:49 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\Pinnacle VideoSpin
[2009/03/31 02:17:12 | 00,000,826 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Pinnacle VideoSpin.lnk
[2009/03/31 02:16:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2009/03/31 02:16:24 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\Pinnacle
[2009/03/31 02:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/03/31 02:16:23 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle VideoSpin
[2009/03/31 02:14:34 | 00,000,349 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Documents\PCLECHAL.INI
[2009/03/31 02:14:33 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle
[2009/03/31 00:12:09 | 00,000,790 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\video test.mpeg
[2009/03/31 00:10:07 | 00,000,785 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\video test
[2009/03/31 00:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\avidemux
[2009/03/30 23:58:15 | 00,011,420 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Case Study.docx
[2009/03/30 17:47:40 | 00,949,392 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\Binge.pptx
[2009/03/30 17:39:31 | 00,000,634 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Audacity.lnk
[2009/03/30 17:39:29 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/03/30 17:36:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\Cool Record Edit Pro
[2009/03/30 17:14:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\Free Sound Recorder
[2009/03/30 17:13:57 | 00,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2009/03/30 17:13:57 | 00,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2009/03/30 17:13:57 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/03/30 17:13:57 | 00,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll
[2009/03/30 17:13:57 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2009/03/30 17:13:57 | 00,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/03/30 17:13:57 | 00,001,608 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Cool Record Edit Pro.lnk
[2009/03/30 17:13:57 | 00,001,497 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Free Sound Recorder.lnk
[2009/03/30 17:13:56 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2009/03/30 17:13:56 | 01,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2009/03/30 17:13:56 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2009/03/30 17:13:56 | 00,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/03/30 17:13:56 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/03/30 17:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\Free Sound Recorder
[2009/03/28 18:26:38 | 00,474,794 | ---- | C] () -- C:\DOCUME~1\AARONS~1\My Documents\bookmarks.html
[2009/03/25 23:18:24 | 00,000,000 | ---D | C] -- C:\DOCUME~1\AARONS~1\My Documents\Joe antenna
[2009/03/23 19:43:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/03/23 17:33:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Calculator Plus
[2009/03/21 22:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aaron Stewart\Application Data\Uniblue
[2009/03/21 22:44:37 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\DriverScanner
[2009/03/21 18:58:01 | 00,456,279 | ---- | C] () -- C:\DOCUME~1\AARONS~1\Desktop\Scan0001.JPG
[2009/03/13 18:36:17 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/03/13 18:36:13 | 00,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/03/13 18:36:13 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/02/20 18:55:23 | 00,055,828 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2009/02/20 17:44:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AUDIO.INI
[2009/02/18 17:23:28 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/13 17:01:16 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/02/11 21:47:13 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/11 21:24:08 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/02/11 21:24:08 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/02/11 21:24:08 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/02/11 21:24:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/11/27 12:47:56 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/11/20 01:49:55 | 00,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2008/08/25 13:31:32 | 00,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/07/20 10:54:41 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/05/19 19:05:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2008/04/23 18:34:48 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/03/26 15:43:33 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2007/10/09 04:22:19 | 00,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/06 20:48:13 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/07/30 01:49:22 | 00,000,139 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/07/30 01:49:19 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/06/20 04:40:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/06/16 17:38:15 | 00,000,032 | ---- | C] () -- C:\WINDOWS\HMSCCgi4Pro.INI
[2007/05/30 13:30:36 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/01 18:49:53 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/23 13:24:38 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/22 18:35:48 | 00,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2007/04/22 17:45:53 | 00,000,522 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/21 10:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/04/19 03:35:03 | 00,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/04/19 03:35:03 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/04/19 03:35:02 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/04/17 23:31:21 | 00,002,790 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2007/04/11 02:06:32 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2007/03/27 11:45:22 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/05 13:34:28 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2007/01/26 01:04:12 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 01:04:12 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/16 16:47:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 04:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/07/11 17:29:00 | 00,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[2006/06/01 21:30:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/01 19:56:54 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/06/01 19:55:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/06/01 19:55:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/06/01 19:55:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/06/01 19:55:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/06/01 19:25:44 | 00,000,694 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/01 19:16:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/05/12 16:50:28 | 00,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2006/03/10 17:15:44 | 00,036,404 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/14 23:59:52 | 00,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/10/14 06:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 06:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 06:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 06:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 06:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 06:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 06:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/08/05 17:01:54 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\sbe(2).dll
[2005/08/05 17:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 14:35:56 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/06/28 21:55:08 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/06/28 21:55:08 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/03/28 18:45:26 | 00,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 19:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/02/13 16:49:00 | 00,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2003/10/02 04:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 04:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/12/26 18:12:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
File not found -- C:\DOCUME~1\AARONS~1\Desktop\CA49EZCT.
[2009/04/19 13:11:13 | 00,617,264 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/19 13:11:13 | 00,511,720 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/19 13:11:13 | 00,095,110 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/19 13:07:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/19 13:06:56 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/04/19 13:06:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/19 13:06:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/19 13:04:47 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/19 13:01:04 | 00,001,738 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\HijackThis.lnk
[2009/04/19 12:47:11 | 00,000,332 | RHS- | M] () -- C:\autorun.inf
[2009/04/19 12:28:00 | 00,226,816 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/18 21:50:38 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{83B05C96-5FF3-4FC2-B6DB-2463C8E050AA}.job
[2009/04/18 19:45:58 | 00,001,132 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Buy DivX for Windows.lnk
[2009/04/18 19:36:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/18 19:35:40 | 00,000,786 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Windows Media Player.lnk
[2009/04/18 19:31:36 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/04/18 19:31:36 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/04/18 19:31:23 | 00,000,694 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/18 19:31:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/18 19:31:23 | 00,000,221 | RHS- | M] () -- C:\boot.ini
[2009/04/18 18:56:41 | 00,000,132 | ---- | M] () -- C:\httpdwl.dat
[2009/04/18 18:47:15 | 00,290,673 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\April18bookmarks.html
[2009/04/18 18:46:41 | 00,277,939 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Bookmarks 2009-04-18.json
[2009/04/18 01:00:37 | 00,071,022 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\SECURITY SPEC.docx
[2009/04/17 10:44:04 | 00,000,675 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/13 21:11:58 | 00,000,901 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\RealPlayer.lnk
[2009/04/13 21:11:00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/04/13 21:05:02 | 00,000,634 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\µTorrent.lnk
[2009/04/13 20:55:25 | 00,001,490 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\MagicISO.lnk
[2009/04/13 20:52:57 | 00,000,799 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\DivX Player.lnk
[2009/04/13 20:52:34 | 00,000,835 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\DivX Converter.lnk
[2009/04/13 20:51:02 | 00,001,459 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\DivX Movies.lnk
[2009/04/13 20:19:50 | 00,001,733 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 9.lnk
[2009/04/13 15:48:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/12 04:14:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\cdsutil.INI
[2009/04/12 04:11:05 | 00,000,036 | ---- | M] () -- C:\WINDOWS\ndet2000.INI
[2009/04/12 01:20:54 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/12 01:20:53 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/11 15:22:50 | 00,313,258 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/11 12:36:05 | 00,011,161 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Case Study Marlene.docx
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 23:34:41 | 00,058,057 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft9.jpg
[2009/04/05 23:25:03 | 00,077,524 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft8.jpg
[2009/04/05 23:24:25 | 00,025,793 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft7.jpg
[2009/04/05 23:24:09 | 00,097,154 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft6.jpg
[2009/04/05 23:23:27 | 00,049,747 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft5.jpg
[2009/04/05 23:23:08 | 00,030,771 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft4.jpg
[2009/04/05 23:22:35 | 00,043,120 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft3.jpg
[2009/04/05 23:22:16 | 00,005,279 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\airsoft2.jpg
[2009/04/05 23:18:32 | 00,056,159 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Airsoft1.jpg
[2009/04/04 12:32:17 | 00,267,510 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Bookmarks 2009-04-04.json
[2009/04/04 11:10:48 | 00,000,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/04/03 20:08:09 | 04,947,364 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Part 2 of 3.docx
[2009/04/03 20:06:56 | 04,920,374 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Part 1 of 3.docx
[2009/04/03 20:06:43 | 04,920,379 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Picture 1.docx
[2009/04/03 20:04:47 | 04,744,941 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Part3 Final.docx
[2009/04/01 23:05:31 | 00,000,816 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Yahoo! Messenger.lnk
[2009/04/01 22:53:20 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/04/01 22:52:20 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/04/01 22:52:20 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/04/01 22:23:10 | 00,192,512 | ---- | M] () -- C:\WINDOWS\System32\txmlutil.dll
[2009/04/01 22:23:09 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2009/04/01 22:23:08 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2009/04/01 22:23:07 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2009/04/01 22:23:07 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys
[2009/04/01 20:27:38 | 00,012,188 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Please follow the steps given below.docx
[2009/04/01 20:05:44 | 00,001,867 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\BitDefender Total Security 2009.lnk
[2009/04/01 01:27:43 | 00,949,392 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Binge.pptx
[2009/03/31 19:34:38 | 00,000,084 | -HS- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\desktop.ini
[2009/03/31 19:23:02 | 02,292,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/31 02:42:59 | 00,000,349 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Documents\PCLECHAL.INI
[2009/03/31 02:17:12 | 00,000,826 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Pinnacle VideoSpin.lnk
[2009/03/31 00:12:09 | 00,000,790 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\video test.mpeg
[2009/03/31 00:10:07 | 00,000,785 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\video test
[2009/03/30 23:58:16 | 00,011,420 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\Case Study.docx
[2009/03/30 17:39:31 | 00,000,634 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Audacity.lnk
[2009/03/30 17:13:57 | 00,001,608 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Cool Record Edit Pro.lnk
[2009/03/30 17:13:57 | 00,001,497 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Free Sound Recorder.lnk
[2009/03/28 18:26:38 | 00,474,794 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\bookmarks.html
[2009/03/28 17:27:19 | 00,001,606 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/03/23 17:19:56 | 00,029,829 | ---- | M] () -- C:\DOCUME~1\AARONS~1\My Documents\truck fuel.xlsx
[2009/03/21 19:30:46 | 00,304,068 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090411-152249.backup
[2009/03/21 19:30:37 | 00,304,068 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090321-193046.backup
[2009/03/21 18:58:02 | 00,456,279 | ---- | M] () -- C:\DOCUME~1\AARONS~1\Desktop\Scan0001.JPG
[2009/03/21 10:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 10:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\main.cpl:SummaryInformation
< End of report >


OTListIt Extras logfile created on: 4/19/2009 1:27:31 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Aaron Stewart\Desktop\Rosetta
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.10 Mb Total Physical Memory | 219.98 Mb Available Physical Memory | 28.71% Memory free
3.33 Gb Paging File | 2.84 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): C:\pagefile.sys 2688 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.21 Gb Total Space | 12.94 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Drive D: | 53.70 Gb Total Space | 7.79 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AJHOME
Current User Name: Aaron Stewart
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Messenger (Microsoft Corporation)
C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe File not found
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup File not found
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BaUPnP.exe:*:Enabled:BaUPnP File not found
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 (Adobe Systems Incorporated)
C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager (Pinnacle Systems)
C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi (Pinnacle Systems)
C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin (Pinnacle Systems)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20ACA1B0-8043-11D4-AEB1-00C04F590412}" = MapSource
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACF317C-CA66-4363-AEBF-A073B124AA1A}" = BitDefender Total Security 2009
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA396ABC-98AF-4F4A-B0F8-EB160DFF344B}" = Acer OrbiCam Utility Bar
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.7
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Belltech Business Card Designer Pro 4.7 (Trial)_is1" = Belltech Business Card Designer Pro 4.7
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"filehippo.com" = filehippo.com Update Checker
"Free Sound Recorder" = Free Sound Recorder
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"KillProcess" = KillProcess 2.43 Alpha
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.89 Basic
"Loader_is1" = Loader
"Magic ISO Maker v5.4 (build 0246)" = Magic ISO Maker v5.4 (build 0246)
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealPlayer 6.0" = RealPlayer
"RegDoctor_is1" = RegDoctor 2.03
"SatCalc" = SatCalc 1.2
"SightSpeed" = SightSpeed (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"Tweak UI 2.10" = Tweak UI
"USBExplorer for MAIN S/W ver 01.34 and above_is1" = USBExplorer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3766046748-2585909713-2437875348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2009 6:57:44 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/31/2009 7:22:43 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/31/2009 7:22:43 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/31/2009 7:23:04 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/31/2009 7:23:04 PM | Computer Name = AJHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/31/2009 10:46:12 PM | Computer Name = AJHOME | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 12.0.6331.5000, faulting
module sptip.dll, version 5.1.2600.2180, fault address 0x0000851d.

Error - 3/31/2009 10:49:29 PM | Computer Name = AJHOME | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 12.0.6331.5000, faulting
module sptip.dll, version 5.1.2600.2180, fault address 0x0000851d.

Error - 3/31/2009 11:02:48 PM | Computer Name = AJHOME | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 12.0.6331.5000, faulting
module sptip.dll, version 5.1.2600.2180, fault address 0x0000851d.

Error - 3/31/2009 11:03:11 PM | Computer Name = AJHOME | Source = Application Error | ID = 1001
Description = Fault bucket 1209967530.

Error - 3/31/2009 11:27:17 PM | Computer Name = AJHOME | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 12.0.6331.5000, faulting
module sptip.dll, version 5.1.2600.2180, fault address 0x0000851d.

[ ODiag Events ]
Error - 7/23/2007 11:35:19 PM | Computer Name = AJHOME | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 81vb. Error code: N/A

[ OSession Events ]
Error - 11/24/2007 8:52:42 PM | Computer Name = AJHOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 77
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/24/2007 9:57:10 PM | Computer Name = AJHOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3753
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/24/2007 9:57:20 PM | Computer Name = AJHOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/19/2009 7:54:31 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/19/2009 8:54:46 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/19/2009 9:55:02 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/19/2009 10:55:17 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/19/2009 11:55:32 AM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/19/2009 12:45:34 PM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/19/2009 12:46:57 PM | Computer Name = AJHOME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/19/2009 12:58:48 PM | Computer Name = AJHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/19/2009 12:58:48 PM | Computer Name = AJHOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 4/19/2009 1:07:16 PM | Computer Name = AJHOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747


< End of report >


Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:54486 Mo/Free:960 Mo)
D:\ [Fixed] - NTFS - (Total:54988 Mo/Free:3882 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 04/19/2009|13:23

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- livesrv.exe
--Locked-- vsserv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\AstSrv.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\WINDOWS\system32\crypserv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\Documents and Settings\Aaron Stewart\Desktop\Rosetta\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{D9D063C0-FA8A-47E5-95CC-5C8AAE3B8059}]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{D9D063C0-FA8A-47E5-95CC-5C8AAE3B8059}]
NameServer REG_SZ 85.255.112.71,85.255.112.105
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{D9D063C0-FA8A-47E5-95CC-5C8AAE3B8059}]
NameServer REG_SZ 85.255.112.71,85.255.112.105
==> WAREOUT <==

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\AARONS~1\Application Data\U3\temp\48c833610\Acronis.True.Image.Home.v10.0.4942.Incl.Keymaker-CORE\keygen-CORE.exe
C:\DOCUME~1\AARONS~1\Application Data\uTorrent\PFConfig 1.0.163 + Crack.rar.1.torrent
C:\DOCUME~1\AARONS~1\Application Data\uTorrent\PFConfig 1.0.163 + Crack.rar.torrent
C:\DOCUME~1\AARONS~1\Application Data\uTorrent\Texas Holdem Genius 2008 Poker Cheat Bot - Crack Free 100% Working!.zip.torrent
C:\DOCUME~1\AARONS~1\Application Data\uTorrent\WinRar 3.71 + keygen (Works 100% - I tested).torrent


1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/19/2009|13:24

----------------------\\ Scan completed at 13:24

Attached Thumbnails

  • video_Com.JPG

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP