[tniah]

I had a trojan a few months back and one of your support guys here helped me get rid of it.
It was one of the Codec variants and I had it on two machines. Both machines now seem
to work fairly well, but it screwed up a few things which I am still unable to correct.
So, I am going to reformat the C: drive on at least one of the machines, probably both.

I used these machines in a music recording system, Steinberg Nuendo, and have multiple
drives that have been used at different times, some via USB, some via SATA. I think I
know the ugly answer to this, but if it is possible to say at all, what are the odds that I
might have a Rootkit or Trojan on one of these other drives. I don't really want to have
to reformat all of them right now (I am backed up on all however).

I have scanned with all of your suggested tools many times, and continue to do so.
Also, I have used a tool called UnHackMe to look for Rootkits, and in all cases both computers
show as clean at this time. Maybe I should post a HiJackThis log just for you to look over.

I know there will not be any definitive answer, but any insight by an expert would be
helpful.


Tniah

[Advertisements]

Hi again,

I went ahead and did all of the sequence per your instructions page. If I
can get by without having to reformat all of my drives, I would be a very
happy guy. But I do know that trojans and viruses can move, so I may
be just wishing.

One other question, I know you say that a given computer should only
have one Virus Scanner on it at a time. What about MalWare or Spyware
Scanners? Can I have BitDefender (which I am using) and MalWareBytes
(which I am also using) installed at the same time.

Or do you mean just don't have them running at the same time. The
new BitDefender has anti-spyware built in, so what is the effect of that.
This would be a good article for someone, a little more depth about
what can run, and cannot run simultaneously. Thanks in advance
whatever the answers.

Here are my OTListIt2 and Rooter Logs from today.


<-- Here is the OTListIt2 Log -->

OTListIt logfile created on: 4/26/2009 2:21:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\BigDaddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.36 Gb Total Space | 63.01 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 189.92 Gb Total Space | 65.16 Gb Free Space | 34.31% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 47.75 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: sonhouse
Current User Name: BigDaddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\digi96.exe (RME)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe (Hewlett-Packard Company)
PRC - C:\Program Files\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Brownie\BrstsWnd.exe (brother)
PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Common Files\SnapStream\Common\X10nets.exe (X10)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe ()
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe (SnapStream Media)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe (SnapStream Media)
PRC - C:\Documents and Settings\BigDaddy\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Arrakis3 [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LIVESRV [Auto | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (scan [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (VSSERV [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (x10nets [On_Demand | Running]) -- C:\Program Files\Common Files\SnapStream\Common\X10nets.exe (X10)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (ATIDACXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atidacxx.sys (ATI Technologies Inc.)
DRV - (ATIDDCXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atiddcxx.sys (ATI Technologies Inc.)
DRV - (ATIDTUXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atidtuxx.sys (ATI Technologies Inc.)
DRV - (ATIDVCXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atidvcxx.sys (ATI Technologies Inc.)
DRV - (ATIDXBXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atidxbxx.sys (ATI Technologies Inc.)
DRV - (bdfm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Bdfndisf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys (BitDefender LLC)
DRV - (bdfsfltr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdftdif [System | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (BDSelfPr [On_Demand | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
DRV - (BDVEDISK [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.)
DRV - (BVRPMPR5 [On_Demand | Stopped]) -- C:\windows\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (digi96 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\digi96.sys (RME)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (MidiSyn [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (Partizan [Boot | Stopped]) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Profos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (sf [System | Running]) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SynasUSB [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\SynasUSB.sys (SIA Syncrosoft)
DRV - (Trufos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (USB22LDR [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usb22ldr.sys (MIDIMAN)
DRV - (USBMN2X2 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbmn2x2.sys (Doug Fetter Software Wizardry)
DRV - (XUIF [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...FORM=SOLTDF&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.6
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.19.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
FF - prefs.js..keyword.URL: "http://search.live.c...FORM=SOLTDF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/20 08:30:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\ [2009/02/20 21:37:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/27 12:36:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 17:20:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 17:20:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/02/20 21:38:11 | 00,000,000 | ---D | M]

[2008/09/09 00:38:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Extensions
[2008/09/09 00:38:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/26 14:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Firefox\Profiles\i9417xms.default\extensions
[2009/04/03 09:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Firefox\Profiles\i9417xms.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/03/04 21:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Firefox\Profiles\i9417xms.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/06/19 20:40:26 | 00,002,921 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Application Data\Mozilla\FireFox\Profiles\i9417xms.default\searchplugins\daemon-search.xml
[2009/04/26 14:06:31 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Application Data\Mozilla\FireFox\Profiles\i9417xms.default\searchplugins\live-search.xml
[2009/04/24 16:23:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/04/08 23:23:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/23 17:20:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/27 12:37:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/14 22:41:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/23 17:20:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 17:20:41 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/01 08:30:05 | 00,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2008/09/09 00:38:41 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/09 00:38:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/09 00:38:41 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 20:44:21 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/09 00:38:41 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/09 00:38:41 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/09 00:38:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (302468 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 10427 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun (brother)
O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RMETray] digi96.exe (RME)
O4 - HKLM..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe (SnapStream Media, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1170029355062 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1170030100531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E8FE347E-1C8A-49D6-955C-C45B56AF0BC8}\\NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/26 13:19:13 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BigDaddy\Desktop\OTListIt2.exe
[2009/04/26 13:01:08 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\BigDaddy\Desktop\Rooter.exe
[2009/04/26 13:00:22 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/21 19:27:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BigDaddy\My Documents\Twitter Docs
[2009/04/15 04:31:03 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 04:31:02 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 04:31:02 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 04:31:02 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 04:31:01 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 04:31:01 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 04:31:01 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 04:31:00 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 04:30:59 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 04:30:10 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 04:30:09 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 04:30:09 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 22:42:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/12 07:58:21 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/30 20:36:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/03/30 20:36:14 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\BigDaddy\Desktop\DVD Shrink 3.2.lnk
[2009/03/30 20:36:12 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/03/07 11:27:51 | 00,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/03/07 11:27:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/03/07 11:26:46 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/03/07 11:26:45 | 00,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2009/03/07 11:22:41 | 00,000,291 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/02/23 13:00:29 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/02/08 14:10:59 | 00,000,461 | ---- | C] () -- C:\WINDOWS\Jelly.ini
[2008/10/09 16:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/01 18:03:52 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/23 09:50:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 09:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 09:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 09:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/19 20:30:06 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/05/12 22:42:27 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/05/04 00:08:14 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/26 21:41:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/04/19 22:51:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/19 22:51:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/19 22:51:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/19 22:51:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/19 22:51:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/19 22:51:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2005/11/24 09:42:51 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/24 09:15:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2005/11/23 23:16:14 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/11/21 09:18:36 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2005/05/08 09:56:00 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2002/08/29 05:00:00 | 00,000,664 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/26 14:19:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BigDaddy\Desktop\OTListIt2.exe
[2009/04/26 13:52:35 | 00,000,291 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2009/04/26 13:51:53 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 13:51:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/26 13:50:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/26 13:49:15 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/26 12:55:49 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Desktop\Rooter.exe
[2009/04/26 01:24:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/23 09:51:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/21 19:27:22 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Desktop\Notepad.lnk
[2009/04/21 15:47:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/04/16 08:53:57 | 00,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 08:53:57 | 00,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 08:53:57 | 00,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 03:10:50 | 00,000,340 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/12 07:58:21 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/04/06 07:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/01 08:29:44 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2009/03/30 20:36:14 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Desktop\DVD Shrink 3.2.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 1238 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:yoA9MubIGHKEzbUl
@Alternate Data Stream - 1121 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:K9ty5unsT444tnWigkMVu8vJ
@Alternate Data Stream - 1112 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:D0JejUiHUPX6bYcaXEcZv
< End of report >


<-- Here is the OTListIt2 Extra Log -->

OTListIt Extras logfile created on: 4/26/2009 2:21:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\BigDaddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.36 Gb Total Space | 63.01 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 189.92 Gb Total Space | 65.16 Gb Free Space | 34.31% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 47.75 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: sonhouse
Current User Name: BigDaddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:TV Registration Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:TV Library Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:TV Network Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:*:Enabled:TV Notifier Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:TV Recording Engine (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:TV Guide Data Loader (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:TV Settings Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:TV Task Manager Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:TV ViewScape (SnapStream Media, Inc.)
C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:TV Setup Wizard (SnapStream Media, Inc.)
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Vuze Inc.)
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition (SUPERAntiSpyware.com)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware (Malwarebytes Corporation)
C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start ()
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0570669C-39D2-4074-863C-0925BF6E4A9B}" = HP f2105 Wide LCD Driver Software
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B45DFED-2510-4053-ADEB-1DE66890EF98}" = FX Teleport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37A89DF0-5DD6-48BB-BC34-0CEB2A9E6F63}" = LS_HSI
"{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}" = Beyond TV DVD Burning Foundation
"{422182E5-97A6-4E54-B5C2-07A349A411AC}" = Brother HL-2170W
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{647CC6E9-7F59-4CFB-8E23-F8FD7908FC30}" = BitDefender Definitions Update
"{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel® Network Connections 13.5.32.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7AED24-E1A6-41E5-A2E8-18ED56144208}" = String Machine
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E80619-A6CC-438C-92B3-708FFC004AFE}" = BitDefender Internet Security 2009
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}" = Visual Studio 2005 Redist Package
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.57
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Beyond TV" = SnapStream Beyond TV 4.8.1
"BFD" = BFD
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DIGI96" = RME DIGI32, DIGI96 and Hammerfall Series
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Firefly" = Snapstream Firefly 1.2.1.916
"Firefly Mini" = SnapStream Firefly Mini 1.0.2
"Groove Monkee Blues" = Groove Monkee Blues
"Groove Monkee Country" = Groove Monkee Country
"Groove Monkee Electronic" = Groove Monkee Electronic
"Groove Monkee Funk HH RB" = Groove Monkee Funk HH RB
"Groove Monkee Jazz" = Groove Monkee Jazz
"Groove Monkee Metal" = Groove Monkee Metal
"Groove Monkee Rock" = Groove Monkee Rock
"Groove Monkee World Beats" = Groove Monkee World Beats
"HDSP" = Steinberg ST24/96 and Nuendo 96/52
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InterActual Player" = InterActual Player
"JellyFish Light 3.5" = JellyFish Light 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDIsport2x2" = Midisport 2x2 1.0.1.0
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NI Service Center" = NI Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"Steinberg Nuendo 3" = Steinberg Nuendo 3
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Syncrosoft's License Control" = Syncrosoft's License Control
"The KMPlayer" = The KMPlayer (remove only)
"UnHackMe_is1" = UnHackMe 5.00 release
"VLC media player" = VLC media player 0.9.6
"VobSub" = VobSub v2.23 (Remove Only)
"Vuze" = Vuze
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zipeg" = Zipeg

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe ConnectNow" = Adobe ConnectNow

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2008 1:04:09 PM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.6.99, faulting module libvlccore.dll,
version 0.9.6.99, fault address 0x00073f37.

Error - 12/19/2008 11:10:18 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.6.99, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x0007678d.

Error - 12/19/2008 12:09:30 PM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.6.99, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x0007678d.

Error - 12/21/2008 2:15:48 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.6.99, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x0007678d.

Error - 12/24/2008 12:00:24 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application zplayer.exe, version 5.0.0.0, faulting module
libavcodec.dll, version 0.0.0.0, fault address 0x001a598e.

Error - 1/9/2009 4:07:19 AM | Computer Name = SONHOUSE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/9/2009 4:07:19 AM | Computer Name = SONHOUSE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/11/2009 3:54:57 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi25.tmp, version 1.1.0.0, fault address 0x00011328.

Error - 1/11/2009 3:55:09 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi34.tmp, version 1.1.0.0, fault address 0x00011328.

Error - 1/11/2009 3:55:11 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi35.tmp, version 1.1.0.0, fault address 0x00011328.

[ System Events ]
Error - 3/30/2009 1:12:36 AM | Computer Name = sonhouse | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 4/2/2009 12:55:45 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/2/2009 12:59:23 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/2/2009 1:02:49 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/12/2009 12:31:49 PM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/12/2009 12:40:18 PM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/12/2009 12:58:35 PM | Computer Name = sonhouse | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{E8FE347E-1C8A-49D6-955C-C45B56AF0BC8}. The
backup browser is stopping.

Error - 4/15/2009 9:58:52 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/16/2009 6:12:08 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/26/2009 4:51:17 PM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2


< End of report >


<--------- // Next begins the Rooter Log File 04/26/09 //--------->

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:95605 Mo/Free:3090 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:194474 Mo/Free:1192 Mo)
F:\ [Fixed] - NTFS - (Total:715402 Mo/Free:3785 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 04/26/2009|17:54

----------------------\\ Processes..

--Locked-- [System Process]
---------- ???"??
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- ???"?"???
--Locked-- ???"?"???
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\digi96.exe
---------- C:\WINDOWS\System32\igfxtray.exe
---------- C:\WINDOWS\System32\hkcmd.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
---------- C:\Program Files\Analog Devices\SoundMAX\smax4.exe
---------- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
---------- C:\Program Files\Microsoft IntelliType Pro\itype.exe
---------- C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
---------- C:\Program Files\SnapStream Media\Firefly\Firefly.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
--Locked-- ???"?"???
---------- C:\Program Files\Brownie\BrstsWnd.exe
--Locked-- ???"?"???
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\DAEMON Tools Lite\daemon.exe
---------- C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/26/2009|13:03
2 - "C:\Rooter$\Rooter_2.txt" - Sun 04/26/2009|14:03
3 - "C:\Rooter$\Rooter_3.txt" - Sun 04/26/2009|15:01
4 - "C:\Rooter$\Rooter_4.txt" - Sun 04/26/2009|17:55

----------------------\\ Scan completed at 17:55

[tniah]

Hi again,

I went ahead and did all of the sequence per your instructions page. If I
can get by without having to reformat all of my drives, I would be a very
happy guy. But I do know that trojans and viruses can move, so I may
be just wishing.

One other question, I know you say that a given computer should only
have one Virus Scanner on it at a time. What about MalWare or Spyware
Scanners? Can I have BitDefender (which I am using) and MalWareBytes
(which I am also using) installed at the same time.

Or do you mean just don't have them running at the same time. The
new BitDefender has anti-spyware built in, so what is the effect of that.
This would be a good article for someone, a little more depth about
what can run, and cannot run simultaneously. Thanks in advance
whatever the answers.

Here are my OTListIt2 and Rooter Logs from today.


<-- Here is the OTListIt2 Log -->

OTListIt logfile created on: 4/26/2009 2:21:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\BigDaddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.36 Gb Total Space | 63.01 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 189.92 Gb Total Space | 65.16 Gb Free Space | 34.31% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 47.75 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: sonhouse
Current User Name: BigDaddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\digi96.exe (RME)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe (Hewlett-Packard Company)
PRC - C:\Program Files\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Brownie\BrstsWnd.exe (brother)
PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Common Files\SnapStream\Common\X10nets.exe (X10)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe ()
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe (SnapStream Media)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe (SnapStream Media)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe (SnapStream Media)
PRC - C:\Documents and Settings\BigDaddy\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Arrakis3 [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LIVESRV [Auto | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (scan [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (VSSERV [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (x10nets [On_Demand | Running]) -- C:\Program Files\Common Files\SnapStream\Common\X10nets.exe (X10)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (ATIDACXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atidacxx.sys (ATI Technologies Inc.)
DRV - (ATIDDCXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atiddcxx.sys (ATI Technologies Inc.)
DRV - (ATIDTUXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atidtuxx.sys (ATI Technologies Inc.)
DRV - (ATIDVCXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atidvcxx.sys (ATI Technologies Inc.)
DRV - (ATIDXBXX [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\atidxbxx.sys (ATI Technologies Inc.)
DRV - (bdfm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Bdfndisf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys (BitDefender LLC)
DRV - (bdfsfltr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdftdif [System | Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (BDSelfPr [On_Demand | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
DRV - (BDVEDISK [Auto | Running]) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.)
DRV - (BVRPMPR5 [On_Demand | Stopped]) -- C:\windows\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (digi96 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\digi96.sys (RME)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (MidiSyn [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (Partizan [Boot | Stopped]) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Profos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (sf [System | Running]) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SynasUSB [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\SynasUSB.sys (SIA Syncrosoft)
DRV - (Trufos [On_Demand | Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (USB22LDR [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usb22ldr.sys (MIDIMAN)
DRV - (USBMN2X2 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbmn2x2.sys (Doug Fetter Software Wizardry)
DRV - (XUIF [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...FORM=SOLTDF&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.6
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.19.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
FF - prefs.js..keyword.URL: "http://search.live.c...FORM=SOLTDF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/20 08:30:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\ [2009/02/20 21:37:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/27 12:36:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 17:20:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 17:20:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/02/20 21:38:11 | 00,000,000 | ---D | M]

[2008/09/09 00:38:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Extensions
[2008/09/09 00:38:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/26 14:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Firefox\Profiles\i9417xms.default\extensions
[2009/04/03 09:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Firefox\Profiles\i9417xms.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/03/04 21:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BigDaddy\Application Data\mozilla\Firefox\Profiles\i9417xms.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/06/19 20:40:26 | 00,002,921 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Application Data\Mozilla\FireFox\Profiles\i9417xms.default\searchplugins\daemon-search.xml
[2009/04/26 14:06:31 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Application Data\Mozilla\FireFox\Profiles\i9417xms.default\searchplugins\live-search.xml
[2009/04/24 16:23:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/04/08 23:23:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/23 17:20:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/27 12:37:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/14 22:41:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/23 17:20:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 17:20:41 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/01 08:30:05 | 00,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2008/09/09 00:38:41 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/09 00:38:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/09 00:38:41 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 20:44:21 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/09 00:38:41 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/09 00:38:41 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/09 00:38:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (302468 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 10427 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun (brother)
O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RMETray] digi96.exe (RME)
O4 - HKLM..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe (SnapStream Media, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1170029355062 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1170030100531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E8FE347E-1C8A-49D6-955C-C45B56AF0BC8}\\NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/26 13:19:13 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BigDaddy\Desktop\OTListIt2.exe
[2009/04/26 13:01:08 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\BigDaddy\Desktop\Rooter.exe
[2009/04/26 13:00:22 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/21 19:27:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BigDaddy\My Documents\Twitter Docs
[2009/04/15 04:31:03 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 04:31:02 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 04:31:02 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 04:31:02 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 04:31:01 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 04:31:01 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 04:31:01 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 04:31:00 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 04:30:59 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 04:30:10 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 04:30:09 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 04:30:09 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 22:42:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/12 07:58:21 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/30 20:36:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/03/30 20:36:14 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\BigDaddy\Desktop\DVD Shrink 3.2.lnk
[2009/03/30 20:36:12 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/03/07 11:27:51 | 00,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/03/07 11:27:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/03/07 11:26:46 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/03/07 11:26:45 | 00,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2009/03/07 11:22:41 | 00,000,291 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/02/23 13:00:29 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/02/08 14:10:59 | 00,000,461 | ---- | C] () -- C:\WINDOWS\Jelly.ini
[2008/10/09 16:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/01 18:03:52 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/23 09:50:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 09:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 09:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 09:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/19 20:30:06 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/05/12 22:42:27 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/05/04 00:08:14 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/26 21:41:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/04/19 22:51:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/19 22:51:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/19 22:51:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/19 22:51:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/19 22:51:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/19 22:51:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2005/11/24 09:42:51 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/24 09:15:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2005/11/23 23:16:14 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/11/21 09:18:36 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2005/05/08 09:56:00 | 00,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2002/08/29 05:00:00 | 00,000,664 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/26 14:19:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BigDaddy\Desktop\OTListIt2.exe
[2009/04/26 13:52:35 | 00,000,291 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2009/04/26 13:51:53 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 13:51:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/26 13:50:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/26 13:49:15 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/26 12:55:49 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Desktop\Rooter.exe
[2009/04/26 01:24:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/23 09:51:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/21 19:27:22 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Desktop\Notepad.lnk
[2009/04/21 15:47:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/04/16 08:53:57 | 00,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 08:53:57 | 00,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 08:53:57 | 00,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 03:10:50 | 00,000,340 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/12 07:58:21 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/04/06 07:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/01 08:29:44 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2009/03/30 20:36:14 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\BigDaddy\Desktop\DVD Shrink 3.2.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 1238 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:yoA9MubIGHKEzbUl
@Alternate Data Stream - 1121 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:K9ty5unsT444tnWigkMVu8vJ
@Alternate Data Stream - 1112 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:D0JejUiHUPX6bYcaXEcZv
< End of report >


<-- Here is the OTListIt2 Extra Log -->

OTListIt Extras logfile created on: 4/26/2009 2:21:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\BigDaddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.36 Gb Total Space | 63.01 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 189.92 Gb Total Space | 65.16 Gb Free Space | 34.31% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 47.75 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: sonhouse
Current User Name: BigDaddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:TV Registration Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:TV Library Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:TV Network Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:*:Enabled:TV Notifier Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:TV Recording Engine (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:TV Guide Data Loader (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:TV Settings Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:TV Task Manager Service (SnapStream Media)
C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:TV ViewScape (SnapStream Media, Inc.)
C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:TV Setup Wizard (SnapStream Media, Inc.)
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Vuze Inc.)
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition (SUPERAntiSpyware.com)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware (Malwarebytes Corporation)
C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start ()
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0570669C-39D2-4074-863C-0925BF6E4A9B}" = HP f2105 Wide LCD Driver Software
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B45DFED-2510-4053-ADEB-1DE66890EF98}" = FX Teleport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37A89DF0-5DD6-48BB-BC34-0CEB2A9E6F63}" = LS_HSI
"{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}" = Beyond TV DVD Burning Foundation
"{422182E5-97A6-4E54-B5C2-07A349A411AC}" = Brother HL-2170W
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{647CC6E9-7F59-4CFB-8E23-F8FD7908FC30}" = BitDefender Definitions Update
"{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel® Network Connections 13.5.32.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7AED24-E1A6-41E5-A2E8-18ED56144208}" = String Machine
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E80619-A6CC-438C-92B3-708FFC004AFE}" = BitDefender Internet Security 2009
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}" = Visual Studio 2005 Redist Package
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.57
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Beyond TV" = SnapStream Beyond TV 4.8.1
"BFD" = BFD
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DIGI96" = RME DIGI32, DIGI96 and Hammerfall Series
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Firefly" = Snapstream Firefly 1.2.1.916
"Firefly Mini" = SnapStream Firefly Mini 1.0.2
"Groove Monkee Blues" = Groove Monkee Blues
"Groove Monkee Country" = Groove Monkee Country
"Groove Monkee Electronic" = Groove Monkee Electronic
"Groove Monkee Funk HH RB" = Groove Monkee Funk HH RB
"Groove Monkee Jazz" = Groove Monkee Jazz
"Groove Monkee Metal" = Groove Monkee Metal
"Groove Monkee Rock" = Groove Monkee Rock
"Groove Monkee World Beats" = Groove Monkee World Beats
"HDSP" = Steinberg ST24/96 and Nuendo 96/52
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InterActual Player" = InterActual Player
"JellyFish Light 3.5" = JellyFish Light 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDIsport2x2" = Midisport 2x2 1.0.1.0
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NI Service Center" = NI Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"Steinberg Nuendo 3" = Steinberg Nuendo 3
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Syncrosoft's License Control" = Syncrosoft's License Control
"The KMPlayer" = The KMPlayer (remove only)
"UnHackMe_is1" = UnHackMe 5.00 release
"VLC media player" = VLC media player 0.9.6
"VobSub" = VobSub v2.23 (Remove Only)
"Vuze" = Vuze
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zipeg" = Zipeg

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe ConnectNow" = Adobe ConnectNow

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2008 1:04:09 PM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.6.99, faulting module libvlccore.dll,
version 0.9.6.99, fault address 0x00073f37.

Error - 12/19/2008 11:10:18 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.6.99, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x0007678d.

Error - 12/19/2008 12:09:30 PM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.6.99, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x0007678d.

Error - 12/21/2008 2:15:48 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.6.99, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x0007678d.

Error - 12/24/2008 12:00:24 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application zplayer.exe, version 5.0.0.0, faulting module
libavcodec.dll, version 0.0.0.0, fault address 0x001a598e.

Error - 1/9/2009 4:07:19 AM | Computer Name = SONHOUSE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/9/2009 4:07:19 AM | Computer Name = SONHOUSE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/11/2009 3:54:57 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi25.tmp, version 1.1.0.0, fault address 0x00011328.

Error - 1/11/2009 3:55:09 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi34.tmp, version 1.1.0.0, fault address 0x00011328.

Error - 1/11/2009 3:55:11 AM | Computer Name = SONHOUSE | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module msi35.tmp, version 1.1.0.0, fault address 0x00011328.

[ System Events ]
Error - 3/30/2009 1:12:36 AM | Computer Name = sonhouse | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 4/2/2009 12:55:45 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/2/2009 12:59:23 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/2/2009 1:02:49 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/12/2009 12:31:49 PM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/12/2009 12:40:18 PM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/12/2009 12:58:35 PM | Computer Name = sonhouse | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{E8FE347E-1C8A-49D6-955C-C45B56AF0BC8}. The
backup browser is stopping.

Error - 4/15/2009 9:58:52 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/16/2009 6:12:08 AM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/26/2009 4:51:17 PM | Computer Name = sonhouse | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2


< End of report >


<--------- // Next begins the Rooter Log File 04/26/09 //--------->

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:95605 Mo/Free:3090 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:194474 Mo/Free:1192 Mo)
F:\ [Fixed] - NTFS - (Total:715402 Mo/Free:3785 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 04/26/2009|17:54

----------------------\\ Processes..

--Locked-- [System Process]
---------- ???"??
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- ???"?"???
--Locked-- ???"?"???
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\digi96.exe
---------- C:\WINDOWS\System32\igfxtray.exe
---------- C:\WINDOWS\System32\hkcmd.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
---------- C:\Program Files\Analog Devices\SoundMAX\smax4.exe
---------- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
---------- C:\Program Files\Microsoft IntelliType Pro\itype.exe
---------- C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
---------- C:\Program Files\SnapStream Media\Firefly\Firefly.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
--Locked-- ???"?"???
---------- C:\Program Files\Brownie\BrstsWnd.exe
--Locked-- ???"?"???
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\DAEMON Tools Lite\daemon.exe
---------- C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/26/2009|13:03
2 - "C:\Rooter$\Rooter_2.txt" - Sun 04/26/2009|14:03
3 - "C:\Rooter$\Rooter_3.txt" - Sun 04/26/2009|15:01
4 - "C:\Rooter$\Rooter_4.txt" - Sun 04/26/2009|17:55

----------------------\\ Scan completed at 17:55