After that I noticed that if I ran a google search my results would be listed correctly but when I clicked on a result to open it I would be redirected to a commercial sales site. Also
1. I try to run Spybot SD and something will not let me update the definitions, but it will run. (Spybot SD also found a Vundo virus)
2. I keep getting this message in Spybot “Microsoft.WindowsSecurityCenter_disabled” and sure enough something is turning off my Microsoft security center. I can’t restart it by turning on the service, the only way I can is to re-boot.
3. Now my screen is starting to flicker
4. My “Robo Form” program was shut down
5. I also have some type of scheduling reminder that I never scheduled and it pops up once an hour. I can’t minimize it and can only get rid of it by using the Windows Task Manager
I ran a full scan of ESET Smart Security, Spybot SD and Malwarebytes anti-malware, Spybot got the Vundo and Malwarebytes got the Trojan. But I still get the same problems about every 12-18 hours. I figure I still have some type of problem any ideas?
I was looking through my ESET log files and found this entry;
5/25/2009 Startup scanner operating memory Win32/Rootkit.Agent.ODG trojan unable to clean
That was the last time it appeared. I think Malwarebytes cleaned it because it has not been detected since then. After running all of the scans I am not seeing the problem in the reports anymore.
Thanks a Hunter
Logs follow
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3
5/27/2009 7:41:24 AM
mbam-log-2009-05-27 (07-41-24).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 181960
Time elapsed: 2 hour(s), 48 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:33281 Mo/Free:2789 Mo)
D:\ [Fixed] - NTFS - (Total:43063 Mo/Free:1076 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Wed 05/27/2009|14:21
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
---------- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
---------- C:\Program Files\Softex\OmniPass\Omniserv.exe
---------- C:\Program Files\Softex\OmniPass\OPXPApp.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\USB Storage RW\udsi.exe
---------- C:\Program Files\ESET\ESET Smart Security\egui.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
---------- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
---------- C:\Program Files\AWS\WeatherBug\Weather.exe
---------- C:\Program Files\Federico Bastianello\PowerResizer\PowerResizer.exe
---------- C:\WINDOWS\system32\DllHost.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
1 - "C:\Rooter$\Rooter_1.txt" - Wed 05/27/2009| 3:44
2 - "C:\Rooter$\Rooter_2.txt" - Wed 05/27/2009| 4:48
3 - "C:\Rooter$\Rooter_3.txt" - Wed 05/27/2009|14:23
----------------------\\ Scan completed at 14:23
OTListIt logfile created on: 5/27/2009 2:44:00 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.98 Mb Total Physical Memory | 119.86 Mb Available Physical Memory | 23.83% Memory free
1.20 Gb Paging File | 0.75 Gb Available in Paging File | 62.22% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.50 Gb Total Space | 14.72 Gb Free Space | 45.29% Space Free | Partition Type: NTFS
Drive D: | 42.05 Gb Total Space | 17.05 Gb Free Space | 40.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-SZ6X6SEFXO
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Softex\OmniPass\Omniserv.exe ()
PRC - C:\Program Files\Softex\OmniPass\OPXPApp.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\USB Storage RW\udsi.exe (KYE Systems Corp.)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Federico Bastianello\PowerResizer\PowerResizer.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9c886ce8a7c88 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MBAMService [Auto | Running]) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (omniserv [Auto | Running]) -- C:\Program Files\Softex\OmniPass\Omniserv.exe ()
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfw [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\epfw.sys (ESET)
DRV - (Epfwndis [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Epfwndis.sys (ESET)
DRV - (epfwtdi [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdi.sys (ESET)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (is-60SR6drv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\51745942.sys (Kaspersky Lab)
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MBAMProtector [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (S3Psddr [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (SBKUPNT [Auto | Running]) -- C:\WINDOWS\system32\Drivers\SBKUPNT.SYS ()
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.google.c...hp?hl=en&tab=wn [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "btjunkie"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.google.c...rlz=1R0GGGL_en"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.93
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.7
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1
FF - prefs.js..extensions.enabledItems: {0b551222-549a-40bc-92cb-49499fb06544}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.1.19
FF - prefs.js..extensions.enabledItems: {5fb1186a-3398-4c47-b579-0f2eee222ad1}:0.8.3.19
FF - prefs.js..extensions.enabledItems: {65fe69f6-b9d0-4efa-bb93-064f9b126430}:0.26
FF - prefs.js..extensions.enabledItems: {768D595F-8FCE-4F70-9695-D80C85A7F6E4}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/29 02:42:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/29 14:56:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 17:55:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 14:56:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2009/04/27 02:58:43 | 00,000,000 | ---D | M]
[2009/04/26 17:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/04/26 17:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/26 18:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions
[2009/05/25 14:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{0b551222-549a-40bc-92cb-49499fb06544}
[2009/05/06 06:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/04/26 19:27:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/20 13:51:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
[2009/05/22 12:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{65fe69f6-b9d0-4efa-bb93-064f9b126430}
[2009/05/20 13:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/20 00:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2009/04/26 19:27:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/14 07:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/26 19:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/05/14 07:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/05/21 23:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\[email protected]
[2009/05/20 13:51:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\[email protected]
[2009/05/22 14:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ibu3r2u7.default\extensions\[email protected]
[2009/04/29 10:12:56 | 00,006,280 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ibu3r2u7.default\searchplugins\btjunkie.xml
[2009/04/29 10:14:04 | 00,002,285 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ibu3r2u7.default\searchplugins\demonoid-search.xml
[2009/05/20 16:11:27 | 00,001,921 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ibu3r2u7.default\searchplugins\isohunt---bt-search.xml
[2009/05/24 13:42:37 | 00,002,150 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ibu3r2u7.default\searchplugins\rapidsharesearch.xml
[2009/04/29 10:26:01 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ibu3r2u7.default\searchplugins\thepiratebayorg.xml
[2009/05/20 16:11:27 | 00,006,160 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ibu3r2u7.default\searchplugins\warez-bborg---apps.xml
[2009/05/20 16:11:26 | 00,005,629 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ibu3r2u7.default\searchplugins\warez-bborg.xml
[2009/05/26 18:26:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/24 23:57:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{768D595F-8FCE-4F70-9695-D80C85A7F6E4}
[2009/04/27 19:00:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/29 00:31:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
[2009/04/29 14:56:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/27 18:59:51 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 18:59:51 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/09 01:51:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/09 01:51:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/09 01:51:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/09 01:51:14 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/09 01:51:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/09 01:51:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/09 01:51:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (306455 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10550 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe (KYE Systems Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe" (Mischel Internet Security)
O4 - HKCU..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKCU..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m (IObit)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\is-60SR6.lnk = C:\Documents and Settings\Owner\Desktop\Virus Removal Tool\is-60SR6\startup.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerResizer.lnk = C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{FE201924-32EB-4059-BCF0-1CC788A465F4}\_2A8C6EF662B6046DB06458.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\opxpgina.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/10 05:49:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9abb4824-32b7-11de-a407-00402b63765f}\Shell\AutoRun\command - "" = G:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{9abb4824-32b7-11de-a407-00402b63765f}\Shell\RoboForm2Go\command - "" = G:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{ed015872-32a9-11de-a406-00402b63765f}\Shell\AutoRun\command - "" = F:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{ed015872-32a9-11de-a406-00402b63765f}\Shell\RoboForm2Go\command - "" = F:\PortableRoboForm.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/27 14:34:43 | 00,000,000 | ---D | M]
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[2009/05/27 14:24:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$n some one help m1.docx
[2009/05/27 14:18:15 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/05/27 14:16:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/05/27 04:41:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/27 04:41:17 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/05/27 04:41:17 | 00,000,597 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/05/27 04:41:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/27 04:29:29 | 00,013,001 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Can some one help m1.docx
[2009/05/27 04:23:22 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/27 04:21:09 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/05/27 03:42:29 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/27 03:27:00 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/05/27 01:56:42 | 00,002,045 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FFB - Facebook Friend Bomber.lnk
[2009/05/27 01:49:18 | 00,002,747 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Myspace Private Profile Viewer.lnk
[2009/05/27 01:49:18 | 00,000,000 | ---D | C] -- C:\Program Files\Myspace Private Profile Viewer
[2009/05/27 01:47:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Facebook_Friend_Bomber
[2009/05/27 01:11:06 | 00,115,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Can some one help me.docx
[2009/05/27 00:39:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/05/26 23:29:27 | 02,110,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PrivateProfileViewer_Install.msi
[2009/05/26 22:29:27 | 00,037,294 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Thumb drive purchase June.docx
[2009/05/26 20:33:50 | 00,001,859 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\is-60SR6.lnk
[2009/05/26 20:31:47 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\51745942.sys
[2009/05/26 20:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Virus Removal Tool
[2009/05/26 19:45:16 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/26 19:43:02 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2009/05/26 19:25:10 | 00,000,000 | ---D | C] -- C:\Program Files\MeadCo Neptune
[2009/05/26 18:01:03 | 00,111,888 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Can some one help me.docx
[2009/05/26 17:31:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/05/25 23:21:30 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\AWC Update.job
[2009/05/25 23:20:47 | 00,000,382 | ---- | C] () -- C:\WINDOWS\tasks\AWC AutoCare.job
[2009/05/25 21:11:58 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$rdlist.docx
[2009/05/25 21:11:52 | 00,013,707 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\wordlist.docx
[2009/05/25 19:31:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RapidShare_Plus_4.0
[2009/05/25 19:28:48 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\uploaded Tool 2009.lnk
[2009/05/25 17:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TrojanHunter
[2009/05/25 15:45:01 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TrojanHunter.lnk
[2009/05/25 15:43:29 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/05/25 15:43:20 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.1
[2009/05/25 13:06:44 | 12,584,936 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/25 13:06:44 | 10,751,36544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/25 12:07:14 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/25 03:28:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/05/25 03:28:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/05/25 03:28:35 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/05/25 03:24:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
[2009/05/24 23:02:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/05/24 22:48:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/05/24 22:30:26 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/05/24 22:30:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/24 18:04:58 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/05/24 18:03:27 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009/05/24 15:27:50 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/05/24 01:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Megaupload
[2009/05/23 22:55:52 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/05/23 18:25:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2009/05/23 18:25:16 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/23 18:24:46 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/05/23 18:24:45 | 00,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/05/23 18:24:44 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/05/23 18:24:42 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/05/23 18:24:36 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/23 18:24:36 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/23 18:24:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/23 18:24:34 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/05/23 18:24:12 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/05/23 18:24:05 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/23 18:24:04 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/23 18:23:57 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/05/23 18:16:21 | 00,000,000 | ---D | C] -- C:\Program Files\Amadis Software
[2009/05/23 17:39:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/05/23 17:10:35 | 00,000,975 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FLV to AVI MPEG WMV 3GP MP4 iPod Converter.lnk
[2009/05/23 17:10:10 | 00,000,000 | ---D | C] -- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
[2009/05/23 12:49:08 | 00,000,000 | ---D | C] -- C:\Program Files\Image Grabber II
[2009/05/23 05:15:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\The KMPlayer
[2009/05/23 05:14:24 | 00,002,767 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CheshireCat's One Click File Joiner.lnk
[2009/05/23 05:12:41 | 00,002,161 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CheshireCat's One Click Thumbnailer.lnk
[2009/05/23 05:12:38 | 00,000,000 | ---D | C] -- C:\Program Files\CheshireCat
[2009/05/23 03:29:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/05/23 03:14:27 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KMPlayer.lnk
[2009/05/23 03:13:52 | 00,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2009/05/23 03:12:36 | 00,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2009/05/23 03:12:36 | 00,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2009/05/23 03:12:36 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2009/05/23 03:12:36 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2009/05/23 03:12:36 | 00,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2009/05/23 03:12:36 | 00,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2009/05/23 03:12:36 | 00,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2009/05/23 03:12:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GHISLER
[2009/05/22 21:06:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2009/05/22 20:03:47 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/05/22 20:03:09 | 00,000,000 | ---D | C] -- C:\Program Files\HiDownload
[2009/05/22 18:52:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\UseNeXT
[2009/05/22 16:32:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MrNuttz AmazingAmazon II.wmv
[2009/05/22 13:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\RS Generator
[2009/05/22 13:18:19 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2009/05/22 13:18:16 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2009/05/22 12:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\LEAPS
[2009/05/22 12:42:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TMPGEnc
[2009/05/22 12:40:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Pegasys Inc
[2009/05/22 12:34:04 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TMPGEnc 4.0 XPress.lnk
[2009/05/22 12:33:07 | 00,000,000 | ---D | C] -- C:\Program Files\Pegasys Inc
[2009/05/22 12:19:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/05/20 17:21:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/20 16:14:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help
[2009/05/20 15:49:50 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CompuApps SwissKnife V3.lnk
[2009/05/20 15:49:46 | 00,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2009/05/20 15:49:46 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2009/05/20 15:49:45 | 00,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2009/05/20 15:49:45 | 00,000,344 | ---- | C] () -- C:\WINDOWS\DYNASN.INF
[2009/05/20 15:49:45 | 00,000,000 | ---D | C] -- C:\SWISNIFE
[2009/05/20 15:49:43 | 00,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2009/05/20 15:49:30 | 00,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/05/20 15:48:49 | 00,000,293 | ---- | C] () -- C:\WINDOWS\DRVSMLNK.INI
[2009/05/20 15:14:27 | 00,002,515 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rapidshare Auto Downloader.lnk
[2009/05/20 00:03:04 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/19 23:09:35 | 00,000,000 | ---D | C] -- C:\Program Files\Maxtor
[2009/05/19 13:31:09 | 00,648,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PORTABLE PASSWORDS.docx
[2009/05/19 02:18:49 | 00,000,000 | ---D | C] -- C:\Program Files\vSoft
[2009/05/18 20:10:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/14 15:57:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/04/30 19:27:06 | 00,011,522 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\I agree with you andrew.docx
[2009/04/30 09:12:36 | 00,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2009/04/30 07:43:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TeraCopy
[2009/04/30 05:03:17 | 00,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2009/04/30 05:02:32 | 00,000,000 | ---D | C] -- C:\Program Files\FolderSize
[2009/04/30 04:13:33 | 00,000,000 | ---D | C] -- C:\totalcmd
[2009/04/30 04:06:23 | 00,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2009/04/30 03:04:45 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/04/29 21:45:18 | 00,002,559 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerResizer.lnk
[2009/04/29 21:45:08 | 00,000,000 | ---D | C] -- C:\Program Files\Federico Bastianello
[2009/04/29 21:32:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ArcGIS Explorer Documents
[2009/04/29 21:28:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ESRI
[2009/04/29 16:53:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TurboTax
[2009/04/29 15:58:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Intuit
[2009/04/29 15:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2009/04/29 15:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/29 15:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2009/04/29 15:35:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Apps
[2009/04/29 14:54:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/04/29 10:50:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Hyperz
[2009/04/29 05:03:48 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/29 02:56:52 | 00,000,000 | ---D | C] -- C:\Program Files\ArcGIS Explorer
[2009/04/29 02:36:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/29 02:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/29 02:31:03 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/29 02:31:03 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/29 02:31:03 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/29 02:31:02 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/29 02:31:02 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/29 02:31:02 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/29 02:31:02 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/29 01:04:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/04/29 00:56:08 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/29 00:52:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/04/29 00:52:36 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/29 00:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/04/29 00:34:36 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/04/29 00:28:41 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/04/29 00:28:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/04/28 23:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/04/28 23:11:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/04/28 23:04:27 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/04/28 23:04:26 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/04/28 23:04:26 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/04/28 18:43:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Q-Dir
[2009/04/28 18:42:52 | 00,004,533 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini
[2009/04/28 18:42:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Favorites_Q_Dir
[2009/04/28 18:42:51 | 00,000,000 | ---D | C] -- C:\Program Files\Q-Dir
[2009/04/28 15:56:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/04/28 03:58:00 | 00,628,224 | ---- | C] (Uderzo Software e Consulenza Informatica) -- C:\Documents and Settings\Owner\Desktop\SpaceSniffer.exe
[2009/04/28 03:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/28 02:58:25 | 00,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Owner.job
[2009/04/28 02:58:02 | 00,000,478 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Owner.job
[2009/04/28 02:53:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/28 02:53:15 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/28 02:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/28 02:10:23 | 00,000,296 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/28 00:25:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/27 22:46:40 | 00,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2009/04/27 22:46:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2009/04/27 22:45:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/27 22:45:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/27 19:45:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2009/04/27 18:28:46 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/27 18:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2009/04/27 18:10:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BSplayer
[2003/04/10 07:10:20 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 07:08:02 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 07:08:01 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 07:07:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 07:00:09 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/10 06:59:52 | 00,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 06:53:45 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 06:36:30 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/10 06:16:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 06:06:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 06:06:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 06:05:46 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 05:53:32 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 05:37:43 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 05:37:23 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/04/10 05:37:19 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/10 03:08:18 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 03:08:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
========== Files - Modified Within 30 Days ==========
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[2009/05/27 14:54:41 | 10,751,40640 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/27 14:54:30 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/27 14:34:43 | 00,013,001 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Can some one help m1.docx
[2009/05/27 14:24:27 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$n some one help m1.docx
[2009/05/27 13:56:30 | 00,002,559 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerResizer.lnk
[2009/05/27 13:55:22 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/27 13:54:46 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/27 13:54:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/27 13:53:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/27 13:53:42 | 52,748,2880 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/27 13:53:12 | 12,584,936 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/27 07:08:10 | 00,115,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Can some one help me.docx
[2009/05/27 04:41:17 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/05/27 04:41:17 | 00,000,597 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/05/27 04:28:48 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Owner.job
[2009/05/27 04:28:46 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Owner.job
[2009/05/27 04:21:08 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/05/27 02:46:31 | 00,002,747 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Myspace Private Profile Viewer.lnk
[2009/05/27 02:10:27 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rapidshare Auto Downloader.lnk
[2009/05/27 01:57:05 | 00,002,045 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FFB - Facebook Friend Bomber.lnk
[2009/05/26 22:29:29 | 00,037,294 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumb drive purchase June.docx
[2009/05/26 20:33:50 | 00,001,859 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\is-60SR6.lnk
[2009/05/26 18:24:43 | 00,111,888 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Can some one help me.docx
[2009/05/26 18:02:45 | 00,000,296 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/26 17:04:10 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoCare.job
[2009/05/26 17:02:11 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/26 03:14:29 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KMPlayer.lnk
[2009/05/26 00:22:46 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2009/05/26 00:22:39 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2009/05/25 22:47:50 | 00,013,707 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\wordlist.docx
[2009/05/25 21:11:58 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$rdlist.docx
[2009/05/25 19:38:52 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\uploaded Tool 2009.lnk
[2009/05/25 15:45:10 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/05/25 15:45:01 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TrojanHunter.lnk
[2009/05/25 09:33:45 | 00,306,455 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/25 05:33:51 | 00,000,183 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/05/24 18:04:58 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/05/24 15:27:50 | 00,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2009/05/24 12:36:05 | 00,001,585 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defraggler.lnk
[2009/05/23 22:55:52 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2009/05/23 18:26:57 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/23 17:10:35 | 00,000,975 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FLV to AVI MPEG WMV 3GP MP4 iPod Converter.lnk
[2009/05/23 12:21:36 | 00,002,767 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CheshireCat's One Click File Joiner.lnk
[2009/05/23 07:21:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MrNuttz AmazingAmazon II.wmv
[2009/05/23 05:12:41 | 00,002,161 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CheshireCat's One Click Thumbnailer.lnk
[2009/05/22 12:34:04 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TMPGEnc 4.0 XPress.lnk
[2009/05/21 23:51:33 | 00,004,533 | ---- | M] () -- C:\WINDOWS\Q-Dir.ini
[2009/05/21 05:27:39 | 02,110,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PrivateProfileViewer_Install.msi
[2009/05/20 15:49:50 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CompuApps SwissKnife V3.lnk
[2009/05/20 15:49:45 | 00,000,543 | ---- | M] () -- C:\WINDOWS\SWISV3.INI
[2009/05/20 15:49:45 | 00,000,287 | ---- | M] () -- C:\WINDOWS\SKNIFE.INI
[2009/05/20 00:25:13 | 00,001,553 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/05/20 00:13:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/19 13:31:10 | 00,648,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PORTABLE PASSWORDS.docx
[2009/05/15 11:51:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/14 07:50:00 | 00,000,545 | ---- | M] () -- C:\WINDOWS\UC.PIF
[2009/05/14 07:50:00 | 00,000,545 | ---- | M] () -- C:\WINDOWS\RAR.PIF
[2009/05/14 07:50:00 | 00,000,545 | ---- | M] () -- C:\WINDOWS\PKZIP.PIF
[2009/05/14 07:50:00 | 00,000,545 | ---- | M] () -- C:\WINDOWS\PKUNZIP.PIF
[2009/05/14 07:50:00 | 00,000,545 | ---- | M] () -- C:\WINDOWS\NOCLOSE.PIF
[2009/05/14 07:50:00 | 00,000,545 | ---- | M] () -- C:\WINDOWS\LHA.PIF
[2009/05/14 07:50:00 | 00,000,545 | ---- | M] () -- C:\WINDOWS\ARJ.PIF
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/30 19:27:08 | 00,011,522 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\I agree with you andrew.docx
[2009/04/30 05:20:50 | 00,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/29 14:42:18 | 00,437,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/29 14:42:18 | 00,069,090 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/29 02:40:44 | 00,542,762 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/28 01:14:23 | 00,305,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090525-093345.backup
[2009/04/27 18:04:48 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini
< End of report >
OTListIt Extras logfile created on: 5/27/2009 2:44:00 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.98 Mb Total Physical Memory | 119.86 Mb Available Physical Memory | 23.83% Memory free
1.20 Gb Paging File | 0.75 Gb Available in Paging File | 62.22% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.50 Gb Total Space | 14.72 Gb Free Space | 45.29% Space Free | Partition Type: NTFS
Drive D: | 42.05 Gb Total Space | 17.05 Gb Free Space | 40.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-SZ6X6SEFXO
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"60984:UDP" = 60984:UDP:*:Enabled:vuze
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server (Intuit Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DCFC7D5-8608-478C-8082-1FF848B978AF}" = Uninstall USB Storage RW Ver. 2.00.11.b04
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{28F114B6-355F-440D-9593-F49E698E26A2}" = Rapidshare Auto Downloader 3.5
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C70FA36-A9BA-4B71-ABBE-BE526AA1C5D8}" = Myspace Private Profile Viewer
"{41536D42-C529-4D14-8EE7-57B92C1EF9D7}" = CheshireCat's One Click File Joiner
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer
"{7DE8D718-5B0B-4C10-9B0B-A327A650209D}" = CheshireCat's One Click Thumbnailer
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1A70631-29A5-4CEB-B93B-035C49652E6B}" = TMPGEnc 4.0 XPress
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E65F23A5-9B6F-4119-A4B3-C50F101E686D}" = FFB - Facebook Friend Bomber
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{FE201924-32EB-4059-BCF0-1CC788A465F4}" = PowerResizer
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner (remove only)
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Defraggler" = Defraggler (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"HiDownload_is1" = HiDownload
"HijackThis" = HijackThis 2.0.2
"hp deskjet 930c series" = hp deskjet 930c series (Remove only)
"ie8" = Windows Internet Explorer 8
"Instant Support" = Instant Support
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Notepad++" = Notepad++
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PowerISO" = PowerISO
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Q-Dir" = Q-Dir
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"ST6UNST #1" = RS Generator v3.1.3
"ST6UNST #2" = RS Generator v3.1.3 (C:\Program Files\RS Generator\)
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TrojanHunter_is1" = TrojanHunter 5.1
"TurboTax 2008" = TurboTax 2008
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"uploaded Tool 2009_is1" = uploaded Tool 2009 Version 1.0
"VLC media player" = VLC media player 0.9.9
"Vuze" = Vuze
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/23/2009 6:54:09 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Application Error | ID = 1000
Description = Faulting application videoconverter.exe, version 3.7.2.0, faulting
module swscale.dll, version 0.0.0.0, fault address 0x000102e8.
Error - 5/23/2009 6:56:21 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Application Error | ID = 1000
Description = Faulting application videoconverter.exe, version 3.7.2.0, faulting
module swscale.dll, version 0.0.0.0, fault address 0x000102e8.
Error - 5/23/2009 9:19:00 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 5/24/2009 9:10:48 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Application Error | ID = 1000
Description = Faulting application kmplayer.exe, version 2.9.4.1434, faulting module
diracsplitter.ax, version 1.2.925.0, fault address 0x00003713.
Error - 5/24/2009 2:34:35 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Application Error | ID = 1000
Description = Faulting application kmplayer.exe, version 2.9.4.1434, faulting module
diracsplitter.ax, version 1.2.925.0, fault address 0x00003713.
Error - 5/24/2009 2:49:04 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Application Error | ID = 1000
Description = Faulting application kmplayer.exe, version 2.9.4.1434, faulting module
diracsplitter.ax, version 1.2.925.0, fault address 0x00003713.
Error - 5/24/2009 4:02:19 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = ESENT | ID = 455
Description = wuaueng.dll (2980) SUS20ClientDataStore: Error -1811 (0xfffff8ed)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 5/24/2009 10:38:07 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 5/25/2009 12:09:06 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 5/25/2009 12:35:53 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.9.0, faulting module libglwin32_plugin.dll,
version 0.0.0.0, fault address 0x000028cc.
[ System Events ]
Error - 5/27/2009 1:47:23 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 1:47:23 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 1:47:23 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 1:47:23 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 1:47:23 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 1:47:23 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 1:47:23 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 1:47:23 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 1:47:24 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 5/27/2009 2:03:06 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Print | ID = 54
Description = Document 8GB Flash Memory, 8GB USB F... was corrupted and has been
deleted. The associated driver is: hp deskjet 930c series.
< End of report >
Sign In
Create Account
