Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Crypter.exe tried to install when i double clicked on something. could

Started by fix23 , Sep 02 2009 11:54 AM

  • Please log in to reply

#1
fix23
Posted 02 September 2009 - 11:54 AM

fix23

    Member

  • Member
  • PipPip
  • 74 posts
Hey guys, i just tried getting a program, and when i opened it, to try and install it, also crypter.exe (i know a crypter is for anti virus's to not pick up virus's but my AVG did) opened and then it wouldnt respond. my AVG picked it up, but i dont know if it got it all. i did a system restore from last week, but would still like you guys to take a look at my log. if theres ANYTHING that is concerning, please tell me as im very concerned. thanks. p.s. I included my ots, hjt and rootrepeat log


note: not all the files are mine.

Posted Image


OTS LOG

OTS logfile created on: 9/1/2009 4:18:11 PM - Run 2
OTS by OldTimer - Version 3.0.10.3 Folder = C:\Users\Chad23\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 57.81% Memory free
4.00 Gb Paging File | 3.14 Gb Available in Paging File | 78.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.42 Gb Total Space | 92.80 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
Drive D: | 9.46 Gb Total Space | 9.22 Gb Free Space | 97.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD23-PC
Current User Name: Chad23
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan

[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/07/03 10:49:06 | 00,520,024 | ---- | M] (Lavasoft)
apmsgfwd.exe -> C:\Program Files\Apoint2K\ApMsgFwd.exe -> [2007/01/29 00:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
apntex.exe -> C:\Program Files\Apoint2K\Apntex.exe -> [2006/09/07 20:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> C:\Program Files\Apoint2K\Apoint.exe -> [2007/07/08 13:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
cgvpncliservice.exe -> C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -> [2008/11/20 15:07:54 | 01,940,992 | ---- | M] (mobile concepts GmbH)
clcapsvc.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/05/18 23:22:58 | 00,266,339 | ---- | M] ()
conime.exe -> C:\Windows\System32\conime.exe -> [2008/01/19 03:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation)
egui.exe -> C:\Program Files\ESET\ESET Smart Security\egui.exe -> [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET)
ekrn.exe -> C:\Program Files\ESET\ESET Smart Security\ekrn.exe -> [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET)
explorer.exe -> C:\Windows\Explorer.EXE -> [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
hphc_service.exe -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/10/09 08:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard)
hpkbdapp.exe -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe -> [2007/06/12 23:14:22 | 00,554,552 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
hpqtoaster.exe -> C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe -> [2007/05/16 14:43:06 | 00,677,432 | R--- | M] ()
hpqwmiex.exe -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwamain.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2007/10/03 15:15:40 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwuschd2.exe -> C:\Program Files\HP\HP Software Update\hpwuschd2.exe -> [2008/12/08 15:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007/04/19 17:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
ots.exe -> C:\Users\Chad23\Documents\Downloads\OTS.exe -> [2009/09/01 05:19:14 | 00,514,048 | ---- | M] (OldTimer Tools)
pnkbstra.exe -> C:\Windows\System32\PnkBstrA.exe -> [2008/01/20 03:51:23 | 00,066,872 | ---- | M] ()
qlbctrl.exe -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> [2007/02/13 15:38:36 | 00,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
tuprogst.exe -> C:\Windows\System32\TUProgSt.exe -> [2009/07/25 19:19:15 | 00,604,488 | ---- | M] (TuneUp Software)
unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2008/01/19 03:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
wifimsg.exe -> C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE -> [2007/09/26 07:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.)
wmiprvse.exe -> C:\Windows\System32\wbem\wmiprvse.exe -> [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation)
xaudio.exe -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2007/07/10 06:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)

[Win32 Services - Safe List]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2008/01/19 15:56:28 | 00,072,704 | ---- | M] (Adobe Systems)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(CGVPNCliSrvc) CyberGhost VPN Client [Win32_Own | Auto | Running] -> C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -> [2008/11/20 15:07:54 | 01,940,992 | ---- | M] (mobile concepts GmbH)
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/05/18 23:22:58 | 00,266,339 | ---- | M] ()
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Stopped] -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/05/18 23:23:00 | 00,106,593 | ---- | M] ()
(Com4Qlb) Com4Qlb [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -> [2007/01/09 18:55:34 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(EhttpSrv) ESET HTTP Server [Win32_Own | On_Demand | Stopped] -> C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -> [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET)
(ekrn) ESET Service [Win32_Own | Auto | Running] -> C:\Program Files\ESET\ESET Smart Security\ekrn.exe -> [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET)
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2008/01/19 03:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/01/18 16:38:57 | 00,137,200 | ---- | M] (Google)
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/10/09 08:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard)
(hpqcxs08) hpqcxs08 [Win32_Shared | On_Demand | Running] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -> [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Win32_Shared | Auto | Running] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -> [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.)
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007/04/19 17:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company)
(Net Driver HPZ12) Net Driver HPZ12 [Win32_Own | Auto | Running] -> C:\Windows\System32\HPZinw12.dll -> [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation)
(NOD32FiXTemDono) Eset Nod32 Boot [Win32_Own | Auto | Stopped] -> C:\Windows\System32\regedt32.exe -> [2006/11/02 05:45:35 | 00,009,216 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> C:\Windows\System32\HPZipm12.dll -> [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> C:\Windows\System32\PnkBstrA.exe -> [2008/01/20 03:51:23 | 00,066,872 | ---- | M] ()
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2007/02/12 10:36:58 | 00,880,640 | ---- | M] (Sonic Solutions)
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Steam\SteamService.exe -> [2007/12/26 17:14:06 | 00,087,288 | ---- | M] (Valve Corporation)
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2007/02/17 08:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.)
(TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\System32\TuneUpDefragService.exe -> [2009/07/25 19:19:09 | 00,361,288 | ---- | M] (TuneUp Software)
(TuneUp.ProgramStatisticsSvc) TuneUp Program Statistics Service [Win32_Own | Auto | Running] -> C:\Windows\System32\TUProgSt.exe -> [2009/07/25 19:19:15 | 00,604,488 | ---- | M] (TuneUp Software)
(UxTuneUp) TuneUp Theme Extension [Win32_Shared | Auto | Running] -> C:\Windows\System32\uxtuneup.dll -> [2009/07/15 05:48:20 | 00,029,000 | ---- | M] (TuneUp Software)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation)
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2007/07/10 06:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{2bae58c2-79f9-45d1-a286-81f911301c3a}" [HKLM] -> C:\Program Files\P2P_Energy\tbP2P_.dll [P2P Energy Toolbar] -> [2008/04/03 10:40:42 | 01,523,736 | ---- | M] (Conduit Ltd.)
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> [2008/03/07 09:55:24 | 01,090,912 | ---- | M] (AOL LLC)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.h...a...n&pf=laptop ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"SEARCH PAGE" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo....e...-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://ie.redirect.h...a...n&pf=laptop ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\prefs.js ->
browser.search.defaultenginename -> "Yahoo! Search" ->
browser.search.defaulturl -> "http://search.live.c...?FORM=IEFM1&q=" ->
browser.search.selectedEngine -> "Yahoo! Search" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.ca/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 ->
extensions.enabledItems -> {987311C6-B504-4aa2-90BF-60CC49808D42}:2.1 ->
extensions.enabledItems -> {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85 ->
extensions.enabledItems -> {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623 ->
extensions.enabledItems -> {C6128004-4838-4708-9A97-BB172D17767D}:1.5 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2 ->
extensions.enabledItems -> {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:1.6 ->
extensions.enabledItems -> {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.15 ->
extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1 ->
extensions.enabledItems -> [email protected]:2.14 ->
extensions.enabledItems -> {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9 ->
extensions.enabledItems -> {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.1 ->
extensions.enabledItems -> [email protected]:0.3 ->
extensions.enabledItems -> [email protected]:1.2.2 ->
extensions.enabledItems -> [email protected]:1.3.3 ->
extensions.enabledItems -> {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.1 ->
extensions.enabledItems -> [email protected]:2.1.2 ->
extensions.enabledItems -> {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38 ->
extensions.enabledItems -> {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6 ->
extensions.enabledItems -> [email protected]:1.8.3 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414 ->
extensions.enabledItems -> [email protected]:1.0.4 ->
extensions.enabledItems -> [email protected]:1.2.5 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 ->
extensions.enabledItems -> {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.62 ->
keyword.URL -> "http://ca.yhs.search...2-tb-web_ca&p=" ->
< FireFox Settings [User.js] > -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115} -> C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX] -> [2007/12/30 01:07:46 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/06/24 20:21:53 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/08/08 17:40:35 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/08/08 17:40:34 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions -> ->
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2009/06/19 15:44:23 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions -> ->
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD ->
< FireFox Extensions [User Folders] > ->
-> C:\Users\Chad23\AppData\Roaming\mozilla\Extensions -> [2009/05/16 12:06:06 | 00,000,335 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/05/16 12:06:06 | 00,000,335 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Extensions\[email protected] -> [2009/05/16 12:06:06 | 00,000,335 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}-trash -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(42) -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{D48A12C2-E0F4-4640-8ADE-2DE4959E0F3D} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\Removed email adress -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/09/01 14:02:29 | 00,108,810 | ---- | M] ()
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/07/26 21:08:39 | 00,000,000 | ---D | M]
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected]\chrome -> [2009/07/26 21:08:39 | 00,000,000 | ---D | M]
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected]\defaults -> [2009/07/26 21:08:39 | 00,000,000 | ---D | M]
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected] -> [2009/07/26 21:08:39 | 00,000,000 | ---D | M]
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected]\chrome -> [2009/07/26 21:08:39 | 00,000,000 | ---D | M]
-> C:\Users\Chad23\AppData\Roaming\mozilla\Firefox\Profiles\bk9tp4bz.default\extensions\[email protected]\defaults -> [2009/07/26 21:08:39 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins\ -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins -> [2009/08/30 01:27:32 | 00,000,000 | ---D | M]
aim-search.xml -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins\aim-search.xml -> [2008/07/23 17:02:41 | 00,001,769 | ---- | M] ()
aolsearch.xml -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins\aolsearch.xml -> [2007/12/26 15:31:47 | 00,001,877 | ---- | M] ()
icqplugin-1.xml -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins\icqplugin-1.xml -> [2009/08/30 01:27:32 | 00,000,961 | ---- | M] ()
icqplugin-2.xml -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins\icqplugin-2.xml -> [2009/07/24 20:55:01 | 00,000,950 | ---- | M] ()
icqplugin.xml -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins\icqplugin.xml -> [2009/06/09 15:18:52 | 00,000,944 | ---- | M] ()
live-search.xml -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins\live-search.xml -> [2009/02/11 00:00:25 | 00,001,632 | ---- | M] ()
winamp-search.xml -> C:\Users\Chad23\AppData\Roaming\Mozilla\FireFox\Profiles\bk9tp4bz.default\searchplugins\winamp-search.xml -> [2009/08/15 05:03:07 | 00,001,201 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/08/08 17:40:35 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/08/08 17:40:34 | 00,000,000 | ---D | M]
np-mswmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npBitCometAgent.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npBitCometAgent.dll -> [2008/01/23 02:20:30 | 00,491,520 | ---- | M] (BitComet)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2008/12/14 16:42:42 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2007/12/18 21:58:04 | 01,335,600 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2007/12/18 21:58:04 | 00,001,607 | ---- | M] ()
npLegitCheckPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npLegitCheckPlugin.dll -> [2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/06/19 15:44:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/06/19 15:44:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/06/19 15:44:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/06/19 15:44:23 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/06/19 15:44:23 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/06/19 15:44:23 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/06/19 15:44:23 | 00,143,360 | ---- | M] (Apple Inc.)
npUpload.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npUpload.xpt -> [2007/11/29 18:27:54 | 00,000,535 | ---- | M] ()
npViewpoint.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 13:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 14:26:35 | 00,000,266 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/06/19 15:44:22 | 00,004,208 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 11:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 11:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/09/01 14:02:57 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/07/30 03:24:20 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/07/30 03:24:20 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/07/30 03:24:20 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/07/30 03:24:20 | 00,002,344 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/07/30 03:24:20 | 00,002,371 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/07/30 03:24:20 | 00,001,178 | ---- | M] ()
< HOSTS File > (736 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\Hosts ->
Reset Hosts
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
{053F9267-DC04-4294-A72C-58F732D338C0} [HKLM] -> C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> [2007/03/02 17:52:08 | 00,177,768 | R--- | M] (Hewlett-Packard Co.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/01/29 15:01:36 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} [HKLM] -> C:\Program Files\Winamp Toolbar\winamptb.dll [Winamp Toolbar Loader] -> [2009/05/06 10:22:22 | 01,262,888 | ---- | M] (AOL LLC.)
{2bae58c2-79f9-45d1-a286-81f911301c3a} [HKLM] -> C:\Program Files\P2P_Energy\tbP2P_.dll [P2P Energy Toolbar] -> [2008/04/03 10:40:42 | 01,523,736 | ---- | M] (Conduit Ltd.)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [BitComet Helper] -> [2009/01/16 05:02:24 | 00,656,696 | ---- | M] (BitComet)
{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value error.] -> [2007/12/30 01:07:29 | 05,690,184 | ---- | M] (Siber Systems)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java™ Plug-In SSV Helper] -> [2008/12/14 16:42:42 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> [2008/03/07 09:55:24 | 01,090,912 | ---- | M] (AOL LLC)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/01/18 16:35:39 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/01/18 16:38:58 | 00,657,904 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2009/01/18 16:35:38 | 00,522,224 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java™ Plug-In 2 SSV Helper] -> [2008/12/14 16:42:42 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{fbaa6932-b59b-4854-8041-27a233394ba3} [HKLM] -> C:\Program Files\Linksador\Lincmediaplayer\adxloader.dll [Lincmediaplayer] -> [2008/08/04 14:11:56 | 00,315,392 | ---- | M] (Add-in Express Ltd)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/01/18 16:35:39 | 00,251,504 | ---- | M] ()
"{2bae58c2-79f9-45d1-a286-81f911301c3a}" [HKLM] -> C:\Program Files\P2P_Energy\tbP2P_.dll [P2P Energy Toolbar] -> [2008/04/03 10:40:42 | 01,523,736 | ---- | M] (Conduit Ltd.)
"{724d43a0-0d85-11d4-9908-00400523e39a}" [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2007/12/30 01:07:29 | 05,690,184 | ---- | M] (Siber Systems)
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" [HKLM] -> C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [ICQToolBar] -> [2008/12/09 11:23:22 | 00,958,200 | ---- | M] (ICQ)
"{b6bb2c0a-8d74-4664-a1cd-103bd9a69de9}" [HKLM] -> C:\Program Files\Linksador\Lincmediaplayer\adxloader.dll [] -> [2008/08/04 14:11:56 | 00,315,392 | ---- | M] (Add-in Express Ltd)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> [2008/03/07 09:55:24 | 01,090,912 | ---- | M] (AOL LLC)
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" [HKLM] -> C:\Program Files\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> [2009/05/06 10:22:22 | 01,262,888 | ---- | M] (AOL LLC.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/01/18 16:35:39 | 00,251,504 | ---- | M] ()
WebBrowser\\"{2BAE58C2-79F9-45D1-A286-81F911301C3A}" [HKLM] -> C:\Program Files\P2P_Energy\tbP2P_.dll [P2P Energy Toolbar] -> [2008/04/03 10:40:42 | 01,523,736 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2007/12/30 01:07:29 | 05,690,184 | ---- | M] (Siber Systems)
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> [2008/03/07 09:55:24 | 01,090,912 | ---- | M] (AOL LLC)
WebBrowser\\"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" [HKLM] -> C:\Program Files\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> [2009/05/06 10:22:22 | 01,262,888 | ---- | M] (AOL LLC.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"Apoint" -> C:\Program Files\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> [2007/07/08 13:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"egui" -> C:\Program Files\ESET\ESET Smart Security\egui.exe ["C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice] -> [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET)
"HP Software Update" -> C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> [2008/12/08 15:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard)
"hpWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> [2007/10/03 15:15:40 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2007/09/19 21:05:00 | 08,497,696 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2007/09/19 21:05:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
"NvSvc" -> C:\Windows\System32\nvsvc.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> [2007/09/19 21:05:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"OnScreenDisplay" -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe] -> [2007/06/12 23:14:22 | 00,554,552 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
"QlbCtrl" -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> [2007/02/13 15:38:36 | 00,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Menu: Sun Java Console] -> [2008/12/14 16:42:42 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Button: Fill Forms] -> [2007/12/30 01:08:29 | 00,000,206 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Menu: Fill Forms] -> [2007/12/30 01:08:29 | 00,000,206 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Button: Save] -> [2007/12/30 01:08:29 | 00,000,205 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Menu: Save Forms] -> [2007/12/30 01:08:29 | 00,000,205 | ---- | M] ()
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [Button: AIM Toolbar] -> [2008/03/07 09:55:24 | 01,090,912 | ---- | M] (AOL LLC)
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2009/08/05 02:04:13 | 00,562,968 | ---- | M] (PokerStars)
{58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKLM] -> C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll [Button: HP Clipbook] -> [2007/03/02 17:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKLM] -> C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll [Button: HP Smart Select] -> [2007/03/02 17:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Button: RoboForm] -> [2007/12/30 01:08:29 | 00,000,208 | ---- | M] ()
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Menu: RoboForm Toolbar] -> [2007/12/30 01:08:29 | 00,000,208 | ---- | M] ()
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/01/29 15:01:36 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [Button: BitComet] -> [2009/01/16 05:02:24 | 00,656,696 | ---- | M] (BitComet)
{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> C:\Program Files\ICQ6.5\ICQ.exe [Button: ICQ6] -> [2009/03/01 06:59:42 | 00,172,792 | ---- | M] (ICQ, LLC.)
{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> C:\Program Files\ICQ6.5\ICQ.exe [Menu: ICQ6] -> [2009/03/01 06:59:42 | 00,172,792 | ---- | M] (ICQ, LLC.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D44720-58E3-49E6-BDF6-D00330E511D3} [HKLM] -> http://zone.msn.com/...UI.cab55579.cab [StagingUI Object] ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} [HKLM] -> http://zone.msn.com/...dy.cab55579.cab [MSN Games – Buddy Invite] ->
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [HKLM] -> http://dl.tvunetworks.com/TVUAx.cab [CTVUAxCtrl Object] ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3} [HKLM] -> http://zone.msn.com/...at.cab55579.cab [ZonePAChat Object] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.micros...b?1251587209073 [WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.micros...b?1251587340715 [MUWebControl Class] ->
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} [HKLM] -> http://zone.msn.com/...O1.cab60096.cab [UnoCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_11] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://cdn2.zone.msn...ro.cab56649.cab [MSN Games - Installer] ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_11] ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} [HKLM] -> http://zone.msn.com/...xy.cab55579.cab [MSN Games – Game Communicator] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 64.71.255.198 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{207788C6-76FF-44F3-846A-F1738000CE4F}\\DhcpNameServer -> 64.71.255.198 (Broadcom 802.11b/g WLAN) ->
{207788C6-76FF-44F3-846A-F1738000CE4F}\\NameServer -> 64.71.255.198 (Broadcom 802.11b/g WLAN) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/12/27 00:13:19 | 00,000,074 | ---- | M] ()
D:\AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ] -> D:\AUTOMODE [ NTFS ] -> [2005/09/11 11:18:54 | 00,000,340 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{59a30ccc-06d5-11de-9086-0016d3fce32c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59a30ccc-06d5-11de-9086-0016d3fce32c}\shell\sorthb\command
\{59a30ccc-06d5-11de-9086-0016d3fce32c}\shell\sorthb\command\\"" -> C:\Program Files\PSP Brew\PSPbrew.exe ["C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb] -> File not found
\{65e83180-bcad-11dc-b8dc-0016d3fce32c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65e83180-bcad-11dc-b8dc-0016d3fce32c}\shell\AutoRun\command
\{65e83180-bcad-11dc-b8dc-0016d3fce32c}\shell\AutoRun\command\\"" -> F:\pats3.exe [F:\pats3.exe] -> File not found
\{c7c53102-b98a-11dd-92b1-0016d3fce32c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c53102-b98a-11dd-92b1-0016d3fce32c}\shell
\{c7c53102-b98a-11dd-92b1-0016d3fce32c}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c53102-b98a-11dd-92b1-0016d3fce32c}\shell\AutoRun\command
\{c7c53102-b98a-11dd-92b1-0016d3fce32c}\shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
\{f5457e93-c770-11dc-a95e-0016d3fce32c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5457e93-c770-11dc-a95e-0016d3fce32c}\shell\sorthb\command
\{f5457e93-c770-11dc-a95e-0016d3fce32c}\shell\sorthb\command\\"" -> C:\Program Files\PSP Brew\PSPbrew.exe ["C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb] -> File not found


[Files/Folders - Created Within 14 Days]
4 C:\Users\Chad23\Desktop\*.tmp files -> C:\Users\Chad23\Desktop\*.tmp ->
ESET Smart Security.lnk -> C:\Users\Chad23\Desktop\ESET Smart Security.lnk -> [2009/09/01 14:50:35 | 00,001,904 | ---- | C] ()
ESET -> C:\Users\Chad23\AppData\Roaming\ESET -> [2009/09/01 14:15:28 | 00,000,000 | ---D | C]
SoftwareDistribution -> C:\Windows\SoftwareDistribution -> [2009/09/01 05:00:46 | 00,000,000 | ---D | C]
SoftwareDistribution.old -> C:\Windows\SoftwareDistribution.old -> [2009/09/01 04:43:25 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Users\Chad23\AppData\Roaming\Malwarebytes -> [2009/09/01 02:14:37 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/01 02:14:35 | 00,000,818 | ---- | C] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/09/01 02:14:32 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/09/01 02:14:31 | 00,000,000 | ---D | C]
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/09/01 02:14:30 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/09/01 02:14:30 | 00,000,000 | ---D | C]
Chyapture.JPG -> C:\Users\Chad23\Desktop\Chyapture.JPG -> [2009/09/01 02:06:59 | 00,327,875 | ---- | C] ()
ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Chad23\ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TMContainer00000000000000000002.regtrans-ms -> [2009/09/01 01:43:23 | 00,524,288 | -HS- | C] ()
ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Chad23\ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TMContainer00000000000000000001.regtrans-ms -> [2009/09/01 01:43:23 | 00,524,288 | -HS- | C] ()
ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TM.blf -> C:\Users\Chad23\ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TM.blf -> [2009/09/01 01:43:22 | 00,065,536 | -HS- | C] ()
uTorrent -> C:\Users\Chad23\AppData\Roaming\uTorrent -> [2009/09/01 00:28:37 | 00,000,000 | ---D | C]
video(3).mp4 -> C:\Users\Chad23\Desktop\video(3).mp4 -> [2009/08/30 12:35:30 | 11,029,344 | ---- | C] ()
Winamp Toolbar -> C:\Users\Chad23\AppData\Local\Winamp Toolbar -> [2009/08/29 19:08:03 | 00,000,000 | ---D | C]
Remote Assistance Logs -> C:\Users\Chad23\Documents\Remote Assistance Logs -> [2009/08/29 16:49:14 | 00,000,000 | ---D | C]
Untitled-1.jpg -> C:\Users\Chad23\Desktop\Untitled-1.jpg -> [2009/08/29 16:26:50 | 00,083,806 | ---- | C] ()
Foreever - Drake Lil Wayne Eminem.MP3 -> C:\Users\Chad23\Desktop\Foreever - Drake Lil Wayne Eminem.MP3 -> [2009/08/27 20:46:16 | 11,413,248 | ---- | C] ()
video(2).mp4 -> C:\Users\Chad23\Desktop\video(2).mp4 -> [2009/08/27 10:14:00 | 13,612,366 | ---- | C] ()
video.mp4 -> C:\Users\Chad23\Desktop\video.mp4 -> [2009/08/27 10:06:37 | 16,099,241 | ---- | C] ()
Installers -> C:\Users\Chad23\Desktop\Installers -> [2009/08/27 02:51:44 | 00,000,000 | ---D | C]
FBP10.5.rar -> C:\Users\Chad23\Desktop\FBP10.5.rar -> [2009/08/23 18:57:57 | 03,106,788 | ---- | C] ()
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2009/08/21 21:03:50 | 00,001,854 | ---- | C] ()

[Files/Folders - Modified Within 14 Days]
ntuser.dat -> C:\Users\Chad23\ntuser.dat -> [2009/09/01 16:17:10 | 06,815,744 | ---- | M] ()
1-Click Maintenance.job -> C:\Windows\tasks\1-Click Maintenance.job -> [2009/09/01 16:00:03 | 00,000,508 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1266773118-2075027798-1528241106-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1266773118-2075027798-1528241106-1000UA.job -> [2009/09/01 15:44:01 | 00,000,912 | ---- | M] ()
nvModes.001 -> C:\Users\Chad23\AppData\Roaming\nvModes.001 -> [2009/09/01 15:14:02 | 00,102,182 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/09/01 15:11:14 | 00,003,296 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/09/01 15:11:14 | 00,003,296 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/09/01 15:11:11 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/09/01 15:11:05 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/01 15:10:59 | 20,792,19712 | -HS- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/09/01 15:10:56 | 29,434,9050 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1266773118-2075027798-1528241106-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1266773118-2075027798-1528241106-1000Core.job -> [2009/09/01 14:44:06 | 00,000,860 | ---- | M] ()
ESET Smart Security.lnk -> C:\Users\Chad23\Desktop\ESET Smart Security.lnk -> [2009/09/01 14:13:25 | 00,001,904 | ---- | M] ()
ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Chad23\ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TMContainer00000000000000000001.regtrans-ms -> [2009/09/01 14:03:41 | 00,524,288 | -HS- | M] ()
ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TM.blf -> C:\Users\Chad23\ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TM.blf -> [2009/09/01 14:03:41 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Chad23\AppData\Local\IconCache.db -> [2009/09/01 14:03:27 | 03,006,526 | -H-- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/01 13:57:28 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/01 13:57:28 | 04,194,304 | ---- | M] ()
User_Feed_Synchronization-{E5955D6D-18FB-4D9B-986A-55386BE41DCB}.job -> C:\Windows\tasks\User_Feed_Synchronization-{E5955D6D-18FB-4D9B-986A-55386BE41DCB}.job -> [2009/09/01 13:54:42 | 00,000,424 | -H-- | M] ()
ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Chad23\ntuser.dat{dc94e230-95c1-11de-bd3b-0016d3fce32c}.TMContainer00000000000000000002.regtrans-ms -> [2009/09/01 06:21:33 | 00,524,288 | -HS- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/01 02:14:35 | 00,000,818 | ---- | M] ()
Chyapture.JPG -> C:\Users\Chad23\Desktop\Chyapture.JPG -> [2009/09/01 02:07:03 | 00,327,875 | ---- | M] ()
ntuser.dat{eda1ecd8-3d88-11de-b6fd-0016d3fce32c}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Chad23\ntuser.dat{eda1ecd8-3d88-11de-b6fd-0016d3fce32c}.TMContainer00000000000000000001.regtrans-ms -> [2009/09/01 01:38:28 | 00,524,288 | -HS- | M] ()
ntuser.dat{eda1ecd8-3d88-11de-b6fd-0016d3fce32c}.TM.blf -> C:\Users\Chad23\ntuser.dat{eda1ecd8-3d88-11de-b6fd-0016d3fce32c}.TM.blf -> [2009/09/01 01:38:28 | 00,065,536 | -HS- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/09/01 00:47:39 | 00,002,208 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/09/01 00:47:39 | 00,000,000 | ---- | M] ()
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/09/01 00:47:38 | 00,280,024 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/09/01 00:47:38 | 00,023,184 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/09/01 00:47:38 | 00,006,048 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/09/01 00:47:38 | 00,000,000 | ---- | M] ()
video(3).mp4 -> C:\Users\Chad23\Desktop\video(3).mp4 -> [2009/08/30 12:35:52 | 11,029,344 | ---- | M] ()
Untitled-1.jpg -> C:\Users\Chad23\Desktop\Untitled-1.jpg -> [2009/08/29 16:26:53 | 00,083,806 | ---- | M] ()
Foreever - Drake Lil Wayne Eminem.MP3 -> C:\Users\Chad23\Desktop\Foreever - Drake Lil Wayne Eminem.MP3 -> [2009/08/27 20:46:49 | 11,413,248 | ---- | M] ()
video(2).mp4 -> C:\Users\Chad23\Desktop\video(2).mp4 -> [2009/08/27 10:14:06 | 13,612,366 | ---- | M] ()
video.mp4 -> C:\Users\Chad23\Desktop\video.mp4 -> [2009/08/27 10:10:54 | 16,099,241 | ---- | M] ()
HPCeeScheduleForChad23.job -> C:\Windows\tasks\HPCeeScheduleForChad23.job -> [2009/08/26 00:38:06 | 00,000,326 | ---- | M] ()
Google Chrome.lnk -> C:\Users\Chad23\Desktop\Google Chrome.lnk -> [2009/08/25 19:44:41 | 00,002,047 | ---- | M] ()
nvModes.dat -> C:\Users\Chad23\AppData\Roaming\nvModes.dat -> [2009/08/24 14:48:30 | 00,102,182 | ---- | M] ()
FBP10.5.rar -> C:\Users\Chad23\Desktop\FBP10.5.rar -> [2009/08/23 18:58:16 | 03,106,788 | ---- | M] ()
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2009/08/21 21:03:50 | 00,001,854 | ---- | M] ()
Beyluxe Messenger.lnk -> C:\Users\Chad23\Desktop\Beyluxe Messenger.lnk -> [2009/08/21 01:00:50 | 00,001,814 | ---- | M] ()
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [2009/08/13 22:57:16 | 00,008,310 | ---- | M] ()
vbexpress000223.dat -> C:\ProgramData\Microsoft\VBExpress\8.0\vbexpress000223.dat -> [2009/02/16 04:04:49 | 00,677,178 | -H-- | M] ()
opa11.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa11.dat -> [2008/01/20 15:13:01 | 00,008,206 | ---- | M] ()
vbexpress000223.dat -> C:\ProgramData\Microsoft\VBExpress\9.0\vbexpress000223.dat -> [2008/01/05 21:46:12 | 00,677,178 | -H-- | M] ()
Chad23.dat -> C:\ProgramData\Microsoft\User Account Pictures\Chad23.dat -> [2007/12/27 00:04:54 | 00,000,000 | ---- | M] ()
Guest.dat -> C:\ProgramData\Microsoft\User Account Pictures\Guest.dat -> [2007/12/26 16:32:49 | 00,000,000 | ---- | M] ()

[File - Lop Check]
Roaming -> C:\Users\Chad23\AppData\Roaming -> [2009/09/01 14:15:28 | 00,000,000 | ---D | M]
acccore -> C:\Users\Chad23\AppData\Roaming\acccore -> [2007/12/26 15:12:15 | 00,000,000 | ---D | M]
Any Video Converter -> C:\Users\Chad23\AppData\Roaming\Any Video Converter -> [2009/08/04 01:02:54 | 00,000,000 | ---D | M]
Audacity -> C:\Users\Chad23\AppData\Roaming\Audacity -> [2009/05/06 02:08:25 | 00,000,000 | ---D | M]
AVSMedia -> C:\Users\Chad23\AppData\Roaming\AVSMedia -> [2008/01/16 17:20:37 | 00,000,000 | ---D | M]
CyberLink -> C:\Users\Chad23\AppData\Roaming\CyberLink -> [2008/08/23 01:38:52 | 00,000,000 | ---D | M]
Desktopicon -> C:\Users\Chad23\AppData\Roaming\Desktopicon -> [2008/08/20 00:08:16 | 00,000,000 | ---D | M]
Download Manager -> C:\Users\Chad23\AppData\Roaming\Download Manager -> [2008/01/16 17:18:24 | 00,000,000 | ---D | M]
ESET -> C:\Users\Chad23\AppData\Roaming\ESET -> [2009/09/01 14:15:28 | 00,000,000 | ---D | M]
FrostWire -> C:\Users\Chad23\AppData\Roaming\FrostWire -> [2008/11/20 22:05:20 | 00,000,000 | ---D | M]
GeoVid -> C:\Users\Chad23\AppData\Roaming\GeoVid -> [2008/07/27 18:08:06 | 00,000,000 | ---D | M]
ICQ -> C:\Users\Chad23\AppData\Roaming\ICQ -> [2009/05/03 22:57:37 | 00,000,000 | ---D | M]
J River -> C:\Users\Chad23\AppData\Roaming\J River -> [2008/11/15 22:14:53 | 00,000,000 | ---D | M]
LimeWire -> C:\Users\Chad23\AppData\Roaming\LimeWire -> [2009/06/22 16:31:36 | 00,000,000 | ---D | M]
LimeWireTurbo -> C:\Users\Chad23\AppData\Roaming\LimeWireTurbo -> [2008/07/22 03:49:32 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Chad23\AppData\Roaming\Media Center Programs -> [2006/11/02 08:37:34 | 00,000,000 | ---D | M]
mIRC -> C:\Users\Chad23\AppData\Roaming\mIRC -> [2009/07/31 02:35:37 | 00,000,000 | ---D | M]
Move Networks -> C:\Users\Chad23\AppData\Roaming\Move Networks -> [2008/02/22 21:09:31 | 00,000,000 | ---D | M]
MSNInstaller -> C:\Users\Chad23\AppData\Roaming\MSNInstaller -> [2009/02/11 00:05:44 | 00,000,000 | ---D | M]
muvee Technologies -> C:\Users\Chad23\AppData\Roaming\muvee Technologies -> [2007/12/28 22:51:58 | 00,000,000 | ---D | M]
SystemRequirementsLab -> C:\Users\Chad23\AppData\Roaming\SystemRequirementsLab -> [2008/12/27 22:44:59 | 00,000,000 | ---D | M]
Thunderbird -> C:\Users\Chad23\AppData\Roaming\Thunderbird -> [2009/05/16 12:06:04 | 00,000,000 | ---D | M]
TuneUp Software -> C:\Users\Chad23\AppData\Roaming\TuneUp Software -> [2007/12/26 14:35:50 | 00,000,000 | ---D | M]
Ufasoft -> C:\Users\Chad23\AppData\Roaming\Ufasoft -> [2008/08/12 00:10:53 | 00,000,000 | ---D | M]
uTorrent -> C:\Users\Chad23\AppData\Roaming\uTorrent -> [2009/09/01 06:20:59 | 00,000,000 | ---D | M]
Ventrilo -> C:\Users\Chad23\AppData\Roaming\Ventrilo -> [2008/07/26 00:07:37 | 00,000,000 | ---D | M]
Webcammax -> C:\Users\Chad23\AppData\Roaming\Webcammax -> [2009/02/11 00:50:36 | 00,000,000 | ---D | M]
Xfire -> C:\Users\Chad23\AppData\Roaming\Xfire -> [2009/06/23 21:35:41 | 00,000,000 | ---D | M]
Xtreeme -> C:\Users\Chad23\AppData\Roaming\Xtreeme -> [2009/05/03 21:39:22 | 00,000,000 | ---D | M]
C:\Windows\Tasks\ -> C:\Windows\Tasks -> [2009/09/01 01:42:05 | 00,000,000 | ---D | M]
1-Click Maintenance.job -> C:\Windows\Tasks\1-Click Maintenance.job -> [2009/09/01 16:00:03 | 00,000,508 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1266773118-2075027798-1528241106-1000Core.job -> C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266773118-2075027798-1528241106-1000Core.job -> [2009/09/01 14:44:06 | 00,000,860 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1266773118-2075027798-1528241106-1000UA.job -> C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266773118-2075027798-1528241106-1000UA.job -> [2009/09/01 15:44:01 | 00,000,912 | ---- | M] ()
HPCeeScheduleForChad23.job -> C:\Windows\Tasks\HPCeeScheduleForChad23.job -> [2009/08/26 00:38:06 | 00,000,326 | ---- | M] ()
SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2009/09/01 15:11:11 | 00,000,006 | -H-- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/09/01 14:03:47 | 00,032,572 | ---- | M] ()
User_Feed_Synchronization-{E5955D6D-18FB-4D9B-986A-55386BE41DCB}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{E5955D6D-18FB-4D9B-986A-55386BE41DCB}.job -> [2009/09/01 13:54:42 | 00,000,424 | -H-- | M] ()
[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
< %systemroot%\system32\scecli.dll >
C:\Windows\system32\ -> C:\Windows\System32 -> [2009/09/01 14:07:24 | 00,000,000 | ---D | M]
scecli.dll -> C:\Windows\System32\scecli.dll -> [2008/01/19 03:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation)
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
C:\Windows\system32\ -> C:\Windows\System32 -> [2009/09/01 14:07:24 | 00,000,000 | ---D | M]
cngaudit.dll -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 05:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
< End of report >




Rootrepeal LOG

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/01 15:59
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x807CB000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8060B000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x81E07000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8D26B000 Size: 294912 File Visible: - Signed: -
Status: -

Name: amdk8.sys
Image Path: C:\Windows\system32\DRIVERS\amdk8.sys
Address: 0x87913000 Size: 65536 File Visible: - Signed: -
Status: -

Name: Apfiltr.sys
Image Path: C:\Windows\system32\DRIVERS\Apfiltr.sys
Address: 0x87965000 Size: 180224 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x80723000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8072B000 Size: 122880 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x95C50000 Size: 311296 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x8069B000 Size: 40960 File Visible: - Signed: -
Status: -

Name: bcmwl6.sys
Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys
Address: 0x8BB56000 Size: 548864 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8CC00000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8041F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x9C88E000 Size: 102400 File Visible: - Signed: -
Status: -

Name: CAMTHWDM.sys
Image Path: C:\Windows\system32\DRIVERS\CAMTHWDM.sys
Address: 0x8C685000 Size: 935808 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x95C40000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9E30C000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x807A3000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CHDRT32.sys
Image Path: C:\Windows\system32\drivers\CHDRT32.sys
Address: 0x8CA9E000 Size: 208896 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x80468000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x87BA5000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80427000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x87943000 Size: 14208 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x80698000 Size: 10496 File Visible: - Signed: -
Status: -

Name: cpqbttn.sys
Image Path: C:\Windows\system32\DRIVERS\cpqbttn.sys
Address: 0x87BFA000 Size: 9472 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8D349000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x87BC6000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8D332000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x87B94000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8CAFE000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D361000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D356000 Size: 45056 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8D369000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8C54B000 Size: 651264 File Visible: - Signed: -
Status: -

Name: eabfiltr.sys
Image Path: C:\Windows\system32\DRIVERS\eabfiltr.sys
Address: 0x8D2D7000 Size: 8192 File Visible: - Signed: -
Status: -

Name: eamon.sys
Image Path: C:\Windows\system32\DRIVERS\eamon.sys
Address: 0x99E03000 Size: 770048 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x87B6D000 Size: 159744 File Visible: - Signed: -
Status: -

Name: ehdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ehdrv.sys
Address: 0x8CB82000 Size: 118784 File Visible: - Signed: -
Status: -

Name: epfw.sys
Image Path: C:\Windows\system32\DRIVERS\epfw.sys
Address: 0x99EBF000 Size: 143360 File Visible: - Signed: -
Status: -

Name: Epfwndis.sys
Image Path: C:\Windows\system32\DRIVERS\Epfwndis.sys
Address: 0x8BBDC000 Size: 45056 File Visible: - Signed: -
Status: -

Name: epfwwfp.sys
Image Path: C:\Windows\system32\DRIVERS\epfwwfp.sys
Address: 0x9C9B7000 Size: 57344 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8077B000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x80749000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8CDEC000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x878EF000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x879F3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: giveio.sys
Image Path: C:\Windows\system32\giveio.sys
Address: 0x87B6C000 Size: 1664 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x821C0000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x877EA000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x87923000 Size: 65536 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x87933000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8CD11000 Size: 741376 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8CC0E000 Size: 1060864 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x8CB23000 Size: 253952 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x9C806000 Size: 438272 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x87947000 Size: 77824 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8795A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8CA50000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80406000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8C777000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x87609000 Size: 462848 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: C:\Windows\system32\DRIVERS\Lbd.sys
Address: 0x8078B000 Size: 57472 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x99F99000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8D382000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0x9C9C5000 Size: 12672 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8CDC6000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8D373000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x87991000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x80713000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x9C8A7000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x9C8BC000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9C8DB000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9C914000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8CBDC000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x8065A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8C60B000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x87785000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8CA39000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x87B5D000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8767A000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8C7B8000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x99FD3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8C7C3000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8CA8D000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8D2C9000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8D225000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x877B0000 Size: 237568 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8CBE7000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8D328000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x87A03000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x81E07000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8CDF5000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8BE05000 Size: 7626400 File Visible: - Signed: -
Status: -

Name: nvmfdx32.sys
Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Address: 0x8BA55000 Size: 1052160 File Visible: - Signed: -
Status: -

Name: nvsmu.sys
Image Path: C:\Windows\system32\DRIVERS\nvsmu.sys
Address: 0x87BFD000 Size: 12032 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x99FA9000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x807BB000 Size: 61952 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8D2B3000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80689000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x80662000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x806FE000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x80705000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9E20E000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x81E07000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8CAD1000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8040E000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x8079A000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8CBF5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8C7A1000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8C7E6000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8BBE7000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8CA0B000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x81E07000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8D2EC000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8CBCC000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8CBD4000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rimmptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rimmptsk.sys
Address: 0x805D1000 Size: 69632 File Visible: - Signed: -
Status: -

Name: rimsptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rimsptsk.sys
Address: 0x805E2000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rixdptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rixdptsk.sys
Address: 0x8BA03000 Size: 335872 File Visible: - Signed: -
Status: -

Name: rootrepeal1.sys
Image Path: C:\Windows\system32\drivers\rootrepeal1.sys
Address: 0x9E322000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x99FDD000 Size: 77824 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\Windows\system32\DRIVERS\sdbus.sys
Address: 0x807D9000 Size: 106496 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9E2EC000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8D257000 Size: 81920 File Visible: - Signed: -
Status: -

Name: speedfan.sys
Image Path: C:\Windows\system32\speedfan.sys
Address: 0x87B5B000 Size: 5248 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x87B53000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x99EEA000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9C953000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9C92C000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x9C871000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8C639000 Size: 266240 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\Windows\system32\DRIVERS\STREAM.SYS
Address: 0x8C76A000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8CA37000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tap0901.sys
Image Path: C:\Windows\system32\DRIVERS\tap0901.sys
Address: 0x8CA20000 Size: 25216 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x87808000 Size: 946176 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9E2F6000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8C67A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8D20F000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8CA27000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x95C20000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8790A000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x87BEF000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8CA43000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8CDD3000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8CDEA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x879E4000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8CA59000 Size: 212992 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8799C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x879A6000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbvideo.sys
Image Path: C:\Windows\System32\Drivers\usbvideo.sys
Address: 0x8CB61000 Size: 134016 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8CB9F000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8CBAB000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x806A5000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x806B4000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x87B1A000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8D2D9000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8C5EA000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wd.sys
Image Path: C:\Windows\system32\drivers\wd.sys
Address: 0x87B12000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80548000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x805C4000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x95A00000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x95A00000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8793A000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x80651000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x81E07000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0x9E302000 Size: 32768 File Visible: - Signed: -
Status: -



HIGHJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:29 AM, on 9/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\Users\Chad23\Desktop\SpybotSDPortable\App\SpybotSD\SpybotSD.exe
C:\Windows\system32\rundll32.exe
C:\Users\Chad23\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chad23\Documents\Downloads\utorrent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Chad23\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - *{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Lincmediaplayer - {fbaa6932-b59b-4854-8041-27a233394ba3} - C:\Program Files\Linksador\Lincmediaplayer\adxloader.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {b6bb2c0a-8d74-4664-a1cd-103bd9a69de9} - C:\Program Files\Linksador\Lincmediaplayer\adxloader.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1251587209073
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1251587340715
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{207788C6-76FF-44F3-846A-F1738000CE4F}: NameServer = 64.71.255.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{207788C6-76FF-44F3-846A-F1738000CE4F}: NameServer = 64.71.255.198
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15586 bytes



Thank You

Edit: I'd also like to say that today ive ungraded my AVG free to nod32 security suite.
Thanks
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP