Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan spm/lx , worm.win32.netsky and vundo.gen.bw

Started by jamie1030 , Jan 04 2010 09:57 AM

  • Please log in to reply

#1
jamie1030
Posted 04 January 2010 - 09:57 AM

jamie1030

    New Member

  • Member
  • Pip
  • 2 posts
I ran the tfc file cleaner first then otl and will attach the logs for that. I then ran combofix and will attach the logs from that as well. I would like to know if there is anything else I need to do to clean this pc up. I did have vundo.fix.bw trojan on here as well and I dont know if this took care of that also. If someone could get back to me after looking at the logs that would be great.
OTL logfile created on: 1/4/2010 1:29:06 AM - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\jrask\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 216.62 Gb Free Space | 46.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DU0709141438
Current User Name: jrask
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\winupdate86.exe (VAqzsuqlp)
PRC - C:\Documents and Settings\jrask\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PersonalSec\psecurity.exe ()
PRC - C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
PRC - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe (Adobe Systems Inc.)
PRC - C:\Documents and Settings\jrask\Local Settings\Temp\wzabdd\procexp.exe (Sysinternals - www.sysinternals.com)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\vsjitdebugger.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\qosservm.exe (AVAYA Communication)
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Broadcom Corporation)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe (Sprint Spectrum, L.L.C)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\VPNremote for Windows XP\AvVpnService.exe ()


========== Modules (SafeList) ==========

MOD - C:\WINDOWS\system32\fuwofapi.dll ()
MOD - C:\WINDOWS\system32\kuzalore.dll ()
MOD - C:\Documents and Settings\jrask\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\kbdsock.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (afbcbeafebfdabb) -- File not found
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (XoftSpyService) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe (SiSoftware)
SRV - (SolarWinds TFTP Server) -- C:\Program Files\SolarWinds\Toolset\SolarWinds TFTP Server.exe (SolarWinds)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (gupdate1c9e83e5d043806) Google Update Service (gupdate1c9e83e5d043806) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (enterceptAgent) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (hips) -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe (McAfee, Inc.)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (CBTWlanSrv) -- C:\WINDOWS\CBTWlanSrv.exe ()
SRV - (iClarityQoSService) -- C:\WINDOWS\system32\qosservm.exe (AVAYA Communication)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (Pantech Utility Service) -- C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe (Sprint Spectrum, L.L.C)
SRV - (CCS) -- C:\WINDOWS\system32\ccs.exe (Cisco Systems, Inc.)
SRV - (ose) -- c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (AvService) -- C:\Program Files\VPNremote for Windows XP\AvVpnService.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (OracleOraHome81ClientCache) -- C:\oracle\ora81\bin\ONRSD.EXE ()


========== Driver Services (SafeList) ==========

DRV - (DKRtWrt) -- C:\WINDOWS\system32\drivers\DKRtWrt.sys (Diskeeper Corporation)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\sandra.sys (SiSoftware)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174) -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\WINDOWS\system32\DRIVERS\snman380.sys (Acronis)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (Amtrans) -- C:\WINDOWS\system32\drivers\Amtrans.sys (Windows ® 2000 DDK provider)
DRV - (pxfhserd) PANTECH PC Card Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\pxfhserd.sys (MCCI)
DRV - (pxfhmdm) -- C:\WINDOWS\system32\drivers\pxfhmdm.sys (MCCI)
DRV - (pxfhbus) PANTECH PC Card Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\pxfhbus.sys (MCCI)
DRV - (pxfhmdfl) -- C:\WINDOWS\system32\drivers\pxfhmdfl.sys (MCCI)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (firelm01) -- C:\WINDOWS\system32\drivers\firelm01.sys (McAfee, Inc.)
DRV - (FireTDI) -- C:\WINDOWS\system32\drivers\FireTDI.sys (McAfee, Inc.)
DRV - (FirePM) -- C:\WINDOWS\system32\Drivers\FirePM.sys (McAfee, Inc.)
DRV - (FirehkMP) -- C:\WINDOWS\system32\drivers\firehk.sys (McAfee, Inc.)
DRV - (Firehk) -- C:\WINDOWS\system32\drivers\firehk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HIPQK) -- C:\WINDOWS\system32\drivers\HIPQK.sys (McAfee, Inc.)
DRV - (HIPPSK) -- C:\WINDOWS\system32\drivers\HIPPSK.sys (McAfee, Inc.)
DRV - (HIPK) -- C:\WINDOWS\system32\drivers\HIPK.sys (McAfee, Inc.)
DRV - (sbtis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (HopperP) WiFi Hopper (XP) -- C:\WINDOWS\system32\drivers\hopperp.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (AmDriver) -- C:\WINDOWS\system32\AmDriver.sys (AirMagnet, Inc)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (WPC300N) -- C:\WINDOWS\system32\drivers\WPC300N.SYS (Broadcom Corporation)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (CSCO21) -- C:\WINDOWS\system32\drivers\csco21.sys (Cisco Systems, Inc.)
DRV - (CBPSp50) -- C:\WINDOWS\system32\drivers\CBPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (PMEM) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (ndisva) -- C:\WINDOWS\system32\drivers\vadapter.sys ()
DRV - (VProtocol) -- C:\WINDOWS\system32\drivers\vproto2k.sys ()
DRV - (avipsec) -- C:\WINDOWS\system32\drivers\avipsec.sys ()
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = co.proxy.avaya.com:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: " [url="http://radar.weather.gov/radar.php?product=N0R&rid=MPX&loop=yes""]http://radar.weather.gov/radar.php?product...;loop=yes"[/url]
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.2009110501
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.14907
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 22:01:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVGLS\Toolbar\Firefox\avg@igeared [2009/12/31 14:41:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/29 16:46:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/15 19:21:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 10:31:45 | 00,000,000 | ---D | M]

[2009/08/18 09:04:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Mozilla\Extensions
[2009/08/18 09:04:00 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jrask\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/02 00:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Mozilla\Firefox\Profiles\9oso9ua4.default\extensions
[2009/11/17 08:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Mozilla\Firefox\Profiles\9oso9ua4.default\extensions\DefaultManager@Microsoft
[2010/01/02 00:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Mozilla\Firefox\Profiles\9oso9ua4.default\extensions\[email protected]
[2009/12/31 12:09:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/14 13:44:05 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/24 02:09:18 | 00,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/08/25 22:24:47 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/14 22:08:12 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/23 20:09:16 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/02 00:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/09/14 13:43:57 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/09/14 13:43:57 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/14 13:44:00 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2003/07/15 00:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/07/30 01:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/30 01:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/30 22:49:31 | 00,001,497 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/07/30 01:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/30 01:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/30 01:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/30 01:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/23 20:07:57 | 00,000,808 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (4154 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 89 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (VIPTToolbarManager Class) - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll ()
O2 - BHO: (&Security Update) - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - Reg Error: Value error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AvayaIEHlprObj Class) - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll ()
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Visual IP Trace) - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [demazuyat] C:\WINDOWS\System32\fuwofapi.DLL ()
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (VAqzsuqlp)
O4 - HKLM..\Run: [XoftSpySE] C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunServices: [Microsoft Update Machine] C:\WINDOWS\System32\wxcage.exe (PqCCv3Rt)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NA-West and CALA Login.url ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: authoria.net ([avayaitm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: avaya.com ([itms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: avaya.com ([itms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: avaya.com ([mytools] https in Trusted sites)
O15 - HKCU\..Trusted Domains: avaya.com ([sj.usae] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://downloadcente...trolLite_EN.cab (DjVuCtl Class)
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} http://vilt.learning...ystemchecks.cab (IWSystemchecks Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254792653487 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1254792640003 (MUWebControl Class)
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} http://vilt.learning...ebInstaller.cab (AxWebInstaller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ara-na2.avay...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O16 - DPF: Concur Expense Applets https://nxmsp07.eng..../cnqr2k4_ie.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: XMS https://nxmsp05.eng....lets/xms_ie.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 68.115.71.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.avaya.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - c:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - c:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (kuzalore.dll) - C:\WINDOWS\System32\kuzalore.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\fuwofapi.dll) - C:\WINDOWS\system32\fuwofapi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (VAqzsuqlp)
O20 - HKLM Winlogon: GinaDLL - (cscogina.dll) - C:\WINDOWS\System32\cscogina.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: sagufidob - {4d6a69ce-c6c6-49dd-93b0-bdacd5ea2da8} - C:\WINDOWS\system32\fuwofapi.dll ()
O21 - SSODL: solakavew - {482a773f-019f-4e5f-a693-a253a263b721} - CLSID or File not found.
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {482a773f-019f-4e5f-a693-a253a263b721} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {4d6a69ce-c6c6-49dd-93b0-bdacd5ea2da8} - tokatiluy - C:\WINDOWS\system32\fuwofapi.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - https://webct.stanly...-thumb_icon.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/07 12:57:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{939a3192-96aa-11de-a081-001a6bc59966}\Shell - "" = AutoRun
O33 - MountPoints2\{939a3192-96aa-11de-a081-001a6bc59966}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2baccd3-a234-11de-9291-001c2310123c}\Shell - "" = AutoRun
O33 - MountPoints2\{a2baccd3-a234-11de-9291-001c2310123c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2baccd3-a234-11de-9291-001c2310123c}\Shell\AutoRun\command - "" = E:\WINDOWS\IronKey.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 00,024,576 | -HS- | C] (VAqzsuqlp) -- C:\WINDOWS\System32\hujufutu.exe
[2010/01/04 01:26:07 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\jrask\Desktop\RootRepeal.exe
[2010/01/04 01:01:17 | 00,641,975 | ---- | C] (EFD Software ) -- C:\Documents and Settings\jrask\Desktop\hdtune_253.exe
[2010/01/04 01:00:28 | 01,119,744 | ---- | C] (Parmavex Services) -- C:\Documents and Settings\jrask\Desktop\WinAuditu_2_27_14.exe
[2010/01/04 01:00:03 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\jrask\Desktop\HJTInstall.exe
[2010/01/04 00:59:45 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\jrask\Desktop\KillBox.exe
[2010/01/04 00:54:56 | 03,252,640 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\jrask\Desktop\ccsetup221.exe
[2010/01/04 00:54:38 | 00,947,042 | ---- | C] (Phyxion.net - Guru3D.com ) -- C:\Documents and Settings\jrask\Desktop\DriverSweeper_1.5.5_setup__Guru3D.com_.exe
[2010/01/04 00:54:05 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\jrask\Desktop\erunt_setup.exe
[2010/01/04 00:53:02 | 75,755,808 | ---- | C] (COMODO) -- C:\Documents and Settings\jrask\Desktop\CIS_Setup_3.8.65951.477_XP_Vista_x32.exe
[2010/01/04 00:51:54 | 01,130,036 | ---- | C] (Malwareteks.com) -- C:\Documents and Settings\jrask\Desktop\FixIEDef.exe
[2010/01/04 00:43:45 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/03 21:43:16 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/03 21:01:29 | 34,629,368 | ---- | C] (PC Tools ) -- C:\Documents and Settings\jrask\Desktop\sdasetup.exe
[2010/01/03 21:00:32 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jrask\Desktop\OTL.exe
[2010/01/03 21:00:10 | 00,452,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jrask\Desktop\OTM.exe
[2010/01/03 20:59:58 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jrask\Desktop\mbam-setup.exe
[2010/01/03 20:59:38 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\jrask\Desktop\VundoFix.exe
[2010/01/03 14:13:53 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jrask\Desktop\TFC.exe
[2010/01/02 18:52:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/02 12:08:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\My Documents\MyBackups
[2010/01/02 01:22:30 | 00,021,504 | ---- | C] (Doug Knox) -- C:\SysRestorePoint.exe
[2010/01/02 01:21:09 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\jrask\Desktop\SysRestorePoint.exe
[2010/01/01 04:30:50 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/01 03:56:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/12/31 15:29:36 | 00,073,823 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\cscogina.dll
[2009/12/31 15:29:33 | 00,360,530 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\ccs.exe
[2009/12/31 15:29:19 | 01,257,566 | ---- | C] (Devicescape) -- C:\WINDOWS\System32\dsa.dll
[2009/12/31 15:29:19 | 00,082,017 | ---- | C] (Devicescape, Inc.) -- C:\WINDOWS\System32\dsaNac.dll
[2009/12/31 15:29:18 | 00,372,827 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\cscwgapi.dll
[2009/12/31 15:29:18 | 00,254,046 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\cscwsfwDS.dll
[2009/12/31 15:29:18 | 00,249,947 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\cscwsimd.dll
[2009/12/31 15:29:18 | 00,055,840 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys
[2009/12/31 15:29:18 | 00,055,840 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2009/12/31 15:29:17 | 00,413,787 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\cscwcapi.dll
[2009/12/31 15:29:17 | 00,344,164 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\cscwcapiU.dll
[2009/12/31 15:29:17 | 00,303,204 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\csccfg20U.dll
[2009/12/31 15:29:17 | 00,295,003 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\csccfg20.dll
[2009/12/31 15:29:17 | 00,114,797 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\csccfg20resU.dll
[2009/12/31 15:29:17 | 00,114,788 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\csccfg20res.dll
[2009/12/31 15:29:13 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco Aironet
[2009/12/31 15:28:46 | 00,516,608 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\csco21.sys
[2009/12/31 15:28:46 | 00,516,608 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\csco21.sys
[2009/12/31 14:30:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cisco Aironet
[2009/12/31 14:01:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2009/12/31 14:01:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2009/12/31 14:01:33 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2009/12/31 12:53:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PersonalSecUninstall
[2009/12/31 12:50:49 | 00,000,000 | ---D | C] -- C:\Program Files\PersonalSec
[2009/12/31 12:38:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/12/31 12:38:41 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/12/31 12:29:29 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/12/31 04:04:52 | 00,024,576 | -HS- | C] (VAqzsuqlp) -- C:\WINDOWS\System32\winupdate86.exe
[2009/12/31 04:04:52 | 00,024,576 | -HS- | C] (VAqzsuqlp) -- C:\WINDOWS\System32\winlogon86.exe
[2009/12/31 04:04:47 | 00,022,016 | ---- | C] (XsGVOcbdIhEHRWCQQb) -- C:\waxfhosk.exe
[2009/12/29 13:46:42 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\jrask\Recent
[2009/12/28 17:27:06 | 00,021,888 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\hopperp.sys
[2009/12/28 17:27:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\{hopper}
[2009/12/28 17:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\WiFi Hopper
[2009/12/21 20:41:42 | 00,700,416 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\BCMLogon.dll
[2009/12/21 20:41:41 | 00,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2009/12/21 20:41:39 | 01,142,784 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\BCMWLTRY.EXE
[2009/12/21 20:41:39 | 00,184,320 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcmwlu00.exe
[2009/12/21 20:41:39 | 00,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2009/12/21 20:41:39 | 00,044,032 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\wltrynt.dll
[2009/12/21 20:41:38 | 02,129,920 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2009/12/21 20:41:37 | 00,822,400 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\WPC300N.SYS
[2009/12/21 20:41:35 | 00,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\CBPSp50.sys
[2009/12/21 20:41:33 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys
[2009/12/21 20:41:31 | 00,139,264 | ---- | C] (CyberTAN) -- C:\WINDOWS\UIButton.dll
[2009/12/21 20:41:31 | 00,126,976 | ---- | C] (CyberTAN) -- C:\WINDOWS\UIListCtrl.dll
[2009/12/21 20:41:31 | 00,094,208 | ---- | C] (CyberTAN) -- C:\WINDOWS\UITabCtrl.dll
[2009/12/21 20:30:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\My Documents\WPC300N_20071105
[2009/12/21 20:30:05 | 00,000,000 | ---D | C] -- C:\Linksys Driver
[2009/12/20 15:01:25 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD27A355-17F8-42DF-8A41-FF700F330BE9}
[2009/12/19 14:08:32 | 00,136,704 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\iacenc.dll
[2009/12/19 14:08:30 | 00,000,000 | ---D | C] -- C:\Program Files\Ligos
[2009/12/18 14:20:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\My Documents\data
[2009/12/18 12:34:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\My Documents\packet tracer 5 complete
[2009/12/14 12:39:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\Desktop\cbt training videos
[2009/12/14 12:37:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\Desktop\ccna training aids
[2009/12/14 12:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\Desktop\train signal ccna ccnp trng
[2009/12/14 12:01:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/12/10 14:19:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\Application Data\Registry Mechanic
[2009/12/10 13:55:54 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/12/09 11:46:25 | 00,398,632 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2009/12/08 23:30:43 | 00,045,232 | ---- | C] (Diskeeper Corporation) -- C:\WINDOWS\System32\drivers\DKRtWrt.sys
[2009/12/08 23:30:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Diskeeper Corporation
[2009/12/08 23:30:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2009/12/08 23:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Home Server
[2009/12/08 23:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation
[2009/12/08 23:24:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\My Documents\Diskeeper
[2009/12/07 21:52:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jrask\My Documents\chapter 11 assessment
[2009/11/20 18:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\skypePM
[2009/08/29 12:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/08/29 12:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/29 12:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/08/04 23:12:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/07/13 22:00:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/09 19:03:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/26 16:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/02/07 13:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/07 13:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/02/07 12:57:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\miyahewe.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\jobavito.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\fuwofapi.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\feyadote.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\fafisaya.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\hibunevo.dll
[2099/01/01 12:00:00 | 00,054,272 | -HS- | M] () -- C:\WINDOWS\System32\zisopola.dll
[2099/01/01 12:00:00 | 00,054,272 | -HS- | M] () -- C:\WINDOWS\System32\vukuleyi.dll
[2099/01/01 12:00:00 | 00,054,272 | -HS- | M] () -- C:\WINDOWS\System32\liroteyu.dll
[2099/01/01 12:00:00 | 00,054,272 | -HS- | M] () -- C:\WINDOWS\System32\kuzalore.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | M] () -- C:\WINDOWS\System32\kijudawi.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\runiwapa.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\rohitelu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\jenevufi.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\devawije.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\biyedepu.dll
[2099/01/01 12:00:00 | 00,024,576 | -HS- | M] (VAqzsuqlp) -- C:\WINDOWS\System32\winupdate86.exe
[2099/01/01 12:00:00 | 00,024,576 | -HS- | M] (VAqzsuqlp) -- C:\WINDOWS\System32\winlogon86.exe
[2099/01/01 12:00:00 | 00,024,576 | -HS- | M] (VAqzsuqlp) -- C:\WINDOWS\System32\hujufutu.exe
[2099/01/01 12:00:00 | 00,000,001 | -HS- | M] () -- C:\WINDOWS\System32\vinomisu.dll
[2099/01/01 12:00:00 | 00,000,001 | -HS- | M] () -- C:\WINDOWS\System32\satukivu.dll
[2099/01/01 12:00:00 | 00,000,001 | -HS- | M] () -- C:\WINDOWS\System32\palodide.dll
[2010/01/04 01:32:55 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\dikosuwe
[2010/01/04 01:32:52 | 00,773,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\wvpvarfd.sys
[2010/01/04 01:30:54 | 00,248,736 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\Need help removing Worm.Win32.NetSky.pdf
[2010/01/04 01:26:08 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\jrask\Desktop\RootRepeal.exe
[2010/01/04 01:22:51 | 09,699,328 | -H-- | M] () -- C:\Documents and Settings\jrask\ntuser.dat
[2010/01/04 01:21:38 | 01,192,914 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\A guide and tutorial on using ComboFix.pdf
[2010/01/04 01:20:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/04 01:20:16 | 00,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2010/01/04 01:18:06 | 00,394,729 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\NEED HELP REMOVING worm.win32.netsky and trojanSPM_LX virus from lapto.pdf
[2010/01/04 01:18:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/04 01:11:18 | 00,244,955 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\How to stop and undo the effects of the Alcra aka Alcan Worm.pdf
[2010/01/04 01:07:52 | 00,280,196 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib3.pdf
[2010/01/04 01:07:28 | 00,263,763 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib2.pdf
[2010/01/04 01:07:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1343024091-1801674531-71786UA.job
[2010/01/04 01:06:57 | 00,282,761 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib1.pdf
[2010/01/04 01:05:37 | 00,310,282 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib.pdf
[2010/01/04 01:01:49 | 00,001,936 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\cdgone.zip
[2010/01/04 01:01:39 | 03,142,859 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\everesthome151.exe
[2010/01/04 01:01:18 | 00,641,975 | ---- | M] (EFD Software ) -- C:\Documents and Settings\jrask\Desktop\hdtune_253.exe
[2010/01/04 01:01:10 | 13,469,937 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\san1122a.zip
[2010/01/04 01:01:00 | 00,063,507 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\memtest33.zip
[2010/01/04 01:00:31 | 01,119,744 | ---- | M] (Parmavex Services) -- C:\Documents and Settings\jrask\Desktop\WinAuditu_2_27_14.exe
[2010/01/04 01:00:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/04 01:00:05 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\jrask\Desktop\HJTInstall.exe
[2010/01/04 01:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\vinyxmgo.job
[2010/01/04 01:00:00 | 00,000,294 | ---- | M] () -- C:\WINDOWS\tasks\zlwtiuoe.job
[2010/01/04 00:59:45 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\jrask\Desktop\KillBox.exe
[2010/01/04 00:59:31 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\SmitfraudFix.exe
[2010/01/04 00:58:37 | 00,339,257 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\CleanUp452.exe
[2010/01/04 00:57:13 | 00,700,529 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\WinsockXPFix.zip
[2010/01/04 00:56:32 | 01,615,732 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\ProcessExplorer.zip
[2010/01/04 00:56:01 | 00,153,088 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\Word_2007_SetDefaultDocument.exe
[2010/01/04 00:55:50 | 02,404,352 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\Norton_Removal_Tool.exe
[2010/01/04 00:55:04 | 03,252,640 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\jrask\Desktop\ccsetup221.exe
[2010/01/04 00:54:39 | 00,947,042 | ---- | M] (Phyxion.net - Guru3D.com ) -- C:\Documents and Settings\jrask\Desktop\DriverSweeper_1.5.5_setup__Guru3D.com_.exe
[2010/01/04 00:54:22 | 00,458,837 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\cpu_z_140.zip
[2010/01/04 00:54:06 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\jrask\Desktop\erunt_setup.exe
[2010/01/04 00:53:33 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\jrask\Desktop\SysRestorePoint.exe
[2010/01/04 00:53:03 | 75,755,808 | ---- | M] (COMODO) -- C:\Documents and Settings\jrask\Desktop\CIS_Setup_3.8.65951.477_XP_Vista_x32.exe
[2010/01/04 00:52:56 | 05,797,152 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\SUPERAntiSpyware.exe
[2010/01/04 00:52:47 | 00,154,114 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\alcanshorty_en.exe
[2010/01/04 00:52:00 | 01,130,036 | ---- | M] (Malwareteks.com) -- C:\Documents and Settings\jrask\Desktop\FixIEDef.exe
[2010/01/04 00:51:33 | 03,818,262 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\ComboFix.exe
[2010/01/04 00:50:49 | 00,024,776 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\findlop.zip
[2010/01/04 00:50:29 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jrask\Desktop\TFC.exe
[2010/01/04 00:49:49 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\jrask\Desktop\VundoFix.exe
[2010/01/04 00:47:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/04 00:43:42 | 03,818,262 | ---- | M] () -- C:\Documents and Settings\jrask\My Documents\ComboFix.exe
[2010/01/04 00:43:35 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/04 00:43:13 | 00,530,972 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/04 00:43:13 | 00,447,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/04 00:43:13 | 00,074,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/04 00:40:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2010/01/04 00:40:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2010/01/04 00:40:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/04 00:39:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/04 00:39:27 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/04 00:39:26 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/04 00:39:21 | 00,000,497 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/01/04 00:38:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/04 00:38:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/03 21:08:47 | 02,517,024 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/03 21:08:47 | 00,188,960 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/01/03 21:08:47 | 00,031,052 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/03 21:08:47 | 00,018,680 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/01/03 21:08:41 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\jrask\ntuser.ini
[2010/01/03 05:07:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1343024091-1801674531-71786Core.job
[2010/01/03 03:18:19 | 34,629,368 | ---- | M] (PC Tools ) -- C:\Documents and Settings\jrask\Desktop\sdasetup.exe
[2010/01/03 03:13:11 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jrask\Desktop\mbam-setup.exe
[2010/01/03 03:10:57 | 00,452,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jrask\Desktop\OTM.exe
[2010/01/03 03:07:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jrask\Desktop\OTL.exe
[2010/01/03 03:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/03 02:22:00 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/01/03 01:37:00 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/01/03 01:11:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/01/03 00:51:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/01/03 00:31:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/01/03 00:11:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/01/02 23:51:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/02 23:31:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/01/02 23:11:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/02 22:51:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/02 22:31:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/02 22:11:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/02 21:51:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/02 21:31:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/02 21:11:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/02 20:51:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/02 20:31:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/02 20:11:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/02 19:51:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/02 19:23:27 | 00,138,752 | ---- | M] () -- C:\Documents and Settings\jrask\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/02 18:19:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
[2010/01/02 18:00:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/01/02 18:00:00 | 00,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/01/02 17:58:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2010/01/02 17:38:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
[2010/01/02 17:18:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2010/01/02 17:00:00 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/02 16:58:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2010/01/02 16:38:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2010/01/02 16:18:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2010/01/02 15:58:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2010/01/02 15:38:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2010/01/02 15:18:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2010/01/02 14:58:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2010/01/02 14:38:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2010/01/02 14:18:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2010/01/02 13:58:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2010/01/02 13:38:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2010/01/02 13:18:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2010/01/02 12:58:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2010/01/02 12:38:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2010/01/02 12:18:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2010/01/02 11:58:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2010/01/02 11:38:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2010/01/02 11:18:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010/01/02 10:58:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010/01/02 10:38:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010/01/02 10:18:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010/01/02 09:58:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010/01/02 09:38:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010/01/02 09:18:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010/01/02 08:58:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010/01/02 08:38:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010/01/02 08:18:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010/01/02 07:58:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010/01/02 01:14:26 | 00,021,504 | ---- | M] (Doug Knox) -- C:\SysRestorePoint.exe
[2010/01/01 22:34:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2010/01/01 22:14:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2010/01/01 21:54:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2010/01/01 21:34:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2010/01/01 21:14:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
[2010/01/01 20:54:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
[2010/01/01 18:03:46 | 00,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2010.lnk
[2009/12/31 20:03:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/31 15:29:47 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Aironet Desktop Utility.lnk
[2009/12/31 14:20:09 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\Microsoft Office Word 2003.lnk
[2009/12/31 14:01:41 | 00,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2009/12/31 14:01:41 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2009/12/31 13:56:07 | 00,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2009/12/31 12:53:42 | 00,000,748 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\Personal Security.lnk
[2009/12/31 12:48:10 | 00,001,063 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\Shortcut to Angry IPscan-3.0b4.exe.lnk
[2009/12/31 12:38:42 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/12/31 12:31:01 | 00,000,001 | -HS- | M] () -- C:\WINDOWS\System32\kubidima.dll
[2009/12/31 04:36:00 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/12/31 04:05:47 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2009/12/31 04:05:09 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\labc5h7a3t.dll
[2009/12/31 04:04:51 | 00,053,248 | ---- | M] () -- C:\uwlwfa.exe
[2009/12/31 04:04:48 | 00,022,016 | ---- | M] (XsGVOcbdIhEHRWCQQb) -- C:\waxfhosk.exe
[2009/12/30 22:48:07 | 14,922,441 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\The_Anarchist_Cookbook_by_William_Powell_(1971).pdf
[2009/12/30 14:58:46 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\Hackman Calculator.lnk
[2009/12/30 14:58:36 | 00,000,859 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\Shortcut Editor.lnk
[2009/12/29 23:59:29 | 00,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2009/12/29 23:57:56 | 02,069,784 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2009/12/29 23:43:10 | 00,002,423 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\Diskeeper 2010.lnk
[2009/12/23 00:24:22 | 00,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/18 09:56:19 | 00,015,024 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/17 08:42:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/15 16:07:22 | 00,000,732 | ---- | M] () -- C:\Documents and Settings\jrask\Desktop\VisualRoute 2009.lnk
[2009/12/10 14:09:31 | 00,001,218 | ---- | M] () -- C:\WINDOWS\win.ini
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\miyahewe.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\jobavito.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\fuwofapi.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\feyadote.dll
[2099/01/01 12:00:00 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\fafisaya.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\hibunevo.dll
[2099/01/01 12:00:00 | 00,054,272 | -HS- | C] () -- C:\WINDOWS\System32\zisopola.dll
[2099/01/01 12:00:00 | 00,054,272 | -HS- | C] () -- C:\WINDOWS\System32\vukuleyi.dll
[2099/01/01 12:00:00 | 00,054,272 | -HS- | C] () -- C:\WINDOWS\System32\liroteyu.dll
[2099/01/01 12:00:00 | 00,054,272 | -HS- | C] () -- C:\WINDOWS\System32\kuzalore.dll
[2099/01/01 12:00:00 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\kijudawi.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\runiwapa.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rohitelu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jenevufi.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\devawije.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\biyedepu.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\dikosuwe
[2099/01/01 12:00:00 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\vinomisu.dll
[2099/01/01 12:00:00 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\satukivu.dll
[2099/01/01 12:00:00 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\palodide.dll
[2010/01/04 01:30:51 | 00,248,736 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\Need help removing Worm.Win32.NetSky.pdf
[2010/01/04 01:21:33 | 01,192,914 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\A guide and tutorial on using ComboFix.pdf
[2010/01/04 01:20:16 | 00,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2010/01/04 01:17:59 | 00,394,729 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\NEED HELP REMOVING worm.win32.netsky and trojanSPM_LX virus from lapto.pdf
[2010/01/04 01:11:15 | 00,244,955 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\How to stop and undo the effects of the Alcra aka Alcan Worm.pdf
[2010/01/04 01:07:49 | 00,280,196 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib3.pdf
[2010/01/04 01:07:25 | 00,263,763 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib2.pdf
[2010/01/04 01:06:53 | 00,282,761 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib1.pdf
[2010/01/04 01:05:26 | 00,310,282 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib.pdf
[2010/01/04 01:01:49 | 00,001,936 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\cdgone.zip
[2010/01/04 01:01:32 | 03,142,859 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\everesthome151.exe
[2010/01/04 01:01:10 | 13,469,937 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\san1122a.zip
[2010/01/04 01:01:00 | 00,063,507 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\memtest33.zip
[2010/01/04 00:59:28 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\SmitfraudFix.exe
[2010/01/04 00:58:37 | 00,339,257 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\CleanUp452.exe
[2010/01/04 00:57:12 | 00,700,529 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\WinsockXPFix.zip
[2010/01/04 00:56:01 | 00,153,088 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\Word_2007_SetDefaultDocument.exe
[2010/01/04 00:54:22 | 00,458,837 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\cpu_z_140.zip
[2010/01/04 00:52:47 | 00,154,114 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\alcanshorty_en.exe
[2010/01/04 00:51:33 | 03,818,262 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\ComboFix.exe
[2010/01/04 00:50:49 | 00,024,776 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\findlop.zip
[2010/01/04 00:43:36 | 03,818,262 | ---- | C] () -- C:\Documents and Settings\jrask\My Documents\ComboFix.exe
[2010/01/04 00:43:35 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/03 21:56:48 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\vinyxmgo.job
[2010/01/03 21:01:22 | 02,404,352 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\Norton_Removal_Tool.exe
[2010/01/03 21:00:50 | 01,615,732 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\ProcessExplorer.zip
[2010/01/03 21:00:21 | 05,797,152 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\SUPERAntiSpyware.exe
[2010/01/01 22:34:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9741.exe
[2010/01/01 22:14:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8723.exe
[2010/01/01 21:54:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12859.exe
[2010/01/01 21:34:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20037.exe
[2010/01/01 21:14:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32757.exe
[2010/01/01 20:54:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32662.exe
[2010/01/01 20:34:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27644.exe
[2010/01/01 20:14:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25547.exe
[2010/01/01 19:54:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6868.exe
[2010/01/01 19:34:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28253.exe
[2010/01/01 19:14:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7711.exe
[2010/01/01 18:54:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15141.exe
[2010/01/01 18:34:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4664.exe
[2010/01/01 18:14:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17673.exe
[2010/01/01 17:54:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30333.exe
[2010/01/01 17:34:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31322.exe
[2010/01/01 17:14:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23811.exe
[2010/01/01 16:54:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28703.exe
[2010/01/01 16:34:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9894.exe
[2010/01/01 16:14:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17035.exe
[2010/01/01 15:54:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26299.exe
[2010/01/01 15:34:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25667.exe
[2010/01/01 15:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19912.exe
[2010/01/01 14:54:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1869.exe
[2010/01/01 14:34:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11538.exe
[2010/01/01 14:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14771.exe
[2010/01/01 13:54:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21726.exe
[2010/01/01 13:34:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2010/01/01 13:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2010/01/01 12:54:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2010/01/01 12:34:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2010/01/01 12:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2010/01/01 11:54:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2010/01/01 11:34:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2010/01/01 11:14:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2010/01/01 10:54:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2010/01/01 10:34:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2010/01/01 10:14:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2010/01/01 09:54:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010/01/01 09:34:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010/01/01 09:14:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010/01/01 08:54:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010/01/01 08:34:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/01 08:14:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/01/01 07:54:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/01 07:34:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/01 07:14:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/01 06:54:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/01 06:34:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/01 06:14:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/01 05:54:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/01 05:34:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/01 05:14:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/01 04:54:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/01 04:34:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/01 04:14:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/01 03:54:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/01 03:34:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/01 01:40:31 | 00,000,294 | ---- | C] () -- C:\WINDOWS\tasks\zlwtiuoe.job
[2009/12/31 15:29:47 | 00,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Aironet Desktop Utility.lnk
[2009/12/31 15:29:18 | 00,009,098 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.cat
[2009/12/31 15:29:18 | 00,008,675 | ---- | C] () -- C:\WINDOWS\System32\wsimd.cat
[2009/12/31 15:29:18 | 00,005,357 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.inf
[2009/12/31 15:29:18 | 00,002,179 | ---- | C] () -- C:\WINDOWS\System32\wsimd.inf
[2009/12/31 15:28:47 | 00,013,449 | ---- | C] () -- C:\WINDOWS\System32\net21.inf
[2009/12/31 15:28:47 | 00,008,204 | ---- | C] () -- C:\WINDOWS\System32\net21.cat
[2009/12/31 14:28:29 | 02,517,024 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/31 14:28:29 | 00,188,960 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/31 14:28:29 | 00,031,052 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/31 14:28:29 | 00,018,680 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/31 14:05:01 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2009/12/31 14:01:41 | 00,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2009/12/31 14:01:40 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2009/12/31 14:01:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/12/31 13:56:07 | 00,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
[2009/12/31 12:53:42 | 00,000,748 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\Personal Security.lnk
[2009/12/31 12:38:46 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/12/31 12:38:45 | 00,000,378 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/12/31 12:38:44 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/12/31 12:38:42 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/12/31 12:31:01 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\kubidima.dll
[2009/12/31 04:05:45 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2009/12/31 04:05:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2009/12/31 04:05:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/31 04:05:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/31 04:05:10 | 00,773,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\wvpvarfd.sys
[2009/12/31 04:05:09 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\labc5h7a3t.dll
[2009/12/31 04:04:49 | 00,053,248 | ---- | C] () -- C:\uwlwfa.exe
[2009/12/30 22:48:06 | 14,922,441 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\The_Anarchist_Cookbook_by_William_Powell_(1971).pdf
[2009/12/30 14:58:46 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\Hackman Calculator.lnk
[2009/12/30 14:58:36 | 00,000,859 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\Shortcut Editor.lnk
[2009/12/23 00:24:22 | 00,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/21 20:42:00 | 00,106,496 | ---- | C] () -- C:\WINDOWS\CBTWlanSrv.exe
[2009/12/21 20:41:39 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/21 20:41:38 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/12/21 20:41:38 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/12/19 14:08:32 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/12/15 16:07:22 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\VisualRoute 2009.lnk
[2009/12/15 10:28:05 | 00,002,423 | ---- | C] () -- C:\Documents and Settings\jrask\Desktop\Diskeeper 2010.lnk
[2009/12/08 23:30:55 | 00,002,423 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2010.lnk
[2009/12/02 22:39:38 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2009/12/02 22:39:38 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\winsusrx.dll
[2009/12/01 17:25:15 | 00,000,223 | ---- | C] () -- C:\WINDOWS\acpr.INI
[2009/11/26 23:39:14 | 00,000,123 | ---- | C] () -- C:\WINDOWS\ASYM.INI
[2009/10/18 14:41:45 | 00,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2009/10/15 07:13:16 | 00,001,654 | ---- | C] () -- C:\Documents and Settings\jrask\Application Data\SvcTraceViewer.exe.settings
[2009/10/09 08:21:00 | 00,038,492 | ---- | C] () -- C:\Documents and Settings\jrask\Application Data\Microsoft Access.ADR
[2009/10/09 08:19:21 | 00,009,387 | ---- | C] () -- C:\Documents and Settings\jrask\Application Data\Microsoft Access.EML
[2009/10/09 08:16:09 | 00,038,478 | ---- | C] () -- C:\Documents and Settings\jrask\Application Data\Microsoft Excel.ADR
[2009/10/08 22:34:28 | 00,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2009/10/07 21:27:29 | 00,002,877 | ---- | C] () -- C:\Documents and Settings\jrask\Local Settings\Application Data\SWLauncherSettings.xml
[2009/09/30 20:37:53 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/19 17:13:07 | 00,000,145 | ---- | C] () -- C:\WINDOWS\NSTPRO.INI
[2009/09/16 12:59:07 | 11,874,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/09/11 16:02:48 | 00,000,053 | ---- | C] () -- C:\Documents and Settings\jrask\Local Settings\Application Data\PathsToScan.txt
[2009/09/11 10:44:01 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\haspvb32.dll
[2009/08/30 22:33:24 | 00,000,145 | ---- | C] () -- C:\WINDOWS\StarryNight.ini
[2009/08/29 07:31:18 | 00,082,432 | ---- | C] () -- C:\WINDOWS\System32\ewdll32.dll
[2009/08/29 07:31:12 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\avi_util32.dll
[2009/08/29 07:22:39 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\helpmsg32.dll
[2009/08/29 07:22:39 | 00,000,357 | ---- | C] () -- C:\WINDOWS\dst_suns.ini
[2009/08/17 07:18:58 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\vsppg8.dll
[2009/08/17 07:18:58 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\MabryCHM.DLL
[2009/08/11 15:39:02 | 00,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/08/11 10:39:20 | 00,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2009/08/05 13:09:00 | 00,138,752 | ---- | C] () -- C:\Documents and Settings\jrask\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/27 14:08:53 | 00,002,281 | ---- | C] () -- C:\Documents and Settings\jrask\Application Data\gns3.ini
[2009/06/23 08:14:12 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\jrask\Application Data\$_hpcst$.hpc
[2009/06/19 09:34:53 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/06/18 20:51:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/06/18 20:46:27 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/06/17 20:10:23 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/05/31 22:42:08 | 00,000,058 | ---- | C] () -- C:\WINDOWS\BRPfX04A.INI
[2009/05/31 22:42:07 | 00,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/05/31 22:42:04 | 00,000,087 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/05/31 22:39:30 | 00,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/05/31 22:36:13 | 08,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/05/26 12:34:35 | 00,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2008/12/23 09:33:18 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/12/01 18:05:43 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\avipsec.sys
[2008/12/01 18:05:43 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\AvayaGina.dll
[2008/12/01 18:05:43 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\vproto2k.sys
[2008/12/01 18:05:43 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\vadapter.sys
[2008/02/18 08:47:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/02/07 15:17:48 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\sh22w32.dll
[2008/02/07 14:33:01 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\IMGFX6MU.DLL
[2008/02/07 14:32:54 | 00,000,522 | ---- | C] () -- C:\WINDOWS\msg_mgr.ini
[2008/02/07 14:32:54 | 00,000,288 | ---- | C] () -- C:\WINDOWS\attwktop.ini
[2008/02/07 14:31:58 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/02/07 14:28:23 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/07 14:28:23 | 00,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/07 14:16:49 | 00,011,418 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2008/02/07 14:16:49 | 00,001,295 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2008/02/07 14:15:09 | 02,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/07 14:14:29 | 00,000,497 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2008/02/07 14:13:31 | 00,000,030 | ---- | C] () -- C:\WINDOWS\avp32.ini
[2008/02/07 14:13:03 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2008/02/07 14:13:03 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2008/02/07 14:13:03 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2008/02/07 14:13:02 | 01,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2008/02/07 14:13:02 | 00,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2008/02/07 14:13:01 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2008/02/07 13:32:02 | 00,000,742 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/07 13:25:24 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/02/07 13:25:23 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/02/07 13:25:22 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/02/07 13:25:22 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/07 11:47:05 | 00,001,173 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/02/07 11:46:43 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/11/09 15:07:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/07/05 11:35:00 | 00,528,448 | ---- | C] () -- C:\WINDOWS\System32\AESDLL.dll
[2005/09/02 16:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/26 20:24:52 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\hackman2.dll
[2004/07/20 19:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/03/24 15:24:12 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\AvayaDES.dll
[2004/01/15 16:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/18 01:37:20 | 00,072,192 | R--- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2003/01/30 06:04:00 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/13 20:09:48 | 00,659,520 | ---- | C] () -- C:\WINDOWS\System32\vbid3lib.dll
[2001/07/16 17:07:18 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\AvayaATM.dll
[2001/04/20 19:23:28 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\PManager.dll
[2001/04/16 15:04:00 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\AvayaTMS.dll
[2000/01/12 12:44:36 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\SoftAPI-II.dll
[1999/07/30 10:24:34 | 00,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini
[1999/03/01 07:57:02 | 00,147,968 | R--- | C] () -- C:\WINDOWS\System32\DESCrypt.dll
[1998/09/07 01:03:36 | 00,012,208 | ---- | C] () -- C:\WINDOWS\System32\Cdio16.dll
[1998/09/07 00:55:42 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\cdio32.dll
[1998/04/02 13:45:36 | 00,170,496 | R--- | C] () -- C:\WINDOWS\System32\AvayaTMSCipher.dll
[1997/01/11 23:00:00 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\DTCTRACE.DLL

========== LOP Check ==========

[2009/06/19 23:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/05/26 12:29:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AStartup
[2009/08/29 10:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2008/02/07 14:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avaya Modular Messaging
[2009/10/04 18:39:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/01 23:46:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009/11/24 15:53:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boson Software
[2009/08/29 08:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/17 18:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/12/31 15:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Aironet
[2009/12/08 23:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2009/11/17 18:54:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/01/01 04:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/08/18 22:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExamForce
[2009/10/09 07:45:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/10/12 10:18:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ini2wmi
[2009/06/17 07:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/10/23 23:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/09/21 16:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NWPS
[2009/08/26 16:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\packages
[2010/01/01 04:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/12/31 13:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/11/03 20:03:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/10/02 21:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2009/11/28 04:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/10/25 15:33:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/10/22 18:21:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2009/11/03 20:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2009/09/29 20:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/06/14 19:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint Mobile Broadband (Pantech)
[2009/12/31 13:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/24 02:57:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/08/26 16:43:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/29 21:03:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{45CAA232-B425-4D7A-82CB-EBDFADB281E6}
[2009/10/15 22:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 22:16:23 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7682626C-9E82-4878-B760-80B9774C4D22}
[2009/08/24 08:38:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{843CCCFA-453B-43AF-9029-05C51151107F}
[2009/08/18 22:13:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{90EED720-3DC1-42C0-BBBF-8A420AC4A3E4}
[2009/12/20 15:01:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD27A355-17F8-42DF-8A41-FF700F330BE9}
[2009/10/06 12:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\.purple
[2009/06/20 00:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Acronis
[2009/10/28 07:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\ACST
[2009/12/18 08:33:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\ALogon
[2009/08/29 10:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Avanquest
[2007/12/17 16:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Avaya
[2009/09/29 18:50:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\CACE Technologies
[2009/10/03 22:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\DriverCure
[2009/10/19 14:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\gtk-2.0
[2009/10/09 07:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\HotSync
[2009/07/15 12:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\ICAClient
[2009/06/08 14:57:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\IronPort
[2009/12/09 11:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Juniper Networks
[2009/10/25 15:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Leadertech
[2009/12/30 22:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Multi File Downloader
[2007/12/17 16:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Network Associates
[2009/09/21 16:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\NWPS
[2009/09/30 23:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\PingTesterDataBas
[2009/12/10 14:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Registry Mechanic
[2009/06/18 21:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Samsung
[2009/11/28 04:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Screaming Bee
[2009/06/14 19:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Smith Micro
[2009/06/13 09:52:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Sprint Desktop Sync
[2009/05/26 12:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\TOSHIBA
[2009/11/25 00:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Uniblue
[2010/01/01 03:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\uTorrent
[2009/08/27 13:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\vghd
[2009/12/10 10:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\W Photo Studio
[2009/10/24 03:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\W Photo Studio Viewer
[2009/10/24 02:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Walgreens
[2009/10/06 07:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\WildPackets
[2009/06/17 07:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\WinBatch
[2009/10/02 23:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jrask\Application Data\Wireshark
[2010/01/03 01:37:00 | 00,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2010/01/02 18:00:00 | 00,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/01/02 18:00:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2009/12/31 04:36:00 | 00,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2009/12/31 14:01:41 | 00,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2010/01/02 17:00:00 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/01/04 00:39:26 | 00,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010/01/03 03:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/01/04 01:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\vinyxmgo.job
[2010/01/04 01:00:00 | 00,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\zlwtiuoe.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:גָמָלקִפּוֹד
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663565B1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
OTL Extras logfile created on: 1/4/2010 1:29:06 AM - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\jrask\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 216.62 Gb Free Space | 46.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DU0709141438
Current User Name: jrask
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "c:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "c:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 
"FirewallDisableNotify" = 
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 
"FirewallOverride" = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{06DBEADF-8AA7-46A1-A708-D0BE16EEF6DA}" = Avaya IP Softphone R6
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08A82318-E710-427F-8BEC-C937D199F76D}" = Chanalyzer Lite
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{16980C05-BF0D-4F02-B32F-D4345ACC8B3B}" = Boson NetSim for CCNP BETA 3
"{17967368-055E-4165-B700-B933C93B37BD}" = Channel Picker for Wi-Spy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FF7104F-8F60-4081-BD74-336F69BAC697}" = SolarWinds Toolset v10.3
"{203ECBC9-7CEC-412F-9931-923C2D8B4CD1}" = CACE Pilot v2.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29914633-C013-43B3-A980-15C1F70DFDB2}" = Avaya Integrated Management Administration Tools
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30614D5F-58BB-4A76-8BC9-C763A815CFC4}" = Hackman Suite
"{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"{32F099D8-78DE-49DE-8E48-F07F92E8309B}" = SetNetMeeting
"{3334C643-CCD3-4684-9125-786FF19A5740}" = Chanalyzer 3.3
"{3487BBAA-ED8C-498F-9580-8F6978257B21}" = ASG ATM app
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357C5DED-D110-4DD1-8FD2-184E3D4059AB}" = Aironet Site Survey Utility
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{39549EA6-7599-420B-9FEE-F11573451F19}" = Avaya Solution Designer 9.00.0
"{3CB4A7B0-007D-4722-AF1D-891B53E04606}" = Napster Download Manager
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{42FF3BC3-D0FF-4DC4-9829-562DB27569D9}" = EC-Council 312-50 Certified Ethical Hacker
"{449B3E6A-4E97-499D-ABB2-19CC81890634}" = VPNremote for Windows XP
"{4649E76C-B27B-49D1-A4CE-BAAC86985C60}" = Cisco CCNA Security 640-553 (IINS)
"{49B92787-6548-42B9-BEF9-901F46C67D68}" = FileExtensionFinder
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{4E193D7A-32DC-4812-AFA1-F1B09A035927}" = Sprint Mobile Broadband (Pantech)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5B34EEAF-2BD6-4323-B7C2-FB8968755ACC}" = Cisco Aironet Installation Program
"{5BA04C60-79CD-46D8-B0F1-AFC8998C10BE}" = MM Client
"{5CEB3E75-3745-4FA9-BE47-9ACCEF431THB}_is1" = X13-VSA Version 2.0
"{5D235030-8E60-42A0-9258-B7943FCD3511}" = inSSIDer
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{71015285-5F1E-4F52-BE74-10A6CA417305}" = IP Office Admin Suite
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C1BC366-81DD-4050-B2DC-88287C90E915}" = Boson NetSim for CCNP 7.0
"{8F87F082-F68F-49DA-981F-5DC86A9AEBF1}" = AirMagnet Laptop
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9183940E-4193-45AC-B148-32FE47156D94}" = ASG Site Manager
"{93F2C2FE-5036-4DA4-83C5-3F74608C4D6C}_is1" = WinFile
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{9642C552-CE1F-43A4-81D8-89EAB8EC0E7B}" = GFI LANguard 9.0
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A0EBAD5F-0CBA-44CE-8AD9-FF8059C2E6C4}" = Recon 2.0 for Wi-Spy - Beta
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A44413DC-17D5-4F0B-A128-8B590B20323C}" = Windows Messenger 5.1
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5425014-B60B-4C36-8338-0A0AB144E11F}" = Microsoft 70-291 Server 2003 Network Infrastructure
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = M-Business Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFF8B0FF-0B52-4635-AF53-58D1A7793664}" = Cisco CCNA 640-802
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4
"{C7EFFD30-CF26-46B6-8F40-EF825D06055D}" = MSXML4 SP2 Install
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2750AC7-0045-40BE-B7EA-B26DDF6D5618}" = CramMaster
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DD63D620-BEFC-4D46-AAC2-5086689D09B0}" = IronPort Plug-in for Microsoft Outlook
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E4DC4718-90DD-48CC-A2DE-1C65BDDFBB8A}" = BlueWare
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EB889931-70EC-46F3-8A42-9375575A0A33}" = Diskeeper 2010 Home
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE35B247-F872-4FFD-BCD1-1970C7E86C84}" = GPS Image Tracker
"{EF2B9282-6C9E-4BA9-AE11-4F192CAD07CA}" = SolarWinds LANsurveyor
"{F32A47C6-E1DB-45c0-A389-AEEB528496EF}" = TurboCap Software v1.3
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASCOM Platform 3.0" = ASCOM Platform 3.0
"Avaya Message Manager" = Avaya Message Manager
"Avaya Modular Messaging 4.0 Administration for Microsoft Exchange" = Avaya Modular Messaging 4.0 Administration for Microsoft Exchange v1.0
"Avaya Voice Player 2.0" = Avaya Voice Player 2.0
"Avg8LsUninstall" = AVG LinkScanner® 8.5
"Cain & Abel v4.9.32" = Cain & Abel v4.9.32
"CCNA Network Visualizer 5.0" = CCNA Network Visualizer 5.0
"CCNA Network Visualizer 5.0 Update" = CCNA Network Visualizer 5.0 Update
"CCNA Network Visualizer 6.0" = CCNA Network Visualizer 6.0
"Cisco CCNA 640-802" = Cisco CCNA 640-802
"Cisco CCNA Security 640-553 (IINS)" = Cisco CCNA Security 640-553 (IINS)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CramMaster" = CramMaster
"Distant Suns 5.2" = Distant Suns 5.2
"DVD Photo Slideshow Professional" = DVD Photo Slideshow Pro 7.97
"Earth Viewpoint_is1" = Earth Viewpoint 3.0
"EC-Council 312-50 Certified Ethical Hacker" = EC-Council 312-50 Certified Ethical Hacker
"eMailTrackerPro" = eMailTrackerPro
"ExamForce Engine Installation CM 7.7" = ExamForce Engine Installation CM 7.7
"ExpressBurn" = Express Burn
"Gadwin PrintScreen" = Gadwin PrintScreen
"GNS3" = GNS3 0.6.1
"Google Chrome" = Google Chrome
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HHD Hex Editor 4.x" = HHD Software Hex Editor Neo 4.85
"Hide Your IP Address_is1" = Hide Your IP Address
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® Software" = Indeo® Software
"InstallShield_{16980C05-BF0D-4F02-B32F-D4345ACC8B3B}" = Boson NetSim for CCNP BETA 3
"InstallShield_{1FF7104F-8F60-4081-BD74-336F69BAC697}" = SolarWinds Toolset v10.3
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"InstallShield_{8C1BC366-81DD-4050-B2DC-88287C90E915}" = Boson NetSim for CCNP 7.0
"InstallShield_{9642C552-CE1F-43A4-81D8-89EAB8EC0E7B}" = GFI LANguard 9.0
"InstallShield_{DD63D620-BEFC-4D46-AAC2-5086689D09B0}" = IronPort Plug-in for Outlook
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Interwise Participant" = Interwise Participant
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Managed Switch Port Mapping Tool 1.98" = Managed Switch Port Mapping Tool 1.98
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft 70-291 Server 2003 Network Infrastructure" = Microsoft 70-291 Server 2003 Network Infrastructure
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyConnection PC Lite Edition" = MyConnection PC Lite Edition
"MyConnection Server" = MyConnection Server
"NetScanTools Pro 10.93.1 CD" = NetScanTools Pro 10.93.1 CD
"NetScanTools Pro 2004 SP1" = NetScanTools Pro 2004 SP1
"NetScanTools Pro 2004 SP4" = NetScanTools Pro 2004 SP4
"NetTools_is1" = NetTools 5.0
"Network MagicUninstall" = Network Magic
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nmap" = Nmap 5.00
"Packet Tracer 5.1_is1" = Packet Tracer 5.1
"PANTECH PC Card" = PANTECH PC Card Software
"PingPlotter Pro" = PingPlotter Pro 3.30.0p
"PREMIUM8.5" = PREMIUM
"Process_Hacker_is1" = Process Hacker 1.3.8.0
"RDC" = RDC
"RegCure" = RegCure
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAPFrontend" = SAP Front End
"ST5UNST #1" = Truster
"Starry Night Pro 5" = Starry Night Pro 5
"SummaryRoute" = SummaryRoute (remove only)
"Sybex CCNA Simulated Questions" = Sybex CCNA Simulated Questions
"Sybex's Router Fundamentals Simulator" = Sybex's Router Fundamentals Simulator
"VISPROR" = Microsoft Office Visio Professional 2007
"Visual IP Trace" = Visual IP Trace
"VisualRoute" = VisualRoute
"vSim" = vSim
"WiFi Hopper" = WiFi Hopper
"WildPackets Network Calculator 3.2.1" = WildPackets Network Calculator 3.2.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Script" = Microsoft Windows Script 5.7
"WinPcapInst" = WinPcap 3.0
"WinSPM 5.0 to 6.0 Upgrade" = WinSPM 5.0 to 6.0 Upgrade
"Wireshark" = Wireshark 1.2.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"61240c64869513c2" = Napster Download Manager
"GoToMeeting" = GoToMeeting 4.0.0.320
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"PersonalSec" = Personal Security
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2010 11:17:44 PM | Computer Name = DU0709141438 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for GLOBAL\jrask failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/3/2010 11:18:05 PM | Computer Name = DU0709141438 | Source = Google Update | ID = 20
Description =

Error - 1/4/2010 12:43:32 AM | Computer Name = DU0709141438 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in IronKey.exe [6016]. Just-In-Time
debugging this exception failed with the following error: Server execution failed

Check
the documentation index for 'Just-in-time debugging, errors' for more information.

Error - 1/4/2010 2:38:39 AM | Computer Name = DU0709141438 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/4/2010 2:39:07 AM | Computer Name = DU0709141438 | Source = UserInit | ID = 1000
Description = Could not execute the following script astartup.vbe. The system cannot
find the file specified. .

Error - 1/4/2010 2:39:26 AM | Computer Name = DU0709141438 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/4/2010 2:39:29 AM | Computer Name = DU0709141438 | Source = UserInit | ID = 1000
Description = Could not execute the following script avayacst.EXE. The system cannot
find the file specified. .

Error - 1/4/2010 2:39:29 AM | Computer Name = DU0709141438 | Source = UserInit | ID = 1000
Description = Could not execute the following script acst.vbe. The system cannot
find the file specified. .

Error - 1/4/2010 2:39:40 AM | Computer Name = DU0709141438 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/4/2010 2:41:34 AM | Computer Name = DU0709141438 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for GLOBAL\jrask failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 1/4/2010 2:53:45 AM | Computer Name = DU0709141438 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 1/4/2010 2:54:06 AM | Computer Name = DU0709141438 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 2:59:08 AM | Computer Name = DU0709141438 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 3:04:10 AM | Computer Name = DU0709141438 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 3:09:12 AM | Computer Name = DU0709141438 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 3:14:13 AM | Computer Name = DU0709141438 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 3:19:15 AM | Computer Name = DU0709141438 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 3:23:46 AM | Computer Name = DU0709141438 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 1/4/2010 3:24:17 AM | Computer Name = DU0709141438 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/4/2010 3:29:19 AM | Computer Name = DU0709141438 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >
ComboFix 10-01-03.05 - jrask 01/04/2010 9:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2571 [GMT -6:00]
Running from: c:\documents and settings\jrask\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Avanquest NetDefense Firewall *enabled* {E9CD9D09-CF58-4ec3-9B3F-E6B12C3E4171}
FW: McAfee Host Intrusion Prevention Firewall *disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
.
The following files were disabled during the run:
c:\windows\system32\kbdsock.dll
c:\windows\system32\kuzalore.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\PersonalSec
c:\program files\PersonalSec\psecurity.exe
c:\recycler\S-1-5-21-3418310255-2358092571-2825425235-500
C:\uwlwfa.exe
C:\waxfhosk.exe
c:\windows\avaya2.inf
c:\windows\EventSystem.log
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\12859.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17673.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\20037.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\23811.exe
c:\windows\system32\24464.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\27644.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\30333.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4664.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6868.exe
c:\windows\system32\7711.exe
c:\windows\system32\8723.exe
c:\windows\system32\9741.exe
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\AVR10.exe
c:\windows\system32\drivers\wvpvarfd.sys
c:\windows\system32\flags.ini
c:\windows\system32\kubidima.dll
c:\windows\system32\labc5h7a3t.dll
c:\windows\system32\mshlps.dll
c:\windows\system32\palodide.dll
c:\windows\system32\satukivu.dll
c:\windows\system32\uses32.dat
c:\windows\system32\vinomisu.dll
c:\windows\system32\windows
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
c:\windows\system32\winupdate86.exe
c:\windows\system32\xxop81.dll
c:\windows\system32\zisopola.dll
c:\windows\Tasks\vinyxmgo.job
c:\windows\Tasks\zlwtiuoe.job
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://WUSWESTSMS2.GLOBAL.AVAYA.COM:90
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_wvpvarfd
-------\Service_wvpvarfd


((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 14:28 . 2010-01-04 14:28 -------- d-----w- c:\documents and settings\jrask\Application Data\Malwarebytes
2010-01-04 14:28 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 14:28 . 2010-01-04 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-04 14:28 . 2010-01-04 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 14:28 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 06:43 . 2010-01-04 06:43 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-04 06:43 . 2010-01-04 06:43 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-04 03:43 . 2010-01-04 03:43 -------- d-----w- C:\VundoFix Backups
2010-01-02 07:22 . 2010-01-02 07:14 21504 ----a-w- C:\SysRestorePoint.exe
2009-12-31 21:28 . 2006-12-13 01:06 516608 ----a-w- c:\windows\system32\drivers\csco21.sys
2009-12-31 21:28 . 2006-12-13 01:06 516608 ----a-w- c:\windows\system32\csco21.sys
2009-12-31 20:30 . 2009-12-31 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Aironet
2009-12-31 20:28 . 2010-01-04 15:27 208160 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-31 20:28 . 2010-01-04 15:26 2783264 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-31 20:01 . 2009-12-31 20:01 -------- d-----w- c:\program files\Common Files\XoftSpySE
2009-12-31 20:01 . 2009-12-31 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-12-31 20:01 . 2009-12-31 20:01 -------- d-----w- c:\program files\XoftSpySE6
2009-12-31 18:53 . 2009-12-31 18:53 -------- d-----w- c:\program files\Common Files\PersonalSecUninstall
2009-12-31 18:38 . 2009-12-31 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-31 18:38 . 2009-12-31 19:20 -------- d-----w- c:\program files\RegCure
2009-12-31 10:05 . 2009-12-31 10:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-12-28 23:27 . 2009-12-28 23:27 -------- d-----w- c:\windows\{hopper}
2009-12-28 23:27 . 2008-02-17 12:55 21888 ----a-w- c:\windows\system32\drivers\hopperp.sys
2009-12-28 23:27 . 2009-12-28 23:27 -------- d-----w- c:\program files\WiFi Hopper
2009-12-22 02:42 . 2007-10-18 20:14 106496 ----a-w- c:\windows\CBTWlanSrv.exe
2009-12-22 02:30 . 2009-12-22 02:30 -------- d-----w- C:\Linksys Driver
2009-12-20 21:01 . 2009-12-20 21:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD27A355-17F8-42DF-8A41-FF700F330BE9}
2009-12-19 20:08 . 2000-06-23 20:05 136704 ----a-w- c:\windows\system32\iacenc.dll
2009-12-19 20:08 . 2000-06-22 19:09 56320 ----a-w- c:\windows\system32\iyvu9_32.dll
2009-12-19 20:08 . 2009-12-19 20:08 -------- d-----w- c:\program files\Ligos
2009-12-14 18:01 . 2009-12-14 18:01 -------- d--h--w- c:\windows\PIF
2009-12-10 20:19 . 2009-12-10 20:19 -------- d-----w- c:\documents and settings\jrask\Application Data\Registry Mechanic
2009-12-09 17:46 . 2009-08-12 22:20 398632 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2009-12-09 05:30 . 2009-10-21 07:04 45232 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2009-12-09 05:30 . 2009-12-09 05:30 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-12-09 05:30 . 2009-12-09 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-12-09 05:30 . 2009-12-09 05:30 -------- d-----w- c:\program files\Windows Home Server
2009-12-09 05:30 . 2009-12-09 05:30 -------- d-----w- c:\program files\Diskeeper Corporation
2009-12-05 22:25 . 2009-12-05 22:25 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 15:24 . 2009-12-31 20:28 35708 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-04 15:24 . 2009-12-31 20:28 21584 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-04 06:43 . 2010-01-04 06:43 664 ----a-w- c:\windows\system32\d3d9caps.tmp
2010-01-02 05:46 . 2009-11-24 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2010-01-01 23:57 . 2008-02-07 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 10:58 . 2009-06-04 03:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-01 10:55 . 2009-08-29 14:43 -------- d-----w- c:\program files\Common Files\AntiVirus
2010-01-01 10:31 . 2009-10-03 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-01 10:31 . 2009-10-03 03:44 -------- d-----w- c:\program files\ParetoLogic
2010-01-01 10:31 . 2009-10-03 03:44 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-01 10:13 . 2009-10-03 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-01 10:08 . 2009-10-24 06:27 -------- d-----w- c:\program files\Common Files\Anvsoft
2010-01-01 10:01 . 2009-08-10 15:53 -------- d-----w- c:\program files\DNA
2010-01-01 09:59 . 2009-11-26 04:42 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-01 09:58 . 2009-11-26 04:42 -------- d-----w- c:\program files\AVS4YOU
2010-01-01 09:29 . 2009-08-11 02:03 -------- d-----w- c:\documents and settings\jrask\Application Data\uTorrent
2009-12-31 21:37 . 2009-08-27 17:12 -------- d-----w- c:\documents and settings\jrask\Application Data\Skype
2009-12-31 21:29 . 2009-12-31 21:29 -------- d-----w- c:\program files\Cisco Aironet
2009-12-31 19:46 . 2009-10-23 00:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-31 14:43 . 2009-08-28 17:01 -------- d-----w- c:\documents and settings\jrask\Application Data\skypePM
2009-12-31 04:00 . 2009-11-24 18:57 -------- d-----w- c:\documents and settings\jrask\Application Data\Multi File Downloader
2009-12-30 05:57 . 2009-06-20 06:08 2069784 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-12-23 06:23 . 2009-05-29 22:35 -------- d-----w- c:\program files\Google
2009-12-22 06:53 . 2008-12-02 00:05 -------- d-----w- c:\program files\VPNremote for Windows XP
2009-12-22 02:41 . 2009-12-22 02:41 -------- d-----w- c:\program files\Linksys
2009-12-18 14:33 . 2009-05-26 18:29 -------- d-----w- c:\documents and settings\jrask\Application Data\ALogon
2009-12-14 18:54 . 2009-09-16 19:12 2131 -c--a-w- c:\documents and settings\All Users\Application Data\xml1361.tmp
2009-12-14 18:54 . 2009-09-16 19:12 13573 -c--a-w- c:\documents and settings\All Users\Application Data\xml1360.tmp
2009-12-14 18:54 . 2009-09-16 19:12 7420 -c--a-w- c:\documents and settings\All Users\Application Data\xml135F.tmp
2009-12-14 16:21 . 2008-02-07 20:13 -------- d-----w- c:\program files\Avaya
2009-12-10 21:59 . 2009-06-13 15:52 -------- d-----w- c:\program files\Samsung
2009-12-10 20:14 . 2009-06-12 01:50 -------- d-----w- c:\program files\Softick
2009-12-10 20:13 . 2009-10-06 01:23 -------- d-----w- c:\program files\NeoTracePro
2009-12-10 20:11 . 2009-09-30 02:22 -------- d-----w- c:\program files\Luxand
2009-12-10 16:43 . 2009-10-24 09:05 -------- d-----w- c:\documents and settings\jrask\Application Data\W Photo Studio
2009-12-09 17:46 . 2009-06-17 19:08 -------- d-----w- c:\documents and settings\jrask\Application Data\Juniper Networks
2009-12-09 17:45 . 2009-06-17 13:18 -------- d-----w- c:\program files\Juniper Networks
2009-12-03 05:00 . 2009-10-19 04:34 -------- d-----w- c:\program files\AirMagnet Inc
2009-12-01 20:01 . 2009-11-25 00:20 -------- d-----w- c:\program files\RouterSim
2009-12-01 18:49 . 2009-12-01 18:49 -------- d-----w- c:\program files\GFI
2009-12-01 16:31 . 2008-02-07 19:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-30 21:33 . 2009-11-28 10:54 -------- d-----w- c:\program files\Net Tools
2009-11-28 10:55 . 2009-06-11 03:20 -------- d-----w- c:\program files\WinPcap
2009-11-28 10:53 . 2009-11-28 10:53 -------- d-----w- c:\program files\[bleep] NFO Viewer
2009-11-28 10:43 . 2009-06-13 17:08 -------- d-----w- c:\program files\Solarwinds
2009-11-28 10:37 . 2009-11-28 10:37 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-11-28 10:36 . 2009-11-28 10:36 -------- d-----w- c:\documents and settings\jrask\Application Data\Screaming Bee
2009-11-28 10:33 . 2009-11-28 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee
2009-11-28 10:32 . 2009-11-28 10:32 -------- d-----w- c:\program files\Common Files\Screaming Bee
2009-11-25 06:28 . 2009-11-25 06:28 -------- d-----w- c:\documents and settings\jrask\Application Data\Uniblue
2009-11-25 00:16 . 2009-11-24 18:57 -------- d-----w- c:\program files\Multi File Downloader
2009-11-24 21:53 . 2009-11-24 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Boson Software
2009-11-24 21:53 . 2009-11-24 21:52 -------- d-----w- c:\program files\Boson Software
2009-11-24 02:08 . 2008-02-07 19:33 -------- d-----w- c:\program files\Java
2009-11-21 00:17 . 2009-11-21 00:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\skypePM
2009-11-18 00:54 . 2009-11-18 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-11-18 00:53 . 2009-11-18 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2009-11-17 16:30 . 2008-02-07 19:31 -------- d-----w- c:\program files\Microsoft.NET
2009-11-03 13:12 . 2009-05-30 04:23 53464 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:46 . 2008-02-07 17:46 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2008-02-07 17:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2008-02-07 17:46 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-16 13:52 . 2009-10-16 13:52 30601 -c--a-w- c:\windows\java\x.exe
2009-10-13 10:53 . 2008-02-07 17:46 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2008-02-07 17:46 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2008-02-07 17:46 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 10:17 . 2009-05-29 22:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-04 13:49 . 2009-10-06 01:49 44 -c-h--w- c:\program files\15f0e19d.tmp
1999-04-23 22:22 . 1999-04-23 22:22 12 -csha-w- c:\windows\system\WININETICMP32.drv
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\biyedepu.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\devawije.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\fafisaya.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\feyadote.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\fuwofapi.dll
1601-01-01 00:03 . 1601-01-01 00:03 24576 --sha-w- c:\windows\system32\hujufutu.exe
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\jenevufi.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\jobavito.dll
1601-01-01 00:03 . 1601-01-01 00:03 45568 --sha-w- c:\windows\system32\kijudawi.dll
1601-01-01 00:03 . 1601-01-01 00:03 54272 --sha-w- c:\windows\system32\liroteyu.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\miyahewe.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\rohitelu.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\runiwapa.dll
1601-01-01 00:03 . 1601-01-01 00:03 54272 --sha-w- c:\windows\system32\vukuleyi.dll
2007-06-13 10:23 . 2008-02-07 17:46 405504 --sha-r- c:\windows\system32\wxcage.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1395fd05-fa64-4cb7-9236-58b0641aa7ce}]
1601-01-01 00:03 54272 --sha-w- c:\windows\system32\vukuleyi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:02 1234176 ----a-w- c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-08 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2008-12-01 972096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-10-23 4854040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NA-West and CALA Login.url [2009-6-17 146]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1343024091-1801674531-71786\Scripts\Logon\0\0]
"Script"=avayacst.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1343024091-1801674531-71786\Scripts\Logon\0\1]
"Script"=acst.vbe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
backupExtension=Common Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCure
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Virus PLUS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-09-29 16:18 1950488 ----a-w- c:\progra~1\AVG\AVGLS\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 13:58 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConfigMM]
2004-07-27 18:21 4449 ------w- c:\program files\Avaya Modular Messaging\Client\configMM.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\demazuyat]
1601-01-01 00:03 93184 --sha-w- c:\windows\system32\jobavito.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableWirelessPowerOff]
2008-02-27 22:10 3927 ------w- c:\_additional applications\ITSupport\WirelessNICPowerControl\NICpwrmod.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-08 14:06 133104 ----atw- c:\documents and settings\jrask\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-19 16:08 159744 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-19 16:08 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-28 00:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-28 00:50 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-26 04:31 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-18 04:01 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
"c:\\WINDOWS\\explorer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 avipsec;Avaya IPSEC Driver;c:\windows\system32\drivers\avipsec.sys [12/1/2008 6:05 PM 85504]
R1 AvgLdx86;AVG LinkScanner® AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/29/2009 10:18 AM 253576]
R1 AvgTdiX;AVG LinkScanner® Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/29/2009 10:18 AM 108296]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [8/29/2009 10:31 AM 202928]
R1 VProtocol;AVAYA VPNet VProtocol;c:\windows\system32\drivers\vproto2k.sys [12/1/2008 6:05 PM 14336]
R2 AvService;Avaya VPN Service;c:\program files\VPNremote for Windows XP\AvVpnService.exe [12/1/2008 6:05 PM 53248]
R2 HopperP;WiFi Hopper (XP);c:\windows\system32\drivers\hopperp.sys [12/28/2009 5:27 PM 21888]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/28/2009 3:32 PM 67904]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [12/8/2009 11:30 PM 45232]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [5/28/2009 3:32 PM 42056]
R3 ndisva;Avaya VPNet Virtual Adapter Driver;c:\windows\system32\drivers\vadapter.sys [12/1/2008 6:05 PM 12288]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [9/27/2006 12:21 AM 21920]
S2 afbcbeafebfdabb;80a7cbfb4395d2750b319b43d70a26ee; [x]
S2 gupdate1c9e83e5d043806;Google Update Service (gupdate1c9e83e5d043806);c:\program files\Google\Update\GoogleUpdate.exe [6/8/2009 7:38 AM 133104]
S3 AmDriver;AmDriver;c:\windows\system32\AmDriver.sys [10/18/2009 10:34 PM 8192]
S3 Amtrans;AirMagnet Analyzer Protocol;c:\windows\system32\drivers\Amtrans.sys [10/18/2009 10:34 PM 61465]
S3 avg8wd;AVG LinkScanner® WatchDog;c:\progra~1\AVG\AVGLS\avgwdsvc.exe [9/29/2009 10:18 AM 298776]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [12/21/2009 8:41 PM 27072]
S3 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [12/21/2009 8:42 PM 106496]
S3 CSCO21;Cisco Aironet 802.11a/b/g Wireless Adapter Service;c:\windows\system32\drivers\csco21.sys [12/31/2009 3:28 PM 516608]
S3 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [12/1/2008 2:18 PM 1467712]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [5/28/2009 3:32 PM 42056]
S3 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 10:32 PM 189736]
S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [5/28/2009 3:33 PM 108280]
S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [5/28/2009 3:33 PM 37400]
S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [5/28/2009 3:33 PM 34432]
S3 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [5/28/2009 3:32 PM 34408]
S3 ivusb;Initio Driver for 1530 USB Default Controller;c:\windows\system32\DRIVERS\ivusb_x86.sys --> c:\windows\system32\DRIVERS\ivusb_x86.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 9:35 AM 50704]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [10/19/2000 1:55 PM 411244]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\progra~1\EEYEDI~1\RETINA~1\Scanner\RET55.SYS --> c:\progra~1\EEYEDI~1\RETINA~1\Scanner\RET55.SYS [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [9/16/2009 12:59 PM 99176]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\Solarwinds\Toolset\SolarWinds TFTP Server.exe [8/17/2009 8:10 AM 53760]
S3 TFilter;TFilter;\??\c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [?]
S3 WPC300N;Linksys Wireless Notebook Adapter WPC300N Driver;c:\windows\system32\drivers\WPC300N.SYS [12/21/2009 8:41 PM 822400]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [10/23/2009 3:58 PM 582424]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32F099D8-78DE-49DE-8E48-F07F92E8309B}]
2005-05-03 20:58 78848 ----a-w- c:\windows\system32\msiexec.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 13:37]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 13:37]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1343024091-1801674531-71786Core.job
- c:\documents and settings\jrask\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-08 14:06]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1343024091-1801674531-71786UA.job
- c:\documents and settings\jrask\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-08 14:06]

2010-01-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-04 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-03 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-03 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-10-23 21:58]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://enterpriseportal.avaya.com/
uInternet Settings,ProxyServer = co.proxy.avaya.com:8000
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: authoria.net\avayaitm
Trusted Zone: avaya.com\itms
Trusted Zone: avaya.com\mytools
Trusted Zone: avaya.com\sj.usae
TCP: {33801674-F0DA-4964-BA9F-41E006257D43} = 193.104.110.38,4.2.2.1
TCP: {B45AAE2F-2EE2-4E1A-B847-42360F0EDBB7} = 193.104.110.38,4.2.2.1
TCP: {F25D09B7-8785-49FB-81DC-0FFCA7D9EEB5} = 193.104.110.38,4.2.2.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: Concur Expense Applets - hxxps://nxmsp07.eng.avaya.com/expense/Applets/cnqr2k4_ie.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: XMS - hxxps://nxmsp05.eng.avaya.com/expense/Applets/xms_ie.cab
DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} - hxxp://vilt.learning.accenture.com/avayau/application/EventEntry/AxWebInstaller.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ara-na2.avaya.com/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\jrask\Application Data\Mozilla\Firefox\Profiles\9oso9ua4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://radar.weather.gov/radar.php?product=N0R&rid=MPX&loop=yes
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\Shim.dll
FF - plugin: c:\documents and settings\jrask\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-PersonalSec - c:\program files\PersonalSec\psecurity.exe
HKLM-Run-jobihojogo - zisopola.dll
SharedTaskScheduler-{482a773f-019f-4e5f-a693-a253a263b721} - (no file)
SharedTaskScheduler-{4d6a69ce-c6c6-49dd-93b0-bdacd5ea2da8} - (no file)
SSODL-solakavew-{482a773f-019f-4e5f-a693-a253a263b721} - (no file)
SSODL-sagufidob-{4d6a69ce-c6c6-49dd-93b0-bdacd5ea2da8} - (no file)
Notify-xxop81 - xxop81.dll
MSConfigStartUp-UniblueRegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-PersonalSec - c:\program files\PersonalSec\psecurity.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 09:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\"c:\program files\SolarWinds\Toolset\SolarWinds TFTP Server.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Solarwinds: Job Broker]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Solarwinds: Job Engine]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Solarwinds: Job Scheduler]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32]
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="iyvu9_32.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="c:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"msacm.PLCMg722"="PLCMg722.acm"
"msacm.PLCMg728"="PLCMg728.acm"
"msacm.PLCMg729A"="PLCMg729A.acm"
"PLCMsiren.acm"="Polycom Siren"
"msacm.PLCMsiren"="PLCMsiren.acm"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"aux1"="wdmaud.drv"
"wave3"="wdmaud.drv"
"midi3"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"aux2"="wdmaud.drv"
"wave4"="wdmaud.drv"
"midi4"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"aux3"="wdmaud.drv"
"MSVideo8"="VfWWDM32.dll"
"wave5"="wdmaud.drv"
"mixer5"="wdmaud.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1532)
c:\windows\system32\cscogina.dll

- - - - - - - > 'explorer.exe'(3628)
c:\windows\system32\WININET.dll
c:\windows\system32\vukuleyi.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\system32\QosServM.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2010-01-04 09:36:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-04 15:36

Pre-Run: 232,295,030,784 bytes free
Post-Run: 232,273,567,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4178390FE3BCDB7B2E46D95E85E7CCD5
Thanks,
Jamie1030
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP