Trojan:DOS/Alureon.E

View previous topic View next topic Go down

Trojan:DOS/Alureon.E

Post by kaseyl on Sun Dec 11, 2011 8:42 am

need help getting rid of Trojan:DOS/Alureon.E ??

kaseyl
Novice
Novice

Posts Posts : 18
Joined Joined : 2011-12-11
OS OS : vista
Points Points : 18466
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:DOS/Alureon.E

Post by Belahzur on Mon Dec 12, 2011 12:29 am

Hello.
Please read this topic: [You must be registered and logged in to see this link.]

Read through the instructions and post the required logs in your next post. You may need to use 2-3 posts to post them all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

OTL results

Post by kaseyl on Mon Dec 12, 2011 6:22 pm


I downloaded Microsoft Security Essential came back with a threat called Trojan:DOS/Alureon.E. It was unable to remove. After a little research about the virus, it sounds like this is a nasty virus. Its has been 3 days since I realized I had the virus. It is only been annoying so far, Microsoft Securty warnings all the time and it turns off my sound device at startup.
I have followed you intruction above and have ran OTL. The results follow:

OTL logfile created on: 12/12/2011 9:46:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kasey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.38% Memory free
4.12 Gb Paging File | 2.75 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 40.04 Gb Free Space | 28.43% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 0.42 Gb Free Space | 5.91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.05 Gb Total Space | 0.72 Gb Free Space | 68.76% Space Free | Partition Type: NTFS

Computer Name: KASEY-PC | User Name: kasey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 09:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kasey\Downloads\OTL.com
PRC - [2011/12/12 09:38:22 | 000,526,512 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
PRC - [2011/12/11 19:04:42 | 000,163,840 | ---- | M] (iBryte) -- C:\Program Files\iBryte\playbryte\iBryteDesktop.exe
PRC - [2011/11/19 23:24:06 | 000,307,376 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/01 00:00:11 | 000,243,360 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 10:47:12 | 000,079,192 | -H-- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/07 12:12:22 | 000,505,576 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/12/14 06:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/08 17:35:18 | 000,068,865 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/12/08 17:35:17 | 000,151,297 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/05/17 14:45:34 | 000,271,720 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/03/28 16:45:34 | 000,270,431 | -H-- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/12 17:30:14 | 000,517,768 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/09/07 11:05:16 | 000,053,248 | -H-- | M] (GE Security Supra) -- c:\Program Files\GE Security Supra\SyncService.exe
PRC - [2006/09/07 11:05:16 | 000,011,776 | -H-- | M] (GE Security Supra) -- C:\Program Files\GE Security Supra\ProxyDaemon.exe
PRC - [2005/11/16 11:34:28 | 000,073,216 | ---- | M] () -- C:\SSL\stunnel-4.10.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/11 19:04:43 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\browsermediator\1.0.0.0__51b6fa9a48c79a9e\browsermediator.dll
MOD - [2011/10/12 02:04:32 | 003,391,488 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f8bceb5b\mscorlib.dll
MOD - [2011/10/12 02:04:26 | 000,835,584 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_93d997e0\system.drawing.dll
MOD - [2011/10/12 02:04:15 | 002,088,960 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f48c12a4\system.xml.dll
MOD - [2011/10/12 02:04:02 | 003,018,752 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a3b1bffb\system.windows.forms.dll
MOD - [2011/10/12 02:03:46 | 001,966,080 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_27160a52\system.dll
MOD - [2011/10/12 02:03:37 | 001,232,896 | -H-- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2008/02/06 09:36:15 | 001,339,392 | -H-- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/02/06 09:36:12 | 000,466,944 | -H-- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/02/06 09:36:11 | 002,052,096 | -H-- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | -H-- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/28 04:40:36 | 000,254,824 | -H-- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2010/05/28 03:46:46 | 000,138,600 | -H-- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2010/05/28 01:50:44 | 000,701,288 | -H-- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/12/08 17:35:18 | 000,068,865 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/12/08 17:35:17 | 000,151,297 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/17 14:45:34 | 000,271,720 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/28 16:45:38 | 000,118,877 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 16:45:34 | 000,270,431 | -H-- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/03/12 17:30:14 | 000,517,768 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/09 13:55:34 | 000,110,592 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/09/07 11:05:16 | 000,053,248 | -H-- | M] (GE Security Supra) [Auto | Running] -- c:\Program Files\GE Security Supra\SyncService.exe -- (DkeySync)
SRV - [2006/06/05 12:59:18 | 000,174,080 | -H-- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/12/12 09:03:48 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EBD2E67-C3EC-443C-8A32-76ECB02512B0}\MpKsl037e84c2.sys -- (MpKsl037e84c2)
DRV - [2011/12/11 10:51:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EBD2E67-C3EC-443C-8A32-76ECB02512B0}\MpKsld5d38117.sys -- (MpKsld5d38117)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/09 16:16:42 | 003,482,240 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/27 08:42:35 | 000,075,096 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 08:42:29 | 000,052,056 | -H-- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 08:42:25 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/03/03 12:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/04/10 14:46:44 | 002,385,896 | -H-- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2007/03/01 09:34:36 | 000,028,352 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/28 10:26:00 | 004,465,184 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 08:24:48 | 000,159,232 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 00:50:32 | 000,012,032 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/22 13:28:56 | 000,100,648 | -H-- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 09:24:58 | 000,008,192 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 09:16:24 | 000,032,256 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 04:42:46 | 000,043,520 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 02:35:20 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/01 23:30:56 | 000,429,056 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/09/07 11:00:18 | 000,089,808 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2006/09/07 11:00:18 | 000,055,312 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) DisplayKEY USB Cradle driver (WDM)
DRV - [2006/08/05 01:39:10 | 000,008,192 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 08:54:00 | 000,009,472 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/05/29 07:26:38 | 000,127,488 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 07:26:36 | 000,013,312 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 07:26:36 | 000,013,312 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 07:26:36 | 000,008,704 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kasey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kasey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/01 12:03:46 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/10 15:06:45 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/01 12:03:46 | 000,000,000 | -H-D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [iBryte browseforchange Desktop] C:\Program Files\iBryte\browseforchange\iBryteDesktop.exe (iBryte)
O4 - HKLM..\Run: [iBryte playbryte Desktop] C:\Program Files\iBryte\playbryte\iBryteDesktop.exe (iBryte)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: lvarmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([signup] * in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: rapmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rapmls.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: vvmls.com ([]http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC68} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6DE617B8-49C0-40F8-8118-D2C3741F1C28} [You must be registered and logged in to see this link.] (SetTrustedSitesControl.clsReg)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} [You must be registered and logged in to see this link.] (MSN File Upload Control)
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} [You must be registered and logged in to see this link.] (LogData Class)
O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} [You must be registered and logged in to see this link.] (SAXFile FileDownload ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} [You must be registered and logged in to see this link.] (RIM AxLoader)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} [You must be registered and logged in to see this link.] (iPIX Media Send Class)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED664FC2-100D-4F04-824A-8ADD0B773EA5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 00:15:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{40d5eb57-c2e1-11de-8853-001b2485a4be}\Shell - "" = AutoRun
O33 - MountPoints2\{40d5eb57-c2e1-11de-8853-001b2485a4be}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{45946bf3-1700-11df-bb5a-001b2485a4be}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{45946bf3-1700-11df-bb5a-001b2485a4be}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{8f87c093-0848-11e0-8b6c-001b2485a4be}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{a1a3f6ce-13cf-11de-b39a-001b2485a4be}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{a1a3f6ce-13cf-11de-b39a-001b2485a4be}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FtpServer.exe - hkey= - key= - C:\Program Files\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: printutil - hkey= - key= - C:\Users\kasey\AppData\Local\Temp\7zS2ABD\HPPDU.exe (Hewlett-Packard)
MsConfig - StartUpReg: QlbCtrl - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: SharpTray - hkey= - key= - C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: WAWifiMessage - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

SafeBootMin: 17427488.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 17427488.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\gtk-2.0
[2011/12/11 19:09:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\.thumbnails
[2011/12/11 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\kasey\Documents\gegl-0.0
[2011/12/11 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\kasey\.gimp-2.6
[2011/12/11 19:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/12/11 19:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011/12/11 19:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\iBryte
[2011/12/11 19:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/12/11 19:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\Babylon
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\Babylon
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/12/10 22:48:17 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{F3D71014-AD41-4A72-990E-46518924900E}
[2011/12/10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{45914E97-EDB7-4DAF-976E-3917633B6D7D}
[2011/12/10 21:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/06 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{3DB9BEF1-62A8-477E-B04D-C3C2B610B2BC}
[2011/12/06 09:19:28 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{45A418A2-AA63-43C1-B2E7-59B07C1F482B}
[2011/12/05 21:08:02 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{515B2883-965E-4CFB-97CB-7E6B6FCED651}
[2011/12/05 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{FA07FFFB-91DD-4635-B1EF-491DA5E45CDF}
[2011/12/05 19:55:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{24FD69FA-DD8C-48C9-A36F-5F49D5C271C6}
[2011/12/05 08:58:20 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{49974990-EA67-4E6B-9A19-9FE493F17966}
[2011/12/04 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{5FC1AFEC-517C-4969-9148-80A09E981A2E}
[2011/12/04 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{A455D848-C819-44E6-AB85-177310F3EFB2}
[2011/12/04 00:07:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/03 23:31:23 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{651DC1E4-8893-4082-BED4-24E69F0AE480}
[2011/12/03 23:30:35 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{DA636B99-BAC9-4DA2-822E-2D5BD7669320}
[2011/12/03 09:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/12/03 09:09:46 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{97CFEBAF-F340-41E3-9E41-D1ABD7A5B328}
[2011/12/02 20:39:48 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{B7042A04-7646-46E6-AF4A-A038CF02D554}
[2011/12/02 20:38:33 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{793EDBE4-25F5-415B-B161-A241B0600918}
[2011/12/02 18:28:16 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{83195D49-8EB0-4287-8FAB-88714233F481}
[2011/12/02 00:10:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{D57C4719-559D-4EFB-866B-CAB86D2A7DF7}
[2011/12/02 00:10:06 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{7AEB90F8-12FA-439D-BF79-B2D439BECD73}
[2011/12/01 21:35:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Loaris
[2011/12/01 20:19:48 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{21ACE7D0-3F00-4AE2-9DF3-9BEB6F2A1A2B}
[2011/12/01 20:19:32 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{69028728-FB17-42DC-8A52-03BAFF691081}
[2011/11/30 12:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/30 12:42:51 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{E1F7ED87-B026-48AB-8382-A21E26E76E0B}
[2011/11/30 12:42:19 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{3E26C50C-8DE7-476C-ACC2-855146BCE08D}
[2011/11/26 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{FF124BB4-FB9C-47AF-887C-004E4D89B931}
[2011/11/26 11:45:01 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{E684E478-B041-401D-95EA-1B3D1BBF0008}
[2011/11/26 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{8842906D-112E-4E07-B1FD-E133A3FDCBE4}
[2011/11/26 10:04:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{72AA5D6E-FA88-49DD-965C-2F60182CA88D}
[2011/11/26 09:55:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{8BE31A0A-02C0-4AD8-AFF7-7509EAE56805}
[2011/11/25 21:45:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{0079004E-2680-4406-BDE6-5662C5A19336}
[2011/11/25 21:45:49 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{66771215-89E9-4107-BFF6-1B22C6DBED5E}
[2011/11/25 21:40:08 | 000,000,000 | ---D | C] -- C:\Users\kasey\Desktop\sexy
[2011/11/25 21:34:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
[2011/11/25 21:34:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Hamster Soft
[2011/11/25 21:12:28 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{5AAE684E-3211-4BED-9621-30E2E372737F}
[2011/11/25 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{2C378169-25BB-4041-ABAC-BB21FC995CF0}
[2011/11/25 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\Mozilla
[2011/11/13 14:30:24 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{C792D6CE-989E-440D-9797-329FDC19F548}
[2011/11/13 14:30:13 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{B5E8EFDB-79DF-4976-9896-D601A849B352}
[2007/07/04 20:28:52 | 000,176,128 | -H-- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


kaseyl
Novice
Novice

Posts Posts : 18
Joined Joined : 2011-12-11
OS OS : vista
Points Points : 18466
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:DOS/Alureon.E

Post by kaseyl on Mon Dec 12, 2011 6:22 pm

========== Files - Modified Within 30 Days ==========

[2011/12/12 09:52:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3169625114-2507931809-1573453260-1000UA.job
[2011/12/12 09:45:42 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkasey.job
[2011/12/12 09:03:52 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/12 09:03:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 09:03:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 09:03:35 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3169625114-2507931809-1573453260-1000Core.job
[2011/12/12 09:03:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/12 09:03:26 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/12 09:01:00 | 000,000,886 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/11 19:14:26 | 000,001,469 | ---- | M] () -- C:\Users\kasey\.recently-used.xbel
[2011/12/11 19:06:25 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/12/11 19:04:18 | 000,000,093 | ---- | M] () -- C:\Users\kasey\AppData\Local\fusioncache.dat
[2011/12/11 19:03:12 | 000,001,492 | ---- | M] () -- C:\user.js
[2011/12/11 18:00:00 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/12/10 21:55:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/10 10:52:23 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/12/09 13:57:56 | 000,285,966 | ---- | M] () -- C:\Users\kasey\Documents\madero.jpg
[2011/12/09 13:54:45 | 000,085,041 | ---- | M] () -- C:\Users\kasey\Documents\Invoice.pdf
[2011/12/05 23:26:17 | 186,517,628 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/05 23:23:41 | 000,015,047 | ---- | M] () -- C:\Users\kasey\Documents\uncleK.wlmp
[2011/12/05 21:23:28 | 000,051,200 | ---- | M] () -- C:\Users\kasey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/04 19:48:17 | 000,014,518 | ---- | M] () -- C:\Users\kasey\Documents\sexy&know.wlmp
[2011/12/04 07:04:47 | 000,013,025 | ---- | M] () -- C:\Users\kasey\AppData\Roaming\nvModes.001
[2011/12/04 01:43:08 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/03 23:11:26 | 000,000,062 | ---- | M] () -- C:\ProgramData\vDV0EhpayTpOuI.lic
[2011/12/02 19:51:37 | 000,008,160 | ---- | M] () -- C:\Users\kasey\AppData\Local\d3d9caps.dat
[2011/12/02 01:05:35 | 000,196,608 | -H-- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/30 13:09:40 | 000,000,448 | ---- | M] () -- C:\ProgramData\vDV0EhpayTpOuI
[2011/11/30 13:09:25 | 000,000,312 | ---- | M] () -- C:\ProgramData\~vDV0EhpayTpOuI
[2011/11/30 13:09:25 | 000,000,216 | ---- | M] () -- C:\ProgramData\~vDV0EhpayTpOuIr
[2011/11/30 12:41:41 | 000,352,640 | ---- | M] () -- C:\ProgramData\vDV0EhpayTpOuI.vir
[2011/11/27 21:47:11 | 000,086,570 | ---- | M] () -- C:\Users\kasey\Desktop\Nov. 28- sub.pdf
[2011/11/26 22:44:35 | 000,221,184 | ---- | M] () -- C:\Users\kasey\Desktop\gucky_MPEG_.mpg
[2011/11/26 12:02:22 | 003,135,329 | ---- | M] () -- C:\Users\kasey\Documents\VID 00004-20111126-1201.3GP
[2011/11/25 21:36:10 | 000,000,275 | ---- | M] () -- C:\Users\kasey\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/25 21:34:56 | 000,001,132 | ---- | M] () -- C:\Users\kasey\Application Data\Microsoft\Internet Explorer\Quick Launch\Hamster Free Video Converter.lnk
[2011/11/24 14:11:30 | 001,252,524 | ---- | M] () -- C:\Users\kasey\Documents\VID-20111124-00051.3GP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/11 19:14:26 | 000,001,469 | ---- | C] () -- C:\Users\kasey\.recently-used.xbel
[2011/12/11 19:06:25 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/12/11 19:04:18 | 000,000,093 | ---- | C] () -- C:\Users\kasey\AppData\Local\fusioncache.dat
[2011/12/11 19:03:03 | 000,001,492 | ---- | C] () -- C:\user.js
[2011/12/10 21:54:54 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/09 13:57:48 | 000,285,966 | ---- | C] () -- C:\Users\kasey\Documents\madero.jpg
[2011/12/09 13:54:45 | 000,085,041 | ---- | C] () -- C:\Users\kasey\Documents\Invoice.pdf
[2011/12/05 23:23:40 | 000,015,047 | ---- | C] () -- C:\Users\kasey\Documents\uncleK.wlmp
[2011/12/05 09:17:23 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForkasey.job
[2011/12/04 00:31:25 | 000,000,808 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/03 23:11:26 | 000,000,062 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI.lic
[2011/12/03 23:04:18 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/30 12:42:13 | 000,000,312 | ---- | C] () -- C:\ProgramData\~vDV0EhpayTpOuI
[2011/11/30 12:42:13 | 000,000,216 | ---- | C] () -- C:\ProgramData\~vDV0EhpayTpOuIr
[2011/11/30 12:41:48 | 000,000,448 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI
[2011/11/30 12:41:41 | 000,352,640 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI.vir
[2011/11/27 21:47:10 | 000,086,570 | ---- | C] () -- C:\Users\kasey\Desktop\Nov. 28- sub.pdf
[2011/11/26 22:44:34 | 000,221,184 | ---- | C] () -- C:\Users\kasey\Desktop\gucky_MPEG_.mpg
[2011/11/26 21:32:44 | 003,135,329 | ---- | C] () -- C:\Users\kasey\Documents\VID 00004-20111126-1201.3GP
[2011/11/26 09:58:43 | 000,014,518 | ---- | C] () -- C:\Users\kasey\Documents\sexy&know.wlmp
[2011/11/25 21:36:09 | 000,000,275 | ---- | C] () -- C:\Users\kasey\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/25 21:34:56 | 000,001,132 | ---- | C] () -- C:\Users\kasey\Application Data\Microsoft\Internet Explorer\Quick Launch\Hamster Free Video Converter.lnk
[2011/11/25 21:01:51 | 001,252,524 | ---- | C] () -- C:\Users\kasey\Documents\VID-20111124-00051.3GP
[2011/09/07 12:01:08 | 000,000,216 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/07 12:01:08 | 000,000,160 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/07 12:01:05 | 000,000,448 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011/02/16 15:45:34 | 000,239,096 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/02/10 15:49:43 | 000,000,127 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/01 13:29:02 | 000,239,937 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2011/02/01 13:29:02 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2011/02/01 11:49:01 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/01/20 11:37:41 | 000,157,178 | ---- | C] () -- C:\Windows\hphins25.dat
[2010/12/02 03:29:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/01 11:10:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/01 11:10:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/18 09:36:25 | 000,036,384 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/03 17:06:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/20 09:15:01 | 000,169,962 | ---- | C] () -- C:\Windows\hpqins00.dat.temp
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/23 15:15:02 | 000,170,508 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/09 16:16:42 | 003,482,240 | -H-- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/02/11 16:45:02 | 000,027,264 | -H-- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/05/13 14:55:10 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2008/05/13 14:54:28 | 000,091,648 | ---- | C] () -- C:\Windows\gzip.exe
[2008/04/11 10:50:42 | 000,146,990 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/04/11 10:50:42 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/04/09 14:44:31 | 000,000,305 | -H-- | C] () -- C:\ProgramData\addr_file.html
[2008/02/20 18:25:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/04 11:41:26 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\libssl32.dll
[2008/02/01 21:08:04 | 000,147,111 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/02/01 21:08:04 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007/12/24 21:48:48 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2007/12/12 16:02:47 | 000,000,879 | ---- | C] () -- C:\Windows\hphmdl25.dat
[2007/10/30 14:20:58 | 000,639,374 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\fontlst2.opf
[2007/10/24 19:15:44 | 000,008,160 | ---- | C] () -- C:\Users\kasey\AppData\Local\d3d9caps.dat
[2007/10/23 15:17:21 | 000,008,504 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/23 15:09:41 | 000,024,206 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\UserTile.png
[2007/10/04 15:06:58 | 000,000,068 | ---- | C] () -- C:\Windows\iltwain.ini
[2007/10/02 23:24:27 | 000,000,168 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\wklnhst.dat
[2007/09/20 10:49:11 | 000,000,873 | ---- | C] () -- C:\Windows\DKAAJ2DD.ini
[2007/09/19 15:38:41 | 000,051,200 | ---- | C] () -- C:\Users\kasey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/11 22:42:28 | 000,013,025 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\nvModes.001
[2007/09/11 20:47:55 | 000,013,025 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\nvModes.dat
[2007/06/05 07:36:43 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\SN0ELMON.dat
[2007/05/29 00:01:16 | 000,103,489 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/02/27 12:43:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | -H-- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,342,056 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,100,266 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:33:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:25:21 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/19 14:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 16:58:00 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 04:06:00 | 000,016,480 | -H-- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/03/29 00:58:20 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/03/29 00:58:10 | 000,847,872 | -H-- | C] () -- C:\Windows\System32\libeay32.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/31 23:39:30 | 018,005,296 | ---- | M] (Microsoft Corporation) -- C:\Users\kasey\Desktop\IE9-WindowsVista-x86-enu.exe
[2008/01/12 12:12:27 | 125,892,318 | ---- | M] () -- C:\Users\kasey\Desktop\OOo_2.3.1_Win32Intel_install_wJRE_en-US.exe
[2009/05/27 14:16:44 | 155,255,392 | ---- | M] () -- C:\Users\kasey\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/12/12 09:03:43 | 000,003,168 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 09:03:44 | 000,003,168 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2007/05/28 23:50:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/11/11 10:57:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2010/07/10 03:01:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Alarm Clock
[2010/01/17 10:34:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2008/04/09 14:41:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Avira
[2011/12/11 19:03:05 | 000,000,000 | ---D | M] -- C:\Program Files\BabylonToolbar
[2010/11/04 21:37:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2011/02/02 23:03:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Camfrog
[2011/12/04 11:33:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2007/05/28 23:11:18 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2007/10/04 15:06:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Data Trace
[2007/09/20 10:49:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell
[2007/10/20 10:04:11 | 000,000,000 | -H-D | M] -- C:\Program Files\DIGStream
[2009/06/23 17:43:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Disney
[2010/04/30 23:30:23 | 000,000,000 | -H-D | M] -- C:\Program Files\DivX
[2007/05/29 00:03:53 | 000,000,000 | -H-D | M] -- C:\Program Files\earthlink totalaccess
[2011/02/17 01:51:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Enigma Software Group
[2007/10/20 10:04:07 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPN
[2007/10/20 10:04:12 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPNMotion
[2007/10/20 10:04:15 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPNRunTime
[2011/02/16 17:21:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Feedback Tool
[2011/01/31 23:00:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Free Window Registry Repair
[2011/09/07 13:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2008/08/07 10:21:15 | 000,000,000 | -H-D | M] -- C:\Program Files\GE Security Supra
[2011/12/11 19:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/04/30 23:30:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2011/12/03 10:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/25 21:34:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Hamster Soft
[2011/02/01 12:00:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2008/05/13 14:53:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Homestead
[2011/02/01 12:03:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Hp
[2009/03/18 12:50:06 | 000,000,000 | -H-D | M] -- C:\Program Files\HP Games
[2007/05/29 00:21:15 | 000,000,000 | -H-D | M] -- C:\Program Files\HPQ
[2011/12/11 19:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\iBryte
[2009/06/03 09:58:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/10/12 03:49:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2010/11/04 21:49:03 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2009/02/08 21:50:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Iteral
[2010/11/04 21:50:44 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2011/05/07 10:55:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/05/27 14:34:29 | 000,000,000 | -H-D | M] -- C:\Program Files\JRE
[2008/01/15 21:48:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2011/12/01 21:35:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Loaris
[2011/03/23 02:01:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2007/10/25 02:03:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Games
[2007/12/24 22:16:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft LifeCam
[2007/11/05 18:44:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/12/10 21:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/10/12 03:51:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2011/10/10 20:34:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2007/11/05 18:46:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/27 02:04:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2011/02/15 11:21:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2011/01/31 16:47:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2009/02/21 14:13:23 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2007/09/11 07:54:21 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2007/05/29 00:14:43 | 000,000,000 | -H-D | M] -- C:\Program Files\muvee Technologies
[2008/05/29 16:59:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Napster
[2007/09/17 13:27:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Nokia
[2007/05/29 00:05:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2009/05/27 14:33:13 | 000,000,000 | -H-D | M] -- C:\Program Files\OpenOffice.org 2.3
[2009/05/27 14:34:27 | 000,000,000 | -H-D | M] -- C:\Program Files\OpenOffice.org 3
[2007/09/20 10:58:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Print Manager Plus - Client
[2010/11/04 21:43:48 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2007/05/29 00:19:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2009/02/13 13:01:36 | 000,000,000 | -H-D | M] -- C:\Program Files\REFN
[2010/08/22 11:29:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Research In Motion
[2011/02/02 23:15:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Rhapsody
[2007/05/28 23:33:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Roxio
[2010/11/04 21:35:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Safari
[2007/10/30 14:14:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Sharp
[2008/02/04 11:40:30 | 000,000,000 | -H-D | M] -- C:\Program Files\SiLabs
[2011/07/07 16:02:27 | 000,000,000 | RH-D | M] -- C:\Program Files\Skype
[2007/10/23 15:20:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Symantec
[2007/05/28 23:09:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Synaptics
[2006/11/02 05:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/09/16 13:43:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Vongo
[2011/01/31 16:47:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Calendar
[2011/01/31 16:47:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/01/31 16:46:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Defender
[2011/01/31 16:47:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Journal
[2011/10/10 20:42:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live
[2011/11/10 03:59:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Mail
[2011/01/31 16:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2011/01/31 16:47:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Photo Gallery
[2011/02/14 10:53:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Portable Devices
[2007/11/29 23:42:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Resource Kits
[2011/01/31 16:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar
[2007/05/29 00:05:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2011/09/05 08:43:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Zoodles


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | -H-- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 01:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | -H-- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-01 03:19:29

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\RossiListingPackage.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\rose.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\REO Craigslist.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\REO Craigslist.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\PlantMoroz.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Plantation Co-Sponsor.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\McCarron_Lease_INVOICE[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Letter_to_Peter_Mellon_Real_Estate[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Lauraschool.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\invite.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\IndianSpringsDecal.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\hollodAdd1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\hollodadd.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\grizwald.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\GetAttachment.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\fridge.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\foxpre.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\foxhighestoffer.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\C21 disclosureGabel.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\BOWLPOOL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Bowl_Pool_07_-_08_SORTED[1].xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\am012hseX.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\ak02a7y7X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\aj03mce6X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Addendum_A_to_Contract_of_Sale.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\aaaa1jf9X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\45304_Banff_Springs_Street___Addendum_No__1_-_10_01.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\2008_Masters_Golf.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\1234.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\123.pdf:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

kaseyl
Novice
Novice

Posts Posts : 18
Joined Joined : 2011-12-11
OS OS : vista
Points Points : 18466
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:DOS/Alureon.E

Post by kaseyl on Mon Dec 12, 2011 6:30 pm

Extras.txt_
OTL Extras logfile created on: 12/12/2011 9:46:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kasey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.38% Memory free
4.12 Gb Paging File | 2.75 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 40.04 Gb Free Space | 28.43% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 0.42 Gb Free Space | 5.91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.05 Gb Total Space | 0.72 Gb Free Space | 68.76% Space Free | Partition Type: NTFS

Computer Name: KASEY-PC | User Name: kasey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\iBryte\browseforchange\ibrytedesktop.exe" = C:\Program Files\iBryte\browseforchange\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)
"C:\Program Files\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068F3C3D-F1E4-4F76-A18E-C2F252780C92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1CF95360-00F5-4F4D-82DB-F8872C64F6C6}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{1E3B4C74-96AB-4FEC-B45C-77BA0ABB770E}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{2AC20AE0-2CC4-4E48-B2E4-0BB9BC35C7F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{359B9293-BD7C-49C6-9E95-D03A458A7050}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{40363617-F328-4AAC-A4BA-BEF8F59345A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{487A9787-239B-4256-8C1D-D8F8A74F99FD}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{64E8B9F2-0244-4208-9AAA-3AA2CC2B788E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6ED9077C-558F-44AA-9F78-0D68E55DA2FA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7708AB03-F071-4676-B36F-942C86A5496B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{8BCAC1E6-FC1B-4938-B4B4-609768BDBA02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9339E4D4-7623-4610-8101-880FF0183860}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{9F20169F-4372-4D27-8D48-2D4987CCD170}" = lport=4687 | protocol=6 | dir=in | name=mx-3501n |
"{A4C2D3F2-1D21-49C6-ADCC-DBDF5A687466}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{AB3155A8-EB11-4EBC-BA92-BD331F0C8DCD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC722A80-3242-441F-BEBF-B7DB8A7FFA87}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{AE001538-88AE-4A8A-BC65-7A54BF250853}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6341776-B0A2-4FD3-8D7E-979A4A3D4F5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE4C4218-9B65-444A-BC12-7B1B6D5CC75F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF2CDCEE-1271-448B-81BB-0102E4129C96}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CB62C72E-6953-482F-9804-DAF03AB85198}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC927FB7-ED4C-498F-8996-A957E9DCFE86}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E4F6541F-24A3-4872-946E-171DBBB7AB85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE85A5FC-A726-4BF0-9FA4-A599D6E5E4AB}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04568DA3-53B7-4377-B838-C75D70AB216F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{076655C6-6B47-4439-A345-9CADFABB1026}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{083D635C-907A-4348-933A-8EBB63E3C6A6}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{0E36EE5B-93D8-431D-BDED-384C18B5AE78}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0EBC7C09-A7DE-47D4-9161-E578D46A9F42}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{118BCD34-FAA4-4805-883F-0965C17EE6F0}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{18B721A9-B7CE-4598-A1F4-ED32C09EC606}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{1B546202-3822-45A0-8427-D41562234292}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1C367B57-0AC1-4073-873B-DBFD291FBD8A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpzwiz01.exe |
"{1E2FEEFA-8C17-4757-B796-51FFD64030A8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe |
"{1F1776EA-742F-4032-AF68-BA2764697B6C}" = protocol=6 | dir=in | app=c:\program files\sharp\sharpdesk\netscantool.exe |
"{2346F100-EA86-48A7-B581-AAFCBAC9515D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{25FA258E-65FE-4E85-AE99-B63190E62DD1}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{297AA940-2AB9-46AD-B622-3E463724F159}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe |
"{2DC45CE3-59E4-4724-9522-8420F4623064}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37D093FB-490C-4B98-AB31-F96C8C13EB20}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe |
"{391590A3-1328-492D-AF43-988B81D7F232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A16CEA9-EC62-449F-B2EC-A3C4AC0FC4E2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{3D0E202D-75C3-4F05-B2F2-AB3EF4BA827A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E1165D4-6501-4D5C-B527-FD0719E2BFBF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4070E05E-837F-4D40-B984-895634FEDA84}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe |
"{41625BC6-32CC-43A2-805E-86EE4D003AB5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{466F7020-4376-4B7B-8F13-D79ABABEF755}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4B3EC838-508F-40F3-9458-2A2A65FE06E1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{50A59940-426C-40DE-B8C0-485BB2562FE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51A70C0B-1E00-458E-B8BE-B7509148DD9C}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe |
"{5F90D302-D551-4D95-B436-DD484AF084A3}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{6466F7C8-9789-4F93-B00F-3F85CFE814FB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{672C88CD-0417-4060-ABC0-F74096035012}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqcopy2.exe |
"{6AFF84C7-F250-4044-B07E-74BC3782E37B}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{6C1FAEAE-99BC-47B4-A7A4-D15A4C9C1CE6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{6CA741F5-275C-498D-81A6-7E1EA1AF3349}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D4FA56D-E93F-4BA0-BBBA-09403FA550BF}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe |
"{722CEC5D-26B7-4838-9797-66195CE3F5B8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{774F892B-1AB9-478E-8CA7-ECFA76045E1F}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqnrs08.exe |
"{78B229D4-C01A-44AD-8679-E85101BA0E81}" = protocol=17 | dir=in | app=c:\users\kasey\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{78BE27DE-851E-427C-B6BC-DE90E3D1A2CF}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe |
"{80A298EA-1387-4490-B095-6BA8280687FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B85C4FF-9BDA-47E3-AA3F-25326F3C4EE8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{8C36A45E-9B88-4E2D-9BF3-9542728C6D33}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{95869FBE-0362-402A-9E0B-E76AD37D761E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95E1B2B6-4721-496F-8DB7-87144FDA0E81}" = protocol=17 | dir=in | app=c:\program files\sharp\sharpdesk\imaging\kodakimg.exe |
"{967F7121-34F7-4708-B5C3-B42E90EE0F78}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe |
"{99483335-6C64-4158-96FB-0714CE1B5C67}" = protocol=17 | dir=in | app=c:\program files\sharp\sharpdesk\netscantool.exe |
"{9BD697B8-729F-4A55-BEA9-54AE4DA6A62A}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{9D839C64-DF27-43D5-9374-45F410999409}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9EA83A41-7C34-459F-9E7E-BC755333B3B9}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe |
"{9EF3943E-DCE5-480B-ADBE-BDF50FFDB414}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AA5AB164-DE29-45E5-99C2-3ACB518D0ABC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF3360B3-52FB-47E0-B472-39F5E0A261E2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AF9008AB-5FC3-4EB4-8283-31047FE3E3D2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxs08.exe |
"{B090485D-60C6-4012-ACF9-12E4B2020C92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2151B4F-1D0E-454D-9CA9-51346B874F85}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqfxt08.exe |
"{B35A1FD8-0738-4360-84C0-2EEF46FC23CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B678FD02-E7A7-4A19-9B4E-DB67F36334AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB8DB1D1-75FD-4B5F-8AD5-827C7C9EE218}" = protocol=6 | dir=in | app=c:\users\kasey\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C42C29C6-439D-4B84-9296-CFA2D604EB2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C45DC106-AC49-4625-AA22-E163F98E6DB0}" = protocol=6 | dir=in | app=c:\program files\sharp\sharpdesk\imaging\kodakimg.exe |
"{CD6A2D74-FC19-4148-ACA2-85FBD020E5C8}" = dir=in | app=c:\users\kasey\appdata\local\temp\7zs4e74\ojprol7x00_full_14\setup\hpznui01.exe |
"{D7EBA572-AA8C-4278-AF73-792C141FAEC3}" = protocol=6 | dir=out | app=system |
"{E4F2E09D-FCEF-4EFE-A7EF-FDA3618A1E01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5BC5FEB-4B15-412E-9139-442B01816031}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{E6FA7880-6E74-4C25-AA6B-918D32EE85B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E71BDD14-4525-4DD3-8CBD-71D124B3EAE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8EBA60E-7417-4931-B1AD-E02A92D1025E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{E9CF4BE5-4F5A-4265-9A5F-54CE6E2473FB}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposfx08.exe |
"{ECACB3ED-0B2D-47C1-861A-E0C10D4282BE}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{F2DCB7E9-9A91-4214-B847-834B1FC763EC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxm08.exe |
"{FABC5D01-90B9-4323-978A-1BC9E0C4B648}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{2E799E29-73DE-49F1-B487-9FCB205B8E4C}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{37A15B77-5D43-42E3-8423-E1D6B2363469}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{37DF7E69-A688-4A77-83A0-98CBF9C521B1}C:\program files\print manager plus - client\checkpages.exe" = protocol=6 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"TCP Query User{4ABF91FA-0D74-42FC-8937-E3301B87977E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{510EC3ED-8C2E-4F0A-855D-BDAFC085B2C4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{601F9FD7-13AD-45E2-ACFF-A93F08D1D21F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{616A3355-4FD6-4B1F-87D3-B213ABEBF87F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6A48191A-D34A-4AA4-959E-828A3ABE8B70}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{6D715970-041E-48A2-A9B8-F5E86BC28CED}C:\program files\print manager plus - client\checkpages.exe" = protocol=6 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"TCP Query User{8C24351B-B1B9-4394-A7E2-C1534A1B4F2B}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{944160E3-EC2B-42B0-A333-03AF4C8E6FC3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9F640437-A470-45CE-914E-418072A42B7B}C:\program files\sharp\sharpdesk\ftpserver.exe" = protocol=6 | dir=in | app=c:\program files\sharp\sharpdesk\ftpserver.exe |
"TCP Query User{ABAFE258-AE5B-40BB-BCC5-FCF1ABA5B465}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{AF4E4809-6D08-4CA8-BFB5-0AE6F40C76E8}C:\program files\microsoft lifecam\lifecam.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"TCP Query User{B73E89EB-5814-4002-8099-68547E7CD19C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{C3E9A85D-50F2-4C50-B09A-06B38D66871D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E9CBF9FA-EFEB-4D70-A18A-49C624A7718D}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{EFCEEFC0-7A4E-4189-BD0C-A85777D8809A}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{F4A6144B-EE1F-42EC-B208-E5D73A40541D}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{F812AB51-6502-447E-A91C-6B8CB819F687}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{20F4826B-7FDB-462C-98E0-0FD4778A0F7C}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{2227B123-4DA0-4BA3-9C0A-D2E984501AA2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2F9DC477-7C61-4345-BA2B-8CD32A7833D7}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{3C4E93DA-A1D0-4D27-A1D9-9E700A6A28CB}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{4397D3CB-68FC-438C-9395-AB50D74801D3}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{510106FA-DAA5-427B-AB44-98025F6750F7}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{5F57D92F-78B7-42F1-8897-1119D4406924}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{76CFCA54-7D15-4204-8CEB-0C4B804A2240}C:\program files\microsoft lifecam\lifecam.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"UDP Query User{8015239D-C64A-40D6-A33D-1182704B895E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8517B8E8-2C5A-46F7-9903-0AEFB3753CF1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8549111C-32A1-40E9-B351-030753CB5AB5}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{8661728A-690C-49BA-92BF-0E499FD7BB9F}C:\program files\print manager plus - client\checkpages.exe" = protocol=17 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"UDP Query User{891F3BCB-3B62-46C1-94A3-55E908ED45F2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A3262D17-D6BB-44F9-B999-B5935FABD66E}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{AB73BEA9-61B1-4A13-95A1-EF6A16B778A0}C:\program files\print manager plus - client\checkpages.exe" = protocol=17 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"UDP Query User{B55D2A72-C092-4B33-975C-BF2755199DD4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C0473FEC-1885-4103-8B98-8FDB560A8CF3}C:\program files\sharp\sharpdesk\ftpserver.exe" = protocol=17 | dir=in | app=c:\program files\sharp\sharpdesk\ftpserver.exe |
"UDP Query User{C0658E73-157A-4848-B0BA-55BBEB473BF2}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{CDAFD8B9-2216-4FC5-B975-B353250C3B3C}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"UDP Query User{F4777407-40C2-4BD5-938C-09A7464EDDD4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1877EB02-A6F4-AD88-EF4B-CC0AA2BBE061}" = Zoodles
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3171EBEF-1719-4374-926C-9CF44524EC23}" = Print Manager Plus - Client
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7F63C253-6A02-4CB7-B142-82A6B38E46D2}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DA187171-D434-4601-8959-478DE5BD6255}" = Nokia MTP driver
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alarm Clock_is1" = Alarm Clock v1.0
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1" = Zoodles
"Dell Printer Software Uninstall" = Dell Printer Software Uninstall
"DisplayKEY Sync_is1" = DisplayKEY USB Cradle version 0.7.2.1
"DivX Setup.divx.com" = DivX Setup
"DUCCOMM&1560&0003" = CP210x USB to UART Bridge Controller
"ESPN RunTime" = ESPN RunTime
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"iBryte_browseforchange" = Browse For Change
"iBryte_playbryte" = PlayBryte
"InstallShield_{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"Internet Profile" = Internet Profile
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSSL_is1" = OpenSSL 0.9.7f
"OUTLOOKR" = Microsoft Office Outlook 2007
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2010 12:37:25 PM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 6.0.6000.16386, time stamp
0x4549b734, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61,
exception code 0xc0000005, fault offset 0x00009b20, process id 0x6e8, application
start time 0x01cb0e3b5a32f059.

Error - 6/17/2010 12:41:36 PM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 6.0.6000.16386, time stamp
0x4549b734, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61,
exception code 0xc0000005, fault offset 0x0000a4fb, process id 0xfac, application
start time 0x01cb0e3be2990799.

Error - 6/17/2010 12:42:21 PM | Computer Name = kasey-PC | Source = NSSDK.SharpNSApp.1 | ID = 34938914
Description = Load from file Ӕ failed. (0x82150446)

Error - 6/17/2010 12:42:21 PM | Computer Name = kasey-PC | Source = NSSDK.SharpNSApp.1 | ID = 34938914
Description = Load from file Ӕ failed. (0x82150446)

Error - 6/17/2010 12:43:03 PM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 6.0.6000.16386, time stamp
0x4549b734, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61,
exception code 0xc0000005, fault offset 0x00009b20, process id 0x16d8, application
start time 0x01cb0e3c200d5459.

Error - 6/18/2010 3:18:03 AM | Computer Name = kasey-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 6/19/2010 11:51:20 PM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17037, time stamp
0x4b9658a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0003b15f, process id 0x1be0, application
start time 0x01cb0fdca0f51870.

Error - 6/22/2010 1:23:48 AM | Computer Name = kasey-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.17037 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1edc Start Time: 01cb0fe0df88da50 Termination Time: 346

Error - 6/22/2010 1:33:46 AM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17037, time stamp
0x4b9658a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0003b15f, process id 0x1618, application
start time 0x01cb11cc67b707c0.

Error - 6/22/2010 4:29:37 AM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17037, time stamp
0x4b9658a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0003b15f, process id 0x1b90, application
start time 0x01cb1160f44a8c50.

[ Media Center Events ]
Error - 12/25/2007 1:53:20 AM | Computer Name = kasey-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/17/2008 6:11:10 AM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/25/2008 1:34:07 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 11:10:48 AM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/25/2009 1:04:22 PM | Computer Name = kasey-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/29/2009 3:51:55 AM | Computer Name = kasey-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/29/2009 1:33:52 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/4/2009 1:22:55 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 4:03:05 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/1/2011 3:30:58 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/29/2009 12:54:16 AM | Computer Name = kasey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/9/2009 4:32:29 PM | Computer Name = kasey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/12/2011 1:03:33 PM | Computer Name = kasey-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:00:57 AM on 12/12/2011 was unexpected.

Error - 12/12/2011 1:03:55 PM | Computer Name = kasey-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer SHARP MX-3501N PCL6 with
shared resource name SHARP MX-3501N PCL6. Error 2114. The printer cannot be used
by others on the network.

Error - 12/12/2011 1:05:56 PM | Computer Name = kasey-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/12/2011 1:05:56 PM | Computer Name = kasey-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/12/2011 1:06:34 PM | Computer Name = kasey-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 12/12/2011 1:06:34 PM | Computer Name = kasey-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 12/12/2011 1:14:33 PM | Computer Name = kasey-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.117.824.0, AS: 1.117.824.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/12/2011 1:35:00 PM | Computer Name = kasey-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.117.824.0, AS: 1.117.824.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0,
NIS: 2.0.7707.0

Error - 12/12/2011 1:38:20 PM | Computer Name = kasey-PC | Source = DCOM | ID = 10016
Description =

Error - 12/12/2011 1:38:20 PM | Computer Name = kasey-PC | Source = DCOM | ID = 10016
Description =

[ Windows OneCare Events ]
Error - 10/24/2007 6:14:40 PM | Computer Name = kasey-PC | Source = WinSS | ID = 1011
Description =

Error - 10/24/2007 6:14:40 PM | Computer Name = kasey-PC | Source = WinSS | ID = 1011
Description =

Error - 10/30/2007 6:18:02 PM | Computer Name = kasey-PC | Source = WinSS | ID = 1011
Description =


< End of report >

kaseyl
Novice
Novice

Posts Posts : 18
Joined Joined : 2011-12-11
OS OS : vista
Points Points : 18466
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:DOS/Alureon.E

Post by Belahzur on Wed Dec 14, 2011 10:14 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum