trojan dos alureon.e

View previous topic View next topic Go down

trojan dos alureon.e

Post by kaseyl on Tue 13 Dec 2011, 6:31 am

OTL.txt
OTL results
by kaseyl Today at 10:22 am

.
I downloaded Microsoft Security Essential came back with a threat called Trojan:DOS/Alureon.E. It was unable to remove. After a little research about the virus, it sounds like this is a nasty virus. Its has been 3 days since I realized I had the virus. It is only been annoying so far, Microsoft Securty warnings all the time and it turns off my sound device at startup.
I have followed you intruction above and have ran OTL. The results follow:

OTL logfile created on: 12/12/2011 9:46:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kasey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.38% Memory free
4.12 Gb Paging File | 2.75 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 40.04 Gb Free Space | 28.43% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 0.42 Gb Free Space | 5.91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.05 Gb Total Space | 0.72 Gb Free Space | 68.76% Space Free | Partition Type: NTFS

Computer Name: KASEY-PC | User Name: kasey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 09:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kasey\Downloads\OTL.com
PRC - [2011/12/12 09:38:22 | 000,526,512 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
PRC - [2011/12/11 19:04:42 | 000,163,840 | ---- | M] (iBryte) -- C:\Program Files\iBryte\playbryte\iBryteDesktop.exe
PRC - [2011/11/19 23:24:06 | 000,307,376 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/01 00:00:11 | 000,243,360 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 10:47:12 | 000,079,192 | -H-- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/07 12:12:22 | 000,505,576 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/12/14 06:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/08 17:35:18 | 000,068,865 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/12/08 17:35:17 | 000,151,297 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/05/17 14:45:34 | 000,271,720 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/03/28 16:45:34 | 000,270,431 | -H-- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/12 17:30:14 | 000,517,768 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/09/07 11:05:16 | 000,053,248 | -H-- | M] (GE Security Supra) -- c:\Program Files\GE Security Supra\SyncService.exe
PRC - [2006/09/07 11:05:16 | 000,011,776 | -H-- | M] (GE Security Supra) -- C:\Program Files\GE Security Supra\ProxyDaemon.exe
PRC - [2005/11/16 11:34:28 | 000,073,216 | ---- | M] () -- C:\SSL\stunnel-4.10.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/11 19:04:43 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\browsermediator\1.0.0.0__51b6fa9a48c79a9e\browsermediator.dll
MOD - [2011/10/12 02:04:32 | 003,391,488 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f8bceb5b\mscorlib.dll
MOD - [2011/10/12 02:04:26 | 000,835,584 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_93d997e0\system.drawing.dll
MOD - [2011/10/12 02:04:15 | 002,088,960 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f48c12a4\system.xml.dll
MOD - [2011/10/12 02:04:02 | 003,018,752 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a3b1bffb\system.windows.forms.dll
MOD - [2011/10/12 02:03:46 | 001,966,080 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_27160a52\system.dll
MOD - [2011/10/12 02:03:37 | 001,232,896 | -H-- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2008/02/06 09:36:15 | 001,339,392 | -H-- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/02/06 09:36:12 | 000,466,944 | -H-- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/02/06 09:36:11 | 002,052,096 | -H-- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | -H-- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/28 04:40:36 | 000,254,824 | -H-- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2010/05/28 03:46:46 | 000,138,600 | -H-- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2010/05/28 01:50:44 | 000,701,288 | -H-- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/12/08 17:35:18 | 000,068,865 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/12/08 17:35:17 | 000,151,297 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/17 14:45:34 | 000,271,720 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/28 16:45:38 | 000,118,877 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 16:45:34 | 000,270,431 | -H-- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/03/12 17:30:14 | 000,517,768 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/09 13:55:34 | 000,110,592 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/09/07 11:05:16 | 000,053,248 | -H-- | M] (GE Security Supra) [Auto | Running] -- c:\Program Files\GE Security Supra\SyncService.exe -- (DkeySync)
SRV - [2006/06/05 12:59:18 | 000,174,080 | -H-- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/12/12 09:03:48 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EBD2E67-C3EC-443C-8A32-76ECB02512B0}\MpKsl037e84c2.sys -- (MpKsl037e84c2)
DRV - [2011/12/11 10:51:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EBD2E67-C3EC-443C-8A32-76ECB02512B0}\MpKsld5d38117.sys -- (MpKsld5d38117)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/09 16:16:42 | 003,482,240 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/27 08:42:35 | 000,075,096 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 08:42:29 | 000,052,056 | -H-- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 08:42:25 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/03/03 12:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/04/10 14:46:44 | 002,385,896 | -H-- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2007/03/01 09:34:36 | 000,028,352 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/28 10:26:00 | 004,465,184 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 08:24:48 | 000,159,232 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 00:50:32 | 000,012,032 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/22 13:28:56 | 000,100,648 | -H-- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 09:24:58 | 000,008,192 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 09:16:24 | 000,032,256 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 04:42:46 | 000,043,520 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 02:35:20 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/01 23:30:56 | 000,429,056 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/09/07 11:00:18 | 000,089,808 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2006/09/07 11:00:18 | 000,055,312 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) DisplayKEY USB Cradle driver (WDM)
DRV - [2006/08/05 01:39:10 | 000,008,192 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 08:54:00 | 000,009,472 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/05/29 07:26:38 | 000,127,488 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 07:26:36 | 000,013,312 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 07:26:36 | 000,013,312 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 07:26:36 | 000,008,704 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kasey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kasey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/01 12:03:46 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/10 15:06:45 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/01 12:03:46 | 000,000,000 | -H-D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [iBryte browseforchange Desktop] C:\Program Files\iBryte\browseforchange\iBryteDesktop.exe (iBryte)
O4 - HKLM..\Run: [iBryte playbryte Desktop] C:\Program Files\iBryte\playbryte\iBryteDesktop.exe (iBryte)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: lvarmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([signup] * in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: rapmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rapmls.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: vvmls.com ([]http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC68} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6DE617B8-49C0-40F8-8118-D2C3741F1C28} [You must be registered and logged in to see this link.] (SetTrustedSitesControl.clsReg)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} [You must be registered and logged in to see this link.] (MSN File Upload Control)
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} [You must be registered and logged in to see this link.] (LogData Class)
O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} [You must be registered and logged in to see this link.] (SAXFile FileDownload ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} [You must be registered and logged in to see this link.] (RIM AxLoader)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} [You must be registered and logged in to see this link.] (iPIX Media Send Class)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED664FC2-100D-4F04-824A-8ADD0B773EA5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 00:15:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{40d5eb57-c2e1-11de-8853-001b2485a4be}\Shell - "" = AutoRun
O33 - MountPoints2\{40d5eb57-c2e1-11de-8853-001b2485a4be}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{45946bf3-1700-11df-bb5a-001b2485a4be}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{45946bf3-1700-11df-bb5a-001b2485a4be}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{8f87c093-0848-11e0-8b6c-001b2485a4be}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{a1a3f6ce-13cf-11de-b39a-001b2485a4be}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{a1a3f6ce-13cf-11de-b39a-001b2485a4be}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FtpServer.exe - hkey= - key= - C:\Program Files\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: printutil - hkey= - key= - C:\Users\kasey\AppData\Local\Temp\7zS2ABD\HPPDU.exe (Hewlett-Packard)
MsConfig - StartUpReg: QlbCtrl - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: SharpTray - hkey= - key= - C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: WAWifiMessage - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

SafeBootMin: 17427488.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 17427488.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\gtk-2.0
[2011/12/11 19:09:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\.thumbnails
[2011/12/11 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\kasey\Documents\gegl-0.0
[2011/12/11 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\kasey\.gimp-2.6
[2011/12/11 19:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/12/11 19:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011/12/11 19:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\iBryte
[2011/12/11 19:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/12/11 19:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\Babylon
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\Babylon
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/12/10 22:48:17 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{F3D71014-AD41-4A72-990E-46518924900E}
[2011/12/10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{45914E97-EDB7-4DAF-976E-3917633B6D7D}
[2011/12/10 21:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/06 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{3DB9BEF1-62A8-477E-B04D-C3C2B610B2BC}
[2011/12/06 09:19:28 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{45A418A2-AA63-43C1-B2E7-59B07C1F482B}
[2011/12/05 21:08:02 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{515B2883-965E-4CFB-97CB-7E6B6FCED651}
[2011/12/05 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{FA07FFFB-91DD-4635-B1EF-491DA5E45CDF}
[2011/12/05 19:55:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{24FD69FA-DD8C-48C9-A36F-5F49D5C271C6}
[2011/12/05 08:58:20 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{49974990-EA67-4E6B-9A19-9FE493F17966}
[2011/12/04 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{5FC1AFEC-517C-4969-9148-80A09E981A2E}
[2011/12/04 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{A455D848-C819-44E6-AB85-177310F3EFB2}
[2011/12/04 00:07:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/03 23:31:23 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{651DC1E4-8893-4082-BED4-24E69F0AE480}
[2011/12/03 23:30:35 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{DA636B99-BAC9-4DA2-822E-2D5BD7669320}
[2011/12/03 09:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/12/03 09:09:46 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{97CFEBAF-F340-41E3-9E41-D1ABD7A5B328}
[2011/12/02 20:39:48 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{B7042A04-7646-46E6-AF4A-A038CF02D554}
[2011/12/02 20:38:33 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{793EDBE4-25F5-415B-B161-A241B0600918}
[2011/12/02 18:28:16 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{83195D49-8EB0-4287-8FAB-88714233F481}
[2011/12/02 00:10:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{D57C4719-559D-4EFB-866B-CAB86D2A7DF7}
[2011/12/02 00:10:06 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{7AEB90F8-12FA-439D-BF79-B2D439BECD73}
[2011/12/01 21:35:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Loaris
[2011/12/01 20:19:48 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{21ACE7D0-3F00-4AE2-9DF3-9BEB6F2A1A2B}
[2011/12/01 20:19:32 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{69028728-FB17-42DC-8A52-03BAFF691081}
[2011/11/30 12:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/30 12:42:51 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{E1F7ED87-B026-48AB-8382-A21E26E76E0B}
[2011/11/30 12:42:19 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{3E26C50C-8DE7-476C-ACC2-855146BCE08D}
[2011/11/26 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{FF124BB4-FB9C-47AF-887C-004E4D89B931}
[2011/11/26 11:45:01 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{E684E478-B041-401D-95EA-1B3D1BBF0008}
[2011/11/26 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{8842906D-112E-4E07-B1FD-E133A3FDCBE4}
[2011/11/26 10:04:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{72AA5D6E-FA88-49DD-965C-2F60182CA88D}
[2011/11/26 09:55:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{8BE31A0A-02C0-4AD8-AFF7-7509EAE56805}
[2011/11/25 21:45:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{0079004E-2680-4406-BDE6-5662C5A19336}
[2011/11/25 21:45:49 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{66771215-89E9-4107-BFF6-1B22C6DBED5E}
[2011/11/25 21:40:08 | 000,000,000 | ---D | C] -- C:\Users\kasey\Desktop\sexy
[2011/11/25 21:34:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
[2011/11/25 21:34:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Hamster Soft
[2011/11/25 21:12:28 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{5AAE684E-3211-4BED-9621-30E2E372737F}
[2011/11/25 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{2C378169-25BB-4041-ABAC-BB21FC995CF0}
[2011/11/25 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\Mozilla
[2011/11/13 14:30:24 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{C792D6CE-989E-440D-9797-329FDC19F548}
[2011/11/13 14:30:13 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{B5E8EFDB-79DF-4976-9896-D601A849B352}
[2007/07/04 20:28:52 | 000,176,128 | -H-- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Tue 13 Dec 2011, 6:33 am

OTL.txt continued:
[2011/12/12 09:52:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3169625114-2507931809-1573453260-1000UA.job
[2011/12/12 09:45:42 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkasey.job
[2011/12/12 09:03:52 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/12 09:03:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 09:03:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 09:03:35 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3169625114-2507931809-1573453260-1000Core.job
[2011/12/12 09:03:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/12 09:03:26 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/12 09:01:00 | 000,000,886 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/11 19:14:26 | 000,001,469 | ---- | M] () -- C:\Users\kasey\.recently-used.xbel
[2011/12/11 19:06:25 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/12/11 19:04:18 | 000,000,093 | ---- | M] () -- C:\Users\kasey\AppData\Local\fusioncache.dat
[2011/12/11 19:03:12 | 000,001,492 | ---- | M] () -- C:\user.js
[2011/12/11 18:00:00 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/12/10 21:55:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/10 10:52:23 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/12/09 13:57:56 | 000,285,966 | ---- | M] () -- C:\Users\kasey\Documents\madero.jpg
[2011/12/09 13:54:45 | 000,085,041 | ---- | M] () -- C:\Users\kasey\Documents\Invoice.pdf
[2011/12/05 23:26:17 | 186,517,628 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/05 23:23:41 | 000,015,047 | ---- | M] () -- C:\Users\kasey\Documents\uncleK.wlmp
[2011/12/05 21:23:28 | 000,051,200 | ---- | M] () -- C:\Users\kasey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/04 19:48:17 | 000,014,518 | ---- | M] () -- C:\Users\kasey\Documents\sexy&know.wlmp
[2011/12/04 07:04:47 | 000,013,025 | ---- | M] () -- C:\Users\kasey\AppData\Roaming\nvModes.001
[2011/12/04 01:43:08 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/03 23:11:26 | 000,000,062 | ---- | M] () -- C:\ProgramData\vDV0EhpayTpOuI.lic
[2011/12/02 19:51:37 | 000,008,160 | ---- | M] () -- C:\Users\kasey\AppData\Local\d3d9caps.dat
[2011/12/02 01:05:35 | 000,196,608 | -H-- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/30 13:09:40 | 000,000,448 | ---- | M] () -- C:\ProgramData\vDV0EhpayTpOuI
[2011/11/30 13:09:25 | 000,000,312 | ---- | M] () -- C:\ProgramData\~vDV0EhpayTpOuI
[2011/11/30 13:09:25 | 000,000,216 | ---- | M] () -- C:\ProgramData\~vDV0EhpayTpOuIr
[2011/11/30 12:41:41 | 000,352,640 | ---- | M] () -- C:\ProgramData\vDV0EhpayTpOuI.vir
[2011/11/27 21:47:11 | 000,086,570 | ---- | M] () -- C:\Users\kasey\Desktop\Nov. 28- sub.pdf
[2011/11/26 22:44:35 | 000,221,184 | ---- | M] () -- C:\Users\kasey\Desktop\gucky_MPEG_.mpg
[2011/11/26 12:02:22 | 003,135,329 | ---- | M] () -- C:\Users\kasey\Documents\VID 00004-20111126-1201.3GP
[2011/11/25 21:36:10 | 000,000,275 | ---- | M] () -- C:\Users\kasey\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/25 21:34:56 | 000,001,132 | ---- | M] () -- C:\Users\kasey\Application Data\Microsoft\Internet Explorer\Quick Launch\Hamster Free Video Converter.lnk
[2011/11/24 14:11:30 | 001,252,524 | ---- | M] () -- C:\Users\kasey\Documents\VID-20111124-00051.3GP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/11 19:14:26 | 000,001,469 | ---- | C] () -- C:\Users\kasey\.recently-used.xbel
[2011/12/11 19:06:25 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/12/11 19:04:18 | 000,000,093 | ---- | C] () -- C:\Users\kasey\AppData\Local\fusioncache.dat
[2011/12/11 19:03:03 | 000,001,492 | ---- | C] () -- C:\user.js
[2011/12/10 21:54:54 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/09 13:57:48 | 000,285,966 | ---- | C] () -- C:\Users\kasey\Documents\madero.jpg
[2011/12/09 13:54:45 | 000,085,041 | ---- | C] () -- C:\Users\kasey\Documents\Invoice.pdf
[2011/12/05 23:23:40 | 000,015,047 | ---- | C] () -- C:\Users\kasey\Documents\uncleK.wlmp
[2011/12/05 09:17:23 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForkasey.job
[2011/12/04 00:31:25 | 000,000,808 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/03 23:11:26 | 000,000,062 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI.lic
[2011/12/03 23:04:18 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/30 12:42:13 | 000,000,312 | ---- | C] () -- C:\ProgramData\~vDV0EhpayTpOuI
[2011/11/30 12:42:13 | 000,000,216 | ---- | C] () -- C:\ProgramData\~vDV0EhpayTpOuIr
[2011/11/30 12:41:48 | 000,000,448 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI
[2011/11/30 12:41:41 | 000,352,640 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI.vir
[2011/11/27 21:47:10 | 000,086,570 | ---- | C] () -- C:\Users\kasey\Desktop\Nov. 28- sub.pdf
[2011/11/26 22:44:34 | 000,221,184 | ---- | C] () -- C:\Users\kasey\Desktop\gucky_MPEG_.mpg
[2011/11/26 21:32:44 | 003,135,329 | ---- | C] () -- C:\Users\kasey\Documents\VID 00004-20111126-1201.3GP
[2011/11/26 09:58:43 | 000,014,518 | ---- | C] () -- C:\Users\kasey\Documents\sexy&know.wlmp
[2011/11/25 21:36:09 | 000,000,275 | ---- | C] () -- C:\Users\kasey\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/25 21:34:56 | 000,001,132 | ---- | C] () -- C:\Users\kasey\Application Data\Microsoft\Internet Explorer\Quick Launch\Hamster Free Video Converter.lnk
[2011/11/25 21:01:51 | 001,252,524 | ---- | C] () -- C:\Users\kasey\Documents\VID-20111124-00051.3GP
[2011/09/07 12:01:08 | 000,000,216 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/07 12:01:08 | 000,000,160 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/07 12:01:05 | 000,000,448 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011/02/16 15:45:34 | 000,239,096 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/02/10 15:49:43 | 000,000,127 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/01 13:29:02 | 000,239,937 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2011/02/01 13:29:02 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2011/02/01 11:49:01 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/01/20 11:37:41 | 000,157,178 | ---- | C] () -- C:\Windows\hphins25.dat
[2010/12/02 03:29:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/01 11:10:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/01 11:10:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/18 09:36:25 | 000,036,384 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/03 17:06:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/20 09:15:01 | 000,169,962 | ---- | C] () -- C:\Windows\hpqins00.dat.temp
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/23 15:15:02 | 000,170,508 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/09 16:16:42 | 003,482,240 | -H-- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/02/11 16:45:02 | 000,027,264 | -H-- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/05/13 14:55:10 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2008/05/13 14:54:28 | 000,091,648 | ---- | C] () -- C:\Windows\gzip.exe
[2008/04/11 10:50:42 | 000,146,990 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/04/11 10:50:42 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/04/09 14:44:31 | 000,000,305 | -H-- | C] () -- C:\ProgramData\addr_file.html
[2008/02/20 18:25:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/04 11:41:26 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\libssl32.dll
[2008/02/01 21:08:04 | 000,147,111 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/02/01 21:08:04 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007/12/24 21:48:48 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2007/12/12 16:02:47 | 000,000,879 | ---- | C] () -- C:\Windows\hphmdl25.dat
[2007/10/30 14:20:58 | 000,639,374 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\fontlst2.opf
[2007/10/24 19:15:44 | 000,008,160 | ---- | C] () -- C:\Users\kasey\AppData\Local\d3d9caps.dat
[2007/10/23 15:17:21 | 000,008,504 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/23 15:09:41 | 000,024,206 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\UserTile.png
[2007/10/04 15:06:58 | 000,000,068 | ---- | C] () -- C:\Windows\iltwain.ini
[2007/10/02 23:24:27 | 000,000,168 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\wklnhst.dat
[2007/09/20 10:49:11 | 000,000,873 | ---- | C] () -- C:\Windows\DKAAJ2DD.ini
[2007/09/19 15:38:41 | 000,051,200 | ---- | C] () -- C:\Users\kasey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/11 22:42:28 | 000,013,025 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\nvModes.001
[2007/09/11 20:47:55 | 000,013,025 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\nvModes.dat
[2007/06/05 07:36:43 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\SN0ELMON.dat
[2007/05/29 00:01:16 | 000,103,489 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/02/27 12:43:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | -H-- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,342,056 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,100,266 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:33:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:25:21 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/19 14:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 16:58:00 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 04:06:00 | 000,016,480 | -H-- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/03/29 00:58:20 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/03/29 00:58:10 | 000,847,872 | -H-- | C] () -- C:\Windows\System32\libeay32.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/31 23:39:30 | 018,005,296 | ---- | M] (Microsoft Corporation) -- C:\Users\kasey\Desktop\IE9-WindowsVista-x86-enu.exe
[2008/01/12 12:12:27 | 125,892,318 | ---- | M] () -- C:\Users\kasey\Desktop\OOo_2.3.1_Win32Intel_install_wJRE_en-US.exe
[2009/05/27 14:16:44 | 155,255,392 | ---- | M] () -- C:\Users\kasey\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/12/12 09:03:43 | 000,003,168 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 09:03:44 | 000,003,168 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2007/05/28 23:50:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/11/11 10:57:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2010/07/10 03:01:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Alarm Clock
[2010/01/17 10:34:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2008/04/09 14:41:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Avira
[2011/12/11 19:03:05 | 000,000,000 | ---D | M] -- C:\Program Files\BabylonToolbar
[2010/11/04 21:37:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2011/02/02 23:03:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Camfrog
[2011/12/04 11:33:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2007/05/28 23:11:18 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2007/10/04 15:06:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Data Trace
[2007/09/20 10:49:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell
[2007/10/20 10:04:11 | 000,000,000 | -H-D | M] -- C:\Program Files\DIGStream
[2009/06/23 17:43:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Disney
[2010/04/30 23:30:23 | 000,000,000 | -H-D | M] -- C:\Program Files\DivX
[2007/05/29 00:03:53 | 000,000,000 | -H-D | M] -- C:\Program Files\earthlink totalaccess
[2011/02/17 01:51:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Enigma Software Group
[2007/10/20 10:04:07 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPN
[2007/10/20 10:04:12 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPNMotion
[2007/10/20 10:04:15 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPNRunTime
[2011/02/16 17:21:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Feedback Tool
[2011/01/31 23:00:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Free Window Registry Repair
[2011/09/07 13:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2008/08/07 10:21:15 | 000,000,000 | -H-D | M] -- C:\Program Files\GE Security Supra
[2011/12/11 19:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/04/30 23:30:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2011/12/03 10:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/25 21:34:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Hamster Soft
[2011/02/01 12:00:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2008/05/13 14:53:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Homestead
[2011/02/01 12:03:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Hp
[2009/03/18 12:50:06 | 000,000,000 | -H-D | M] -- C:\Program Files\HP Games
[2007/05/29 00:21:15 | 000,000,000 | -H-D | M] -- C:\Program Files\HPQ
[2011/12/11 19:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\iBryte
[2009/06/03 09:58:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/10/12 03:49:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2010/11/04 21:49:03 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2009/02/08 21:50:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Iteral
[2010/11/04 21:50:44 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2011/05/07 10:55:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/05/27 14:34:29 | 000,000,000 | -H-D | M] -- C:\Program Files\JRE
[2008/01/15 21:48:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2011/12/01 21:35:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Loaris
[2011/03/23 02:01:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2007/10/25 02:03:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Games
[2007/12/24 22:16:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft LifeCam
[2007/11/05 18:44:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/12/10 21:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/10/12 03:51:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2011/10/10 20:34:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2007/11/05 18:46:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/27 02:04:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2011/02/15 11:21:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2011/01/31 16:47:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2009/02/21 14:13:23 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2007/09/11 07:54:21 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2007/05/29 00:14:43 | 000,000,000 | -H-D | M] -- C:\Program Files\muvee Technologies
[2008/05/29 16:59:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Napster
[2007/09/17 13:27:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Nokia
[2007/05/29 00:05:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2009/05/27 14:33:13 | 000,000,000 | -H-D | M] -- C:\Program Files\OpenOffice.org 2.3
[2009/05/27 14:34:27 | 000,000,000 | -H-D | M] -- C:\Program Files\OpenOffice.org 3
[2007/09/20 10:58:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Print Manager Plus - Client
[2010/11/04 21:43:48 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2007/05/29 00:19:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2009/02/13 13:01:36 | 000,000,000 | -H-D | M] -- C:\Program Files\REFN
[2010/08/22 11:29:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Research In Motion
[2011/02/02 23:15:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Rhapsody
[2007/05/28 23:33:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Roxio
[2010/11/04 21:35:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Safari
[2007/10/30 14:14:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Sharp
[2008/02/04 11:40:30 | 000,000,000 | -H-D | M] -- C:\Program Files\SiLabs
[2011/07/07 16:02:27 | 000,000,000 | RH-D | M] -- C:\Program Files\Skype
[2007/10/23 15:20:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Symantec
[2007/05/28 23:09:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Synaptics
[2006/11/02 05:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/09/16 13:43:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Vongo
[2011/01/31 16:47:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Calendar
[2011/01/31 16:47:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/01/31 16:46:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Defender
[2011/01/31 16:47:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Journal
[2011/10/10 20:42:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live
[2011/11/10 03:59:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Mail
[2011/01/31 16:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2011/01/31 16:47:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Photo Gallery
[2011/02/14 10:53:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Portable Devices
[2007/11/29 23:42:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Resource Kits
[2011/01/31 16:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar
[2007/05/29 00:05:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2011/09/05 08:43:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Zoodles


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | -H-- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 01:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | -H-- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-01 03:19:29

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\RossiListingPackage.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\rose.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\REO Craigslist.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\REO Craigslist.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\PlantMoroz.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Plantation Co-Sponsor.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\McCarron_Lease_INVOICE[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Letter_to_Peter_Mellon_Real_Estate[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Lauraschool.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\invite.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\IndianSpringsDecal.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\hollodAdd1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\hollodadd.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\grizwald.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\GetAttachment.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\fridge.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\foxpre.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\foxhighestoffer.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\C21 disclosureGabel.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\BOWLPOOL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Bowl_Pool_07_-_08_SORTED[1].xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\am012hseX.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\ak02a7y7X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\aj03mce6X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Addendum_A_to_Contract_of_Sale.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\aaaa1jf9X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\45304_Banff_Springs_Street___Addendum_No__1_-_10_01.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\2008_Masters_Golf.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\1234.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\123.pdf:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Tue 13 Dec 2011, 6:34 am

Extras.txt_
OTL Extras logfile created on: 12/12/2011 9:46:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kasey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.38% Memory free
4.12 Gb Paging File | 2.75 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 40.04 Gb Free Space | 28.43% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 0.42 Gb Free Space | 5.91% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.05 Gb Total Space | 0.72 Gb Free Space | 68.76% Space Free | Partition Type: NTFS

Computer Name: KASEY-PC | User Name: kasey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\iBryte\browseforchange\ibrytedesktop.exe" = C:\Program Files\iBryte\browseforchange\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)
"C:\Program Files\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068F3C3D-F1E4-4F76-A18E-C2F252780C92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1CF95360-00F5-4F4D-82DB-F8872C64F6C6}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{1E3B4C74-96AB-4FEC-B45C-77BA0ABB770E}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{2AC20AE0-2CC4-4E48-B2E4-0BB9BC35C7F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{359B9293-BD7C-49C6-9E95-D03A458A7050}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{40363617-F328-4AAC-A4BA-BEF8F59345A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{487A9787-239B-4256-8C1D-D8F8A74F99FD}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{64E8B9F2-0244-4208-9AAA-3AA2CC2B788E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6ED9077C-558F-44AA-9F78-0D68E55DA2FA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7708AB03-F071-4676-B36F-942C86A5496B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{8BCAC1E6-FC1B-4938-B4B4-609768BDBA02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9339E4D4-7623-4610-8101-880FF0183860}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{9F20169F-4372-4D27-8D48-2D4987CCD170}" = lport=4687 | protocol=6 | dir=in | name=mx-3501n |
"{A4C2D3F2-1D21-49C6-ADCC-DBDF5A687466}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{AB3155A8-EB11-4EBC-BA92-BD331F0C8DCD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC722A80-3242-441F-BEBF-B7DB8A7FFA87}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{AE001538-88AE-4A8A-BC65-7A54BF250853}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6341776-B0A2-4FD3-8D7E-979A4A3D4F5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE4C4218-9B65-444A-BC12-7B1B6D5CC75F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF2CDCEE-1271-448B-81BB-0102E4129C96}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CB62C72E-6953-482F-9804-DAF03AB85198}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC927FB7-ED4C-498F-8996-A957E9DCFE86}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E4F6541F-24A3-4872-946E-171DBBB7AB85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE85A5FC-A726-4BF0-9FA4-A599D6E5E4AB}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04568DA3-53B7-4377-B838-C75D70AB216F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{076655C6-6B47-4439-A345-9CADFABB1026}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{083D635C-907A-4348-933A-8EBB63E3C6A6}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{0E36EE5B-93D8-431D-BDED-384C18B5AE78}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0EBC7C09-A7DE-47D4-9161-E578D46A9F42}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{118BCD34-FAA4-4805-883F-0965C17EE6F0}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{18B721A9-B7CE-4598-A1F4-ED32C09EC606}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{1B546202-3822-45A0-8427-D41562234292}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1C367B57-0AC1-4073-873B-DBFD291FBD8A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpzwiz01.exe |
"{1E2FEEFA-8C17-4757-B796-51FFD64030A8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe |
"{1F1776EA-742F-4032-AF68-BA2764697B6C}" = protocol=6 | dir=in | app=c:\program files\sharp\sharpdesk\netscantool.exe |
"{2346F100-EA86-48A7-B581-AAFCBAC9515D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{25FA258E-65FE-4E85-AE99-B63190E62DD1}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{297AA940-2AB9-46AD-B622-3E463724F159}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe |
"{2DC45CE3-59E4-4724-9522-8420F4623064}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37D093FB-490C-4B98-AB31-F96C8C13EB20}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe |
"{391590A3-1328-492D-AF43-988B81D7F232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A16CEA9-EC62-449F-B2EC-A3C4AC0FC4E2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{3D0E202D-75C3-4F05-B2F2-AB3EF4BA827A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E1165D4-6501-4D5C-B527-FD0719E2BFBF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4070E05E-837F-4D40-B984-895634FEDA84}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe |
"{41625BC6-32CC-43A2-805E-86EE4D003AB5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{466F7020-4376-4B7B-8F13-D79ABABEF755}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4B3EC838-508F-40F3-9458-2A2A65FE06E1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{50A59940-426C-40DE-B8C0-485BB2562FE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51A70C0B-1E00-458E-B8BE-B7509148DD9C}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe |
"{5F90D302-D551-4D95-B436-DD484AF084A3}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{6466F7C8-9789-4F93-B00F-3F85CFE814FB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{672C88CD-0417-4060-ABC0-F74096035012}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqcopy2.exe |
"{6AFF84C7-F250-4044-B07E-74BC3782E37B}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{6C1FAEAE-99BC-47B4-A7A4-D15A4C9C1CE6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{6CA741F5-275C-498D-81A6-7E1EA1AF3349}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D4FA56D-E93F-4BA0-BBBA-09403FA550BF}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe |
"{722CEC5D-26B7-4838-9797-66195CE3F5B8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{774F892B-1AB9-478E-8CA7-ECFA76045E1F}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqnrs08.exe |
"{78B229D4-C01A-44AD-8679-E85101BA0E81}" = protocol=17 | dir=in | app=c:\users\kasey\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{78BE27DE-851E-427C-B6BC-DE90E3D1A2CF}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe |
"{80A298EA-1387-4490-B095-6BA8280687FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B85C4FF-9BDA-47E3-AA3F-25326F3C4EE8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{8C36A45E-9B88-4E2D-9BF3-9542728C6D33}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{95869FBE-0362-402A-9E0B-E76AD37D761E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95E1B2B6-4721-496F-8DB7-87144FDA0E81}" = protocol=17 | dir=in | app=c:\program files\sharp\sharpdesk\imaging\kodakimg.exe |
"{967F7121-34F7-4708-B5C3-B42E90EE0F78}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe |
"{99483335-6C64-4158-96FB-0714CE1B5C67}" = protocol=17 | dir=in | app=c:\program files\sharp\sharpdesk\netscantool.exe |
"{9BD697B8-729F-4A55-BEA9-54AE4DA6A62A}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{9D839C64-DF27-43D5-9374-45F410999409}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9EA83A41-7C34-459F-9E7E-BC755333B3B9}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe |
"{9EF3943E-DCE5-480B-ADBE-BDF50FFDB414}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AA5AB164-DE29-45E5-99C2-3ACB518D0ABC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF3360B3-52FB-47E0-B472-39F5E0A261E2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AF9008AB-5FC3-4EB4-8283-31047FE3E3D2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxs08.exe |
"{B090485D-60C6-4012-ACF9-12E4B2020C92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2151B4F-1D0E-454D-9CA9-51346B874F85}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqfxt08.exe |
"{B35A1FD8-0738-4360-84C0-2EEF46FC23CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B678FD02-E7A7-4A19-9B4E-DB67F36334AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB8DB1D1-75FD-4B5F-8AD5-827C7C9EE218}" = protocol=6 | dir=in | app=c:\users\kasey\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C42C29C6-439D-4B84-9296-CFA2D604EB2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C45DC106-AC49-4625-AA22-E163F98E6DB0}" = protocol=6 | dir=in | app=c:\program files\sharp\sharpdesk\imaging\kodakimg.exe |
"{CD6A2D74-FC19-4148-ACA2-85FBD020E5C8}" = dir=in | app=c:\users\kasey\appdata\local\temp\7zs4e74\ojprol7x00_full_14\setup\hpznui01.exe |
"{D7EBA572-AA8C-4278-AF73-792C141FAEC3}" = protocol=6 | dir=out | app=system |
"{E4F2E09D-FCEF-4EFE-A7EF-FDA3618A1E01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5BC5FEB-4B15-412E-9139-442B01816031}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{E6FA7880-6E74-4C25-AA6B-918D32EE85B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E71BDD14-4525-4DD3-8CBD-71D124B3EAE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8EBA60E-7417-4931-B1AD-E02A92D1025E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{E9CF4BE5-4F5A-4265-9A5F-54CE6E2473FB}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposfx08.exe |
"{ECACB3ED-0B2D-47C1-861A-E0C10D4282BE}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{F2DCB7E9-9A91-4214-B847-834B1FC763EC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxm08.exe |
"{FABC5D01-90B9-4323-978A-1BC9E0C4B648}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{2E799E29-73DE-49F1-B487-9FCB205B8E4C}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{37A15B77-5D43-42E3-8423-E1D6B2363469}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{37DF7E69-A688-4A77-83A0-98CBF9C521B1}C:\program files\print manager plus - client\checkpages.exe" = protocol=6 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"TCP Query User{4ABF91FA-0D74-42FC-8937-E3301B87977E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{510EC3ED-8C2E-4F0A-855D-BDAFC085B2C4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{601F9FD7-13AD-45E2-ACFF-A93F08D1D21F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{616A3355-4FD6-4B1F-87D3-B213ABEBF87F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6A48191A-D34A-4AA4-959E-828A3ABE8B70}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{6D715970-041E-48A2-A9B8-F5E86BC28CED}C:\program files\print manager plus - client\checkpages.exe" = protocol=6 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"TCP Query User{8C24351B-B1B9-4394-A7E2-C1534A1B4F2B}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{944160E3-EC2B-42B0-A333-03AF4C8E6FC3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9F640437-A470-45CE-914E-418072A42B7B}C:\program files\sharp\sharpdesk\ftpserver.exe" = protocol=6 | dir=in | app=c:\program files\sharp\sharpdesk\ftpserver.exe |
"TCP Query User{ABAFE258-AE5B-40BB-BCC5-FCF1ABA5B465}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{AF4E4809-6D08-4CA8-BFB5-0AE6F40C76E8}C:\program files\microsoft lifecam\lifecam.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"TCP Query User{B73E89EB-5814-4002-8099-68547E7CD19C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{C3E9A85D-50F2-4C50-B09A-06B38D66871D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E9CBF9FA-EFEB-4D70-A18A-49C624A7718D}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{EFCEEFC0-7A4E-4189-BD0C-A85777D8809A}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{F4A6144B-EE1F-42EC-B208-E5D73A40541D}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{F812AB51-6502-447E-A91C-6B8CB819F687}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{20F4826B-7FDB-462C-98E0-0FD4778A0F7C}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{2227B123-4DA0-4BA3-9C0A-D2E984501AA2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2F9DC477-7C61-4345-BA2B-8CD32A7833D7}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{3C4E93DA-A1D0-4D27-A1D9-9E700A6A28CB}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{4397D3CB-68FC-438C-9395-AB50D74801D3}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{510106FA-DAA5-427B-AB44-98025F6750F7}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{5F57D92F-78B7-42F1-8897-1119D4406924}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{76CFCA54-7D15-4204-8CEB-0C4B804A2240}C:\program files\microsoft lifecam\lifecam.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"UDP Query User{8015239D-C64A-40D6-A33D-1182704B895E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8517B8E8-2C5A-46F7-9903-0AEFB3753CF1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8549111C-32A1-40E9-B351-030753CB5AB5}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{8661728A-690C-49BA-92BF-0E499FD7BB9F}C:\program files\print manager plus - client\checkpages.exe" = protocol=17 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"UDP Query User{891F3BCB-3B62-46C1-94A3-55E908ED45F2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A3262D17-D6BB-44F9-B999-B5935FABD66E}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{AB73BEA9-61B1-4A13-95A1-EF6A16B778A0}C:\program files\print manager plus - client\checkpages.exe" = protocol=17 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"UDP Query User{B55D2A72-C092-4B33-975C-BF2755199DD4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C0473FEC-1885-4103-8B98-8FDB560A8CF3}C:\program files\sharp\sharpdesk\ftpserver.exe" = protocol=17 | dir=in | app=c:\program files\sharp\sharpdesk\ftpserver.exe |
"UDP Query User{C0658E73-157A-4848-B0BA-55BBEB473BF2}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{CDAFD8B9-2216-4FC5-B975-B353250C3B3C}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"UDP Query User{F4777407-40C2-4BD5-938C-09A7464EDDD4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1877EB02-A6F4-AD88-EF4B-CC0AA2BBE061}" = Zoodles
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3171EBEF-1719-4374-926C-9CF44524EC23}" = Print Manager Plus - Client
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7F63C253-6A02-4CB7-B142-82A6B38E46D2}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DA187171-D434-4601-8959-478DE5BD6255}" = Nokia MTP driver
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alarm Clock_is1" = Alarm Clock v1.0
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1" = Zoodles
"Dell Printer Software Uninstall" = Dell Printer Software Uninstall
"DisplayKEY Sync_is1" = DisplayKEY USB Cradle version 0.7.2.1
"DivX Setup.divx.com" = DivX Setup
"DUCCOMM&1560&0003" = CP210x USB to UART Bridge Controller
"ESPN RunTime" = ESPN RunTime
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"iBryte_browseforchange" = Browse For Change
"iBryte_playbryte" = PlayBryte
"InstallShield_{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"Internet Profile" = Internet Profile
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSSL_is1" = OpenSSL 0.9.7f
"OUTLOOKR" = Microsoft Office Outlook 2007
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2010 12:37:25 PM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 6.0.6000.16386, time stamp
0x4549b734, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61,
exception code 0xc0000005, fault offset 0x00009b20, process id 0x6e8, application
start time 0x01cb0e3b5a32f059.

Error - 6/17/2010 12:41:36 PM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 6.0.6000.16386, time stamp
0x4549b734, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61,
exception code 0xc0000005, fault offset 0x0000a4fb, process id 0xfac, application
start time 0x01cb0e3be2990799.

Error - 6/17/2010 12:42:21 PM | Computer Name = kasey-PC | Source = NSSDK.SharpNSApp.1 | ID = 34938914
Description = Load from file Ӕ failed. (0x82150446)

Error - 6/17/2010 12:42:21 PM | Computer Name = kasey-PC | Source = NSSDK.SharpNSApp.1 | ID = 34938914
Description = Load from file Ӕ failed. (0x82150446)

Error - 6/17/2010 12:43:03 PM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 6.0.6000.16386, time stamp
0x4549b734, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61,
exception code 0xc0000005, fault offset 0x00009b20, process id 0x16d8, application
start time 0x01cb0e3c200d5459.

Error - 6/18/2010 3:18:03 AM | Computer Name = kasey-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 6/19/2010 11:51:20 PM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17037, time stamp
0x4b9658a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0003b15f, process id 0x1be0, application
start time 0x01cb0fdca0f51870.

Error - 6/22/2010 1:23:48 AM | Computer Name = kasey-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.17037 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1edc Start Time: 01cb0fe0df88da50 Termination Time: 346

Error - 6/22/2010 1:33:46 AM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17037, time stamp
0x4b9658a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0003b15f, process id 0x1618, application
start time 0x01cb11cc67b707c0.

Error - 6/22/2010 4:29:37 AM | Computer Name = kasey-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17037, time stamp
0x4b9658a0, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x0003b15f, process id 0x1b90, application
start time 0x01cb1160f44a8c50.

[ Media Center Events ]
Error - 12/25/2007 1:53:20 AM | Computer Name = kasey-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/17/2008 6:11:10 AM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/25/2008 1:34:07 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 11:10:48 AM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/25/2009 1:04:22 PM | Computer Name = kasey-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/29/2009 3:51:55 AM | Computer Name = kasey-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/29/2009 1:33:52 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/4/2009 1:22:55 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 4:03:05 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/1/2011 3:30:58 PM | Computer Name = kasey-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/29/2009 12:54:16 AM | Computer Name = kasey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/9/2009 4:32:29 PM | Computer Name = kasey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/12/2011 1:03:33 PM | Computer Name = kasey-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:00:57 AM on 12/12/2011 was unexpected.

Error - 12/12/2011 1:03:55 PM | Computer Name = kasey-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer SHARP MX-3501N PCL6 with
shared resource name SHARP MX-3501N PCL6. Error 2114. The printer cannot be used
by others on the network.

Error - 12/12/2011 1:05:56 PM | Computer Name = kasey-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/12/2011 1:05:56 PM | Computer Name = kasey-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/12/2011 1:06:34 PM | Computer Name = kasey-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 12/12/2011 1:06:34 PM | Computer Name = kasey-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 12/12/2011 1:14:33 PM | Computer Name = kasey-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.117.824.0, AS: 1.117.824.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/12/2011 1:35:00 PM | Computer Name = kasey-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.117.824.0, AS: 1.117.824.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0,
NIS: 2.0.7707.0

Error - 12/12/2011 1:38:20 PM | Computer Name = kasey-PC | Source = DCOM | ID = 10016
Description =

Error - 12/12/2011 1:38:20 PM | Computer Name = kasey-PC | Source = DCOM | ID = 10016
Description =

[ Windows OneCare Events ]
Error - 10/24/2007 6:14:40 PM | Computer Name = kasey-PC | Source = WinSS | ID = 1011
Description =

Error - 10/24/2007 6:14:40 PM | Computer Name = kasey-PC | Source = WinSS | ID = 1011
Description =

Error - 10/30/2007 6:18:02 PM | Computer Name = kasey-PC | Source = WinSS | ID = 1011
Description =


< End of report >

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Tue 13 Dec 2011, 6:40 am

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 11:24:11
-----------------------------
11:24:11.526 OS Version: Windows 6.0.6002 Service Pack 2
11:24:11.526 Number of processors: 2 586 0x6801
11:24:11.527 ComputerName: KASEY-PC UserName: kasey
11:24:15.999 Initialize success
11:24:30.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000076
11:24:30.483 Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 6
11:24:32.505 Disk 0 MBR read successfully
11:24:32.512 Disk 0 MBR scan
11:24:32.520 Disk 0 unknown MBR code
11:24:32.533 Disk 0 scanning sectors +312581792
11:24:32.567 Disk 0 scanning C:\Windows\system32\drivers
11:24:50.611 Service scanning
11:24:51.514 Service MpKsl037e84c2 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EBD2E67-C3EC-443C-8A32-76ECB02512B0}\MpKsl037e84c2.sys **LOCKED** 32
11:24:51.571 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:24:52.289 Modules scanning
11:25:17.743 Disk 0 trace - called modules:
11:25:17.778 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
11:25:17.784 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851c7490]
11:25:18.146 3 CLASSPNP.SYS[87fa48b3] -> nt!IofCallDriver -> [0x83e170c0]
11:25:18.155 5 acpi.sys[878156bc] -> nt!IofCallDriver -> \Device\00000076[0x84bf1620]
11:25:18.163 Scan finished successfully
11:25:36.984 Disk 0 MBR has been saved successfully to "C:\Users\kasey\Desktop\MBR.dat"
11:25:36.995 The log file has been saved successfully to "C:\Users\kasey\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 11:38:20
-----------------------------
11:38:20.335 OS Version: Windows 6.0.6002 Service Pack 2
11:38:20.336 Number of processors: 2 586 0x6801
11:38:20.337 ComputerName: KASEY-PC UserName: kasey
11:38:21.492 Initialize success
11:38:26.126 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000076
11:38:26.129 Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 6
11:38:28.159 Disk 0 MBR read successfully
11:38:28.165 Disk 0 MBR scan
11:38:28.172 Disk 0 unknown MBR code
11:38:28.185 Disk 0 scanning sectors +312581792
11:38:28.233 Disk 0 scanning C:\Windows\system32\drivers
11:38:39.708 Service scanning
11:38:40.493 Service MpKsl037e84c2 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EBD2E67-C3EC-443C-8A32-76ECB02512B0}\MpKsl037e84c2.sys **LOCKED** 32
11:38:40.499 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:38:41.207 Modules scanning
11:39:02.814 Disk 0 trace - called modules:
11:39:02.841 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
11:39:02.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851c7490]
11:39:02.854 3 CLASSPNP.SYS[87fa48b3] -> nt!IofCallDriver -> [0x83e170c0]
11:39:02.863 5 acpi.sys[878156bc] -> nt!IofCallDriver -> \Device\00000076[0x84bf1620]
11:39:02.871 Scan finished successfully
11:39:17.507 Disk 0 MBR has been saved successfully to "C:\Users\kasey\Desktop\MBR.dat"
11:39:17.514 The log file has been saved successfully to "C:\Users\kasey\Desktop\aswMBR.txt"

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Tue 13 Dec 2011, 6:40 am

Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java(TM) 6 Update 25
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java version out of date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Avira Antivir avguard.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Bump

Post by kaseyl on Thu 15 Dec 2011, 6:53 am

Just checking in. It's been just about 48 hours since I posted all my scan results.
Thanks,

kaseyl

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by Belahzur on Thu 15 Dec 2011, 9:21 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Thu 15 Dec 2011, 9:17 pm

I tryed running the scan 3 times. each time it took about 45min to an hour then the screen eventially went black and froze for about 10 min then windows would restart.

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by Belahzur on Sun 18 Dec 2011, 9:46 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Sun 18 Dec 2011, 5:38 pm

In the meantime, I got another malware/virus, "microsoft vista security 2012". after sometime I was able to mbam. Seems to have taken care of microsoft vista security 2012 and a bunch of other infections but now I cant egt an internet connection. I am connected to my wireless router but no internet connection. Tried repairing, reseting modem, check if the proxy server was checked on (was not). here is my mbam log, had to save to disk and send from anotheer computer:

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8390

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/17/2011 6:57:06 PM
mbam-log-2011-12-17 (18-57-06).txt

Scan type: Quick scan
Objects scanned: 195160
Time elapsed: 31 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smad (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Smad (Trojan.Agent) -> Value: Smad -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\kasey\AppData\Local\ghx.exe" -a "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\kasey\AppData\Local\ghx.exe" -a "firefox.exe") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\kasey\AppData\Local\ghx.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\vdv0ehpaytpoui.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\kasey\AppData\Local\Temp\489C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\kasey\AppData\Local\Temp\747D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\kasey\AppData\Local\Temp\csxeawmron.exe (Adware.SanctionedMedia) -> Quarantined and deleted successfully.
c:\Users\kasey\downloads\gimp_setup.exe (PUP.Bundle.Installer.OI) -> Not selected for removal.
c:\Users\kasey\local settings\application data\ghx.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\kasey\Desktop\privacy protection.lnk (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\kasey\local settings\application data\sanctionedmedia\Smad\Smad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\kasey\AppData\Local\sanctionedmedia\Smad\Smad.exe (Trojan.Agent) -> Quarantined and deleted successfully.

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by Belahzur on Wed 21 Dec 2011, 10:16 am

Okay please try running Combofix again.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Thu 22 Dec 2011, 10:42 am

Still not able to run combofix. I redownloded it but still froze my computer. It dosnt get very far into the scan before it freezes. it gets to the part where it says that the scan may take about 10 minutes with a blinking cursor, after about 5 to 10 minutes the cursor freezes along with the rest of the machine.

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by Belahzur on Fri 23 Dec 2011, 11:08 am

Okay please re-run OTL and post the new OTL log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Fri 23 Dec 2011, 6:29 pm

OTL logfile created on: 12/22/2011 11:03:24 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kasey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 46.19% Memory free
4.11 Gb Paging File | 3.06 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 45.39 Gb Free Space | 32.22% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 0.42 Gb Free Space | 5.91% Space Free | Partition Type: NTFS
Drive F: | 1.05 Gb Total Space | 0.72 Gb Free Space | 68.76% Space Free | Partition Type: NTFS
Drive I: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.90 Gb Total Space | 0.49 Gb Free Space | 25.66% Space Free | Partition Type: FAT

Computer Name: KASEY-PC | User Name: kasey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 22:20:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kasey\Desktop\OTL.com
PRC - [2011/12/11 19:04:42 | 000,163,840 | ---- | M] (iBryte) -- C:\Program Files\iBryte\playbryte\iBryteDesktop.exe
PRC - [2011/12/11 19:04:13 | 000,163,840 | ---- | M] (iBryte) -- C:\Program Files\iBryte\browseforchange\iBryteDesktop.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 10:47:12 | 000,079,192 | -H-- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/08 17:35:18 | 000,068,865 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/12/08 17:35:17 | 000,151,297 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/05/17 14:45:34 | 000,271,720 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/03/28 16:45:34 | 000,270,431 | -H-- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/12 17:30:14 | 000,517,768 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/09/07 11:05:16 | 000,053,248 | -H-- | M] (GE Security Supra) -- c:\Program Files\GE Security Supra\SyncService.exe
PRC - [2006/09/07 11:05:16 | 000,011,776 | -H-- | M] (GE Security Supra) -- C:\Program Files\GE Security Supra\ProxyDaemon.exe
PRC - [2005/11/16 11:34:28 | 000,073,216 | ---- | M] () -- C:\SSL\stunnel-4.10.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/11 19:04:43 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\browsermediator\1.0.0.0__51b6fa9a48c79a9e\browsermediator.dll
MOD - [2011/10/12 02:04:32 | 003,391,488 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f8bceb5b\mscorlib.dll
MOD - [2011/10/12 02:04:26 | 000,835,584 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_93d997e0\system.drawing.dll
MOD - [2011/10/12 02:04:15 | 002,088,960 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f48c12a4\system.xml.dll
MOD - [2011/10/12 02:04:02 | 003,018,752 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a3b1bffb\system.windows.forms.dll
MOD - [2011/10/12 02:03:46 | 001,966,080 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_27160a52\system.dll
MOD - [2011/10/12 02:03:37 | 001,232,896 | -H-- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2008/02/06 09:36:15 | 001,339,392 | -H-- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/02/06 09:36:12 | 000,466,944 | -H-- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/02/06 09:36:11 | 002,052,096 | -H-- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | -H-- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/28 04:40:36 | 000,254,824 | -H-- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2010/05/28 03:46:46 | 000,138,600 | -H-- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2010/05/28 01:50:44 | 000,701,288 | -H-- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/12/08 17:35:18 | 000,068,865 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/12/08 17:35:17 | 000,151,297 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/17 14:45:34 | 000,271,720 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/28 16:45:38 | 000,118,877 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 16:45:34 | 000,270,431 | -H-- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/03/12 17:30:14 | 000,517,768 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/09 13:55:34 | 000,110,592 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/09/07 11:05:16 | 000,053,248 | -H-- | M] (GE Security Supra) [Auto | Running] -- c:\Program Files\GE Security Supra\SyncService.exe -- (DkeySync)
SRV - [2006/06/05 12:59:18 | 000,174,080 | -H-- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/09 16:16:42 | 003,482,240 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/27 08:42:35 | 000,075,096 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 08:42:29 | 000,052,056 | -H-- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 08:42:25 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/03/03 12:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/04/10 14:46:44 | 002,385,896 | -H-- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2007/03/01 09:34:36 | 000,028,352 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/28 10:26:00 | 004,465,184 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 08:24:48 | 000,159,232 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 00:50:32 | 000,012,032 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/22 13:28:56 | 000,100,648 | -H-- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 09:24:58 | 000,008,192 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 09:16:24 | 000,032,256 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 04:42:46 | 000,043,520 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 02:35:20 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/01 23:30:56 | 000,429,056 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/09/07 11:00:18 | 000,089,808 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2006/09/07 11:00:18 | 000,055,312 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) DisplayKEY USB Cradle driver (WDM)
DRV - [2006/08/05 01:39:10 | 000,008,192 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 08:54:00 | 000,009,472 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/05/29 07:26:38 | 000,127,488 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 07:26:36 | 000,013,312 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 07:26:36 | 000,013,312 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 07:26:36 | 000,008,704 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kasey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kasey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/01 12:03:46 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/10 15:06:45 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/01 12:03:46 | 000,000,000 | -H-D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\kasey\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\kasey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\kasey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\kasey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [iBryte browseforchange Desktop] C:\Program Files\iBryte\browseforchange\iBryteDesktop.exe (iBryte)
O4 - HKLM..\Run: [iBryte playbryte Desktop] C:\Program Files\iBryte\playbryte\iBryteDesktop.exe (iBryte)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O15 - HKCU\..Trusted Domains: lvarmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([signup] * in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: rapmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rapmls.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: vvmls.com ([]http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC68} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6DE617B8-49C0-40F8-8118-D2C3741F1C28} [You must be registered and logged in to see this link.] (SetTrustedSitesControl.clsReg)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} [You must be registered and logged in to see this link.] (MSN File Upload Control)
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} [You must be registered and logged in to see this link.] (LogData Class)
O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} [You must be registered and logged in to see this link.] (SAXFile FileDownload ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} [You must be registered and logged in to see this link.] (RIM AxLoader)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} [You must be registered and logged in to see this link.] (iPIX Media Send Class)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 00:15:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 11:53:42 | 000,000,277 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{40d5eb57-c2e1-11de-8853-001b2485a4be}\Shell - "" = AutoRun
O33 - MountPoints2\{40d5eb57-c2e1-11de-8853-001b2485a4be}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2007/02/12 17:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\{45946bf3-1700-11df-bb5a-001b2485a4be}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{45946bf3-1700-11df-bb5a-001b2485a4be}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{8f87c093-0848-11e0-8b6c-001b2485a4be}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{a1a3f6ce-13cf-11de-b39a-001b2485a4be}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{a1a3f6ce-13cf-11de-b39a-001b2485a4be}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2007/02/12 17:33:37 | 001,110,016 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FtpServer.exe - hkey= - key= - C:\Program Files\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: printutil - hkey= - key= - C:\Users\kasey\AppData\Local\Temp\7zS2ABD\HPPDU.exe (Hewlett-Packard)
MsConfig - StartUpReg: QlbCtrl - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: SharpTray - hkey= - key= - C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: WAWifiMessage - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

SafeBootMin: 17427488.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 17427488.sys - Driver
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Fri 23 Dec 2011, 6:29 pm

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 23:02:25 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{28CEE9B2-EC28-4816-8B12-4607439634A8}
[2011/12/22 22:59:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\kasey\Desktop\OTL.com
[2011/12/22 22:44:12 | 000,000,000 | --SD | C] -- C:\Commy21152C
[2011/12/22 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{B1764D65-31AB-4320-AF92-F5A3E1DCFDE5}
[2011/12/19 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{31BC04F9-8B68-4428-B402-1799267AE25B}
[2011/12/19 19:06:25 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{23630B9C-7AEC-49BD-B367-44BD3BDF414F}
[2011/12/19 18:38:28 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{F3593DD4-9CC3-4ACA-B867-47A80967582A}
[2011/12/19 15:06:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/19 15:06:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/19 15:06:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/17 18:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 18:22:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/17 18:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 18:18:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\kasey\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/17 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\SanctionedMedia
[2011/12/17 13:41:09 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{2C4750DE-16FE-46AB-887C-380B15CD5152}
[2011/12/17 13:40:06 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{4BB14F25-1054-43F4-BB4E-64E3B634715E}
[2011/12/15 22:57:19 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{3CA62C65-08B1-451B-9552-D5959BD029B2}
[2011/12/15 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{33C6210D-8E58-436E-BAD6-655C7564FFBC}
[2011/12/15 09:50:11 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{1B3BA571-1387-43AD-8474-91D4460B07AC}
[2011/12/15 09:49:50 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{24376A4C-E4F8-4D56-8363-0F9944903C37}
[2011/12/14 23:35:33 | 000,000,000 | ---D | C] -- C:\Commy
[2011/12/14 21:39:20 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{281D0DFD-1B88-478B-895E-D3C6C61AE122}
[2011/12/14 21:38:56 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{BC2ECA28-EB84-4B12-8085-CFCD6BC4FF08}
[2011/12/14 20:59:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/14 20:59:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/14 20:32:01 | 004,345,296 | R--- | C] (Swearware) -- C:\Users\kasey\Desktop\Commy.exe
[2011/12/12 11:23:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\kasey\Desktop\aswMBR.exe
[2011/12/11 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\gtk-2.0
[2011/12/11 19:09:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\.thumbnails
[2011/12/11 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\kasey\Documents\gegl-0.0
[2011/12/11 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\kasey\.gimp-2.6
[2011/12/11 19:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/12/11 19:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011/12/11 19:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\iBryte
[2011/12/11 19:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/12/11 19:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\Babylon
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\Babylon
[2011/12/11 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/12/10 22:48:17 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{F3D71014-AD41-4A72-990E-46518924900E}
[2011/12/10 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{45914E97-EDB7-4DAF-976E-3917633B6D7D}
[2011/12/10 21:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/06 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{3DB9BEF1-62A8-477E-B04D-C3C2B610B2BC}
[2011/12/06 09:19:28 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{45A418A2-AA63-43C1-B2E7-59B07C1F482B}
[2011/12/05 21:08:02 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{515B2883-965E-4CFB-97CB-7E6B6FCED651}
[2011/12/05 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{FA07FFFB-91DD-4635-B1EF-491DA5E45CDF}
[2011/12/05 19:55:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{24FD69FA-DD8C-48C9-A36F-5F49D5C271C6}
[2011/12/05 08:58:20 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{49974990-EA67-4E6B-9A19-9FE493F17966}
[2011/12/04 11:38:43 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{5FC1AFEC-517C-4969-9148-80A09E981A2E}
[2011/12/04 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{A455D848-C819-44E6-AB85-177310F3EFB2}
[2011/12/04 00:07:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/03 23:31:23 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{651DC1E4-8893-4082-BED4-24E69F0AE480}
[2011/12/03 23:30:35 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{DA636B99-BAC9-4DA2-822E-2D5BD7669320}
[2011/12/03 09:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/12/03 09:09:46 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{97CFEBAF-F340-41E3-9E41-D1ABD7A5B328}
[2011/12/02 20:39:48 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{B7042A04-7646-46E6-AF4A-A038CF02D554}
[2011/12/02 20:38:33 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{793EDBE4-25F5-415B-B161-A241B0600918}
[2011/12/02 18:28:16 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{83195D49-8EB0-4287-8FAB-88714233F481}
[2011/12/02 00:10:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{D57C4719-559D-4EFB-866B-CAB86D2A7DF7}
[2011/12/02 00:10:06 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{7AEB90F8-12FA-439D-BF79-B2D439BECD73}
[2011/12/01 21:35:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Loaris
[2011/12/01 20:19:48 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{21ACE7D0-3F00-4AE2-9DF3-9BEB6F2A1A2B}
[2011/12/01 20:19:32 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{69028728-FB17-42DC-8A52-03BAFF691081}
[2011/11/30 12:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/30 12:42:51 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{E1F7ED87-B026-48AB-8382-A21E26E76E0B}
[2011/11/30 12:42:19 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{3E26C50C-8DE7-476C-ACC2-855146BCE08D}
[2011/11/26 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{FF124BB4-FB9C-47AF-887C-004E4D89B931}
[2011/11/26 11:45:01 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{E684E478-B041-401D-95EA-1B3D1BBF0008}
[2011/11/26 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{8842906D-112E-4E07-B1FD-E133A3FDCBE4}
[2011/11/26 10:04:30 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{72AA5D6E-FA88-49DD-965C-2F60182CA88D}
[2011/11/26 09:55:57 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{8BE31A0A-02C0-4AD8-AFF7-7509EAE56805}
[2011/11/25 21:45:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{0079004E-2680-4406-BDE6-5662C5A19336}
[2011/11/25 21:45:49 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{66771215-89E9-4107-BFF6-1B22C6DBED5E}
[2011/11/25 21:40:08 | 000,000,000 | ---D | C] -- C:\Users\kasey\Desktop\sexy
[2011/11/25 21:34:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
[2011/11/25 21:34:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Hamster Soft
[2011/11/25 21:12:28 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{5AAE684E-3211-4BED-9621-30E2E372737F}
[2011/11/25 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Local\{2C378169-25BB-4041-ABAC-BB21FC995CF0}
[2011/11/25 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\kasey\AppData\Roaming\Mozilla
[2007/07/04 20:28:52 | 000,176,128 | -H-- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\kasey\*.tmp files -> C:\Users\kasey\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/22 23:02:17 | 000,000,886 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/22 22:58:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 22:58:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 22:57:59 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/22 22:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 22:57:43 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 22:20:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kasey\Desktop\OTL.com
[2011/12/21 11:11:18 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3169625114-2507931809-1573453260-1000Core.job
[2011/12/21 11:03:18 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3169625114-2507931809-1573453260-1000UA.job
[2011/12/21 10:15:08 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/12/19 18:40:44 | 000,013,025 | ---- | M] () -- C:\Users\kasey\AppData\Roaming\nvModes.001
[2011/12/19 18:28:59 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkasey.job
[2011/12/19 14:32:30 | 004,345,296 | R--- | M] (Swearware) -- C:\Users\kasey\Desktop\Commy.exe
[2011/12/17 21:37:53 | 000,008,160 | ---- | M] () -- C:\Users\kasey\AppData\Local\d3d9caps.dat
[2011/12/17 18:22:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 18:20:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\kasey\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/17 18:05:13 | 000,010,350 | -HS- | M] () -- C:\Users\kasey\AppData\Local\mifbt2gh34tc651hv265tn6e05s8m
[2011/12/17 18:05:13 | 000,010,350 | -HS- | M] () -- C:\ProgramData\mifbt2gh34tc651hv265tn6e05s8m
[2011/12/17 13:47:02 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/12/17 06:10:34 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/12/15 22:48:29 | 300,919,116 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/12 11:39:17 | 000,000,512 | ---- | M] () -- C:\Users\kasey\Desktop\MBR.dat
[2011/12/12 11:27:32 | 000,879,649 | ---- | M] () -- C:\Users\kasey\Desktop\SecurityCheck.exe
[2011/12/12 11:23:53 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\kasey\Desktop\aswMBR.exe
[2011/12/11 19:14:26 | 000,001,469 | ---- | M] () -- C:\Users\kasey\.recently-used.xbel
[2011/12/11 19:06:25 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/12/11 19:04:18 | 000,000,093 | ---- | M] () -- C:\Users\kasey\AppData\Local\fusioncache.dat
[2011/12/11 19:03:12 | 000,001,492 | ---- | M] () -- C:\user.js
[2011/12/10 21:55:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/09 13:57:56 | 000,285,966 | ---- | M] () -- C:\Users\kasey\Documents\madero.jpg
[2011/12/09 13:54:45 | 000,085,041 | ---- | M] () -- C:\Users\kasey\Documents\Invoice.pdf
[2011/12/05 23:23:41 | 000,015,047 | ---- | M] () -- C:\Users\kasey\Documents\uncleK.wlmp
[2011/12/05 21:23:28 | 000,051,200 | ---- | M] () -- C:\Users\kasey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/04 19:48:17 | 000,014,518 | ---- | M] () -- C:\Users\kasey\Documents\sexy&know.wlmp
[2011/12/04 01:43:08 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/03 23:11:26 | 000,000,062 | ---- | M] () -- C:\ProgramData\vDV0EhpayTpOuI.lic
[2011/12/02 01:05:35 | 000,196,608 | -H-- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/30 13:09:40 | 000,000,448 | ---- | M] () -- C:\ProgramData\vDV0EhpayTpOuI
[2011/11/30 13:09:25 | 000,000,312 | ---- | M] () -- C:\ProgramData\~vDV0EhpayTpOuI
[2011/11/30 13:09:25 | 000,000,216 | ---- | M] () -- C:\ProgramData\~vDV0EhpayTpOuIr
[2011/11/27 21:47:11 | 000,086,570 | ---- | M] () -- C:\Users\kasey\Desktop\Nov. 28- sub.pdf
[2011/11/26 22:44:35 | 000,221,184 | ---- | M] () -- C:\Users\kasey\Desktop\gucky_MPEG_.mpg
[2011/11/26 12:02:22 | 003,135,329 | ---- | M] () -- C:\Users\kasey\Documents\VID 00004-20111126-1201.3GP
[2011/11/25 21:36:10 | 000,000,275 | ---- | M] () -- C:\Users\kasey\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/25 21:34:56 | 000,001,132 | ---- | M] () -- C:\Users\kasey\Application Data\Microsoft\Internet Explorer\Quick Launch\Hamster Free Video Converter.lnk
[2011/11/24 14:11:30 | 001,252,524 | ---- | M] () -- C:\Users\kasey\Documents\VID-20111124-00051.3GP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\kasey\*.tmp files -> C:\Users\kasey\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/19 15:06:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/19 15:06:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/19 15:06:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/19 15:06:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/19 15:06:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/17 22:03:31 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/17 18:22:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 13:46:42 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/12/17 12:35:00 | 000,010,350 | -HS- | C] () -- C:\Users\kasey\AppData\Local\mifbt2gh34tc651hv265tn6e05s8m
[2011/12/17 12:35:00 | 000,010,350 | -HS- | C] () -- C:\ProgramData\mifbt2gh34tc651hv265tn6e05s8m
[2011/12/12 11:27:34 | 000,879,649 | ---- | C] () -- C:\Users\kasey\Desktop\SecurityCheck.exe
[2011/12/12 11:25:36 | 000,000,512 | ---- | C] () -- C:\Users\kasey\Desktop\MBR.dat
[2011/12/11 19:14:26 | 000,001,469 | ---- | C] () -- C:\Users\kasey\.recently-used.xbel
[2011/12/11 19:06:25 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/12/11 19:04:18 | 000,000,093 | ---- | C] () -- C:\Users\kasey\AppData\Local\fusioncache.dat
[2011/12/11 19:03:03 | 000,001,492 | ---- | C] () -- C:\user.js
[2011/12/10 21:54:54 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/09 13:57:48 | 000,285,966 | ---- | C] () -- C:\Users\kasey\Documents\madero.jpg
[2011/12/09 13:54:45 | 000,085,041 | ---- | C] () -- C:\Users\kasey\Documents\Invoice.pdf
[2011/12/05 23:23:40 | 000,015,047 | ---- | C] () -- C:\Users\kasey\Documents\uncleK.wlmp
[2011/12/05 09:17:23 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForkasey.job
[2011/12/04 00:31:25 | 000,000,808 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/03 23:11:26 | 000,000,062 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI.lic
[2011/11/30 12:42:13 | 000,000,312 | ---- | C] () -- C:\ProgramData\~vDV0EhpayTpOuI
[2011/11/30 12:42:13 | 000,000,216 | ---- | C] () -- C:\ProgramData\~vDV0EhpayTpOuIr
[2011/11/30 12:41:48 | 000,000,448 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI
[2011/11/27 21:47:10 | 000,086,570 | ---- | C] () -- C:\Users\kasey\Desktop\Nov. 28- sub.pdf
[2011/11/26 22:44:34 | 000,221,184 | ---- | C] () -- C:\Users\kasey\Desktop\gucky_MPEG_.mpg
[2011/11/26 21:32:44 | 003,135,329 | ---- | C] () -- C:\Users\kasey\Documents\VID 00004-20111126-1201.3GP
[2011/11/26 09:58:43 | 000,014,518 | ---- | C] () -- C:\Users\kasey\Documents\sexy&know.wlmp
[2011/11/25 21:36:09 | 000,000,275 | ---- | C] () -- C:\Users\kasey\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/25 21:34:56 | 000,001,132 | ---- | C] () -- C:\Users\kasey\Application Data\Microsoft\Internet Explorer\Quick Launch\Hamster Free Video Converter.lnk
[2011/11/25 21:01:51 | 001,252,524 | ---- | C] () -- C:\Users\kasey\Documents\VID-20111124-00051.3GP
[2011/09/07 12:01:08 | 000,000,216 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/09/07 12:01:08 | 000,000,160 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/09/07 12:01:05 | 000,000,448 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011/02/16 15:45:34 | 000,239,096 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/02/10 15:49:43 | 000,000,127 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/01 13:29:02 | 000,239,937 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2011/02/01 13:29:02 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2011/02/01 11:49:01 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/01/20 11:37:41 | 000,157,178 | ---- | C] () -- C:\Windows\hphins25.dat
[2010/12/02 03:29:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/01 11:10:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/01 11:10:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/18 09:36:25 | 000,036,384 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/03 17:06:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/20 09:15:01 | 000,169,962 | ---- | C] () -- C:\Windows\hpqins00.dat.temp
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/23 15:15:02 | 000,170,508 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/09 16:16:42 | 003,482,240 | -H-- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/02/11 16:45:02 | 000,027,264 | -H-- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/05/13 14:55:10 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2008/05/13 14:54:28 | 000,091,648 | ---- | C] () -- C:\Windows\gzip.exe
[2008/04/11 10:50:42 | 000,146,990 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/04/11 10:50:42 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/04/09 14:44:31 | 000,000,305 | -H-- | C] () -- C:\ProgramData\addr_file.html
[2008/02/20 18:25:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/04 11:41:26 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\libssl32.dll
[2008/02/01 21:08:04 | 000,147,111 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/02/01 21:08:04 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007/12/24 21:48:48 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2007/12/12 16:02:47 | 000,000,879 | ---- | C] () -- C:\Windows\hphmdl25.dat
[2007/10/30 14:20:58 | 000,639,374 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\fontlst2.opf
[2007/10/24 19:15:44 | 000,008,160 | ---- | C] () -- C:\Users\kasey\AppData\Local\d3d9caps.dat
[2007/10/23 15:17:21 | 000,008,504 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/23 15:09:41 | 000,024,206 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\UserTile.png
[2007/10/04 15:06:58 | 000,000,068 | ---- | C] () -- C:\Windows\iltwain.ini
[2007/10/02 23:24:27 | 000,000,168 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\wklnhst.dat
[2007/09/20 10:49:11 | 000,000,873 | ---- | C] () -- C:\Windows\DKAAJ2DD.ini
[2007/09/19 15:38:41 | 000,051,200 | ---- | C] () -- C:\Users\kasey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/11 22:42:28 | 000,013,025 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\nvModes.001
[2007/09/11 20:47:55 | 000,013,025 | ---- | C] () -- C:\Users\kasey\AppData\Roaming\nvModes.dat
[2007/06/05 07:36:43 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\SN0ELMON.dat
[2007/05/29 00:01:16 | 000,103,489 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/02/27 12:43:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | -H-- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,342,056 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,100,266 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:33:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:25:21 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/19 14:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 16:58:00 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 04:06:00 | 000,016,480 | -H-- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/03/29 00:58:20 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/03/29 00:58:10 | 000,847,872 | -H-- | C] () -- C:\Windows\System32\libeay32.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/12/12 11:23:53 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\kasey\Desktop\aswMBR.exe
[2011/12/19 14:32:30 | 004,345,296 | R--- | M] (Swearware) -- C:\Users\kasey\Desktop\Commy.exe
[2011/08/31 23:39:30 | 018,005,296 | ---- | M] (Microsoft Corporation) -- C:\Users\kasey\Desktop\IE9-WindowsVista-x86-enu.exe
[2011/12/17 18:20:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\kasey\Desktop\mbam-setup-1.51.2.1300.exe
[2008/01/12 12:12:27 | 125,892,318 | ---- | M] () -- C:\Users\kasey\Desktop\OOo_2.3.1_Win32Intel_install_wJRE_en-US.exe
[2009/05/27 14:16:44 | 155,255,392 | ---- | M] () -- C:\Users\kasey\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2011/12/12 11:27:32 | 000,879,649 | ---- | M] () -- C:\Users\kasey\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/12/22 22:58:08 | 000,003,168 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 22:58:09 | 000,003,168 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2007/05/28 23:50:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/11/11 10:57:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2010/07/10 03:01:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Alarm Clock
[2010/01/17 10:34:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2008/04/09 14:41:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Avira
[2011/12/11 19:03:05 | 000,000,000 | ---D | M] -- C:\Program Files\BabylonToolbar
[2010/11/04 21:37:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2011/02/02 23:03:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Camfrog
[2011/12/04 11:33:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2007/05/28 23:11:18 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2007/10/04 15:06:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Data Trace
[2007/09/20 10:49:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Dell
[2007/10/20 10:04:11 | 000,000,000 | -H-D | M] -- C:\Program Files\DIGStream
[2009/06/23 17:43:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Disney
[2010/04/30 23:30:23 | 000,000,000 | -H-D | M] -- C:\Program Files\DivX
[2007/05/29 00:03:53 | 000,000,000 | -H-D | M] -- C:\Program Files\earthlink totalaccess
[2011/02/17 01:51:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Enigma Software Group
[2007/10/20 10:04:07 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPN
[2007/10/20 10:04:12 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPNMotion
[2007/10/20 10:04:15 | 000,000,000 | -H-D | M] -- C:\Program Files\ESPNRunTime
[2011/02/16 17:21:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Feedback Tool
[2011/01/31 23:00:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Free Window Registry Repair
[2011/09/07 13:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2008/08/07 10:21:15 | 000,000,000 | -H-D | M] -- C:\Program Files\GE Security Supra
[2011/12/11 19:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/04/30 23:30:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2011/12/03 10:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/25 21:34:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Hamster Soft
[2011/02/01 12:00:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2008/05/13 14:53:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Homestead
[2011/02/01 12:03:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Hp
[2009/03/18 12:50:06 | 000,000,000 | -H-D | M] -- C:\Program Files\HP Games
[2007/05/29 00:21:15 | 000,000,000 | -H-D | M] -- C:\Program Files\HPQ
[2011/12/11 19:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\iBryte
[2009/06/03 09:58:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/10/12 03:49:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2010/11/04 21:49:03 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2009/02/08 21:50:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Iteral
[2010/11/04 21:50:44 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2011/05/07 10:55:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/05/27 14:34:29 | 000,000,000 | -H-D | M] -- C:\Program Files\JRE
[2008/01/15 21:48:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2011/12/01 21:35:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Loaris
[2011/12/17 18:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/23 02:01:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2007/10/25 02:03:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Games
[2007/12/24 22:16:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft LifeCam
[2007/11/05 18:44:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/12/10 21:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/10/12 03:51:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2011/10/10 20:34:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2007/11/05 18:46:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/27 02:04:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2011/02/15 11:21:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2011/01/31 16:47:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2009/02/21 14:13:23 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2007/09/11 07:54:21 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2007/05/29 00:14:43 | 000,000,000 | -H-D | M] -- C:\Program Files\muvee Technologies
[2008/05/29 16:59:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Napster
[2007/09/17 13:27:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Nokia
[2007/05/29 00:05:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2009/05/27 14:33:13 | 000,000,000 | -H-D | M] -- C:\Program Files\OpenOffice.org 2.3
[2009/05/27 14:34:27 | 000,000,000 | -H-D | M] -- C:\Program Files\OpenOffice.org 3
[2007/09/20 10:58:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Print Manager Plus - Client
[2010/11/04 21:43:48 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2007/05/29 00:19:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2009/02/13 13:01:36 | 000,000,000 | -H-D | M] -- C:\Program Files\REFN
[2010/08/22 11:29:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Research In Motion
[2011/02/02 23:15:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Rhapsody
[2007/05/28 23:33:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Roxio
[2010/11/04 21:35:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Safari
[2007/10/30 14:14:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Sharp
[2008/02/04 11:40:30 | 000,000,000 | -H-D | M] -- C:\Program Files\SiLabs
[2011/07/07 16:02:27 | 000,000,000 | RH-D | M] -- C:\Program Files\Skype
[2007/10/23 15:20:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Symantec
[2007/05/28 23:09:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Synaptics
[2006/11/02 05:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/09/16 13:43:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Vongo
[2011/01/31 16:47:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Calendar
[2011/01/31 16:47:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/01/31 16:46:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Defender
[2011/01/31 16:47:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Journal
[2011/10/10 20:42:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live
[2011/11/10 03:59:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Mail
[2011/01/31 16:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 04:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2011/01/31 16:47:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Photo Gallery
[2011/02/14 10:53:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Portable Devices
[2007/11/29 23:42:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Resource Kits
[2011/01/31 16:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar
[2007/05/29 00:05:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!
[2011/09/05 08:43:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Zoodles


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/05/29 00:23:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | -H-- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 08:04:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 01:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | -H-- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-01 03:19:29

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/31 23:45:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/31 23:45:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 15:00:18 | 002,388,264 | -H-- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\RossiListingPackage.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\rose.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\REO Craigslist.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\REO Craigslist.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\PlantMoroz.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Plantation Co-Sponsor.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\McCarron_Lease_INVOICE[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Letter_to_Peter_Mellon_Real_Estate[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Lauraschool.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\invite.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\IndianSpringsDecal.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\hollodAdd1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\hollodadd.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\grizwald.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\GetAttachment.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\fridge.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\foxpre.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\foxhighestoffer.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\C21 disclosureGabel.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\BOWLPOOL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Bowl_Pool_07_-_08_SORTED[1].xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\am012hseX.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\ak02a7y7X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\aj03mce6X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\Addendum_A_to_Contract_of_Sale.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\aaaa1jf9X.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\45304_Banff_Springs_Street___Addendum_No__1_-_10_01.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\2008_Masters_Golf.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\1234.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\kasey\Documents\123.pdf:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by Belahzur on Sun 25 Dec 2011, 3:14 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:

    :OTL
    [2011/09/07 12:01:08 | 000,000,216 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
    [2011/09/07 12:01:08 | 000,000,160 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
    [2011/09/07 12:01:05 | 000,000,448 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
    [2011/12/03 23:11:26 | 000,000,062 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI.lic
    [2011/11/30 12:42:13 | 000,000,312 | ---- | C] () -- C:\ProgramData\~vDV0EhpayTpOuI
    [2011/11/30 12:42:13 | 000,000,216 | ---- | C] () -- C:\ProgramData\~vDV0EhpayTpOuIr
    [2011/11/30 12:41:48 | 000,000,448 | ---- | C] () -- C:\ProgramData\vDV0EhpayTpOuI
    [2011/12/17 12:35:00 | 000,010,350 | -HS- | C] () -- C:\Users\kasey\AppData\Local\mifbt2gh34tc651hv265tn6e05s8m
    [2011/12/17 12:35:00 | 000,010,350 | -HS- | C] () -- C:\ProgramData\mifbt2gh34tc651hv265tn6e05s8m

    :commands
    [emptytemp]
    [emptyflash]
    [reboot]

  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Wed 28 Dec 2011, 10:31 am

All processes killed
========== OTL ==========
C:\ProgramData\~P1kAlMiG2Kb7Fz moved successfully.
C:\ProgramData\~P1kAlMiG2Kb7Fzr moved successfully.
C:\ProgramData\P1kAlMiG2Kb7Fz moved successfully.
C:\ProgramData\vDV0EhpayTpOuI.lic moved successfully.
C:\ProgramData\~vDV0EhpayTpOuI moved successfully.
C:\ProgramData\~vDV0EhpayTpOuIr moved successfully.
C:\ProgramData\vDV0EhpayTpOuI moved successfully.
C:\Users\kasey\AppData\Local\mifbt2gh34tc651hv265tn6e05s8m moved successfully.
C:\ProgramData\mifbt2gh34tc651hv265tn6e05s8m moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kasey
->Temp folder emptied: 8236418047 bytes
->Temporary Internet Files folder emptied: 2455095357 bytes
->Java cache emptied: 4967 bytes
->Google Chrome cache emptied: 80335975 bytes
->Apple Safari cache emptied: 9753600 bytes
->Flash cache emptied: 59805 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1090124 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169103404 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10,445.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: kasey
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12272011_141128

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Fri 30 Dec 2011, 6:54 am

Not sure if I am suppose to run combofix again? Still no internet connection

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by Belahzur on Fri 30 Dec 2011, 12:35 pm

Yes please, give Combofix a run.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by kaseyl on Tue 03 Jan 2012, 6:30 pm

still no luck with combofix. I did get further through the scan, a pop up came up saying that rootkit:zeroaccess was detected but the computer eventually froze up.

kaseyl

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-12-11
Operating System : vista

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by Belahzur on Sat 07 Jan 2012, 4:08 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: trojan dos alureon.e

Post by Sponsored content Today at 5:53 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum