Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Svchost and system connnections to Facebook & Yahoo all day

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Svchost and system connnections to Facebook & Yahoo all day

Unread postby jan29ab » February 11th, 2011, 10:54 am

Description of problem: from the time I boot my computer until I shut it off, my Firewall Status Window (Online Armor) says the following are listening:

"Program: System/TCP: 1.ycs.vip.a4e.yahoo.com:microsoft-ds"
"Program: System/UDP: 1.ycs.vip.a4e.yahoo.com:microsoft-ds"
"Program: svchost.exe/TCP: 1.ycs.vip.a4e.yahoo.com:3389"
"Program: svchost.exe/TCP: 1.ycs.vip.a4e.yahoo.com:epmap"

And if it's not yahoo, it's facebook, but it always one or the other like the above listings.
I know that's not normal, because I have another computer on my home network that never has those kinds of entries.

I have run conventional antivirus programs (Avast, Malwarebytes, Norton Power Eraser, Hitman Pro, etc.) and nothing is detected. I have sent the svchost.exe file to VirusTotal and it's reported as clean.

My browser is never hijacked, and there are no modifications to my HOSTS file. Also, WinPatrol monitors my HOSTS file. I am not sure, but I feel the problem is from some program I installed, as I browse with Sandboxie, NoScript, have PeerBlock running, SpywareBlaster installed, cull for cookies all the time, have a "super cookie" (Flash cookie) cleaner installed, etc.

I ran the ADS Spy tool under Misc Tools in Hijack This, and it reported a file: c:\Widows:[square] 108 bytes -- by [square] I mean literally a square, I just don't know how to represent that on my keyboard! When Hijack This tried to remove it, it said the ADS stream could not be deleted as it may be locked by another program.

End of description -- I will now attach my Hijack This log and the Uninstall log. Thanks for your help.

****************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:48:04 PM, on 2/9/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fpdisp4.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboTaskBarIcon.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\atiptaxx.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
H:\Firefox Portable 3.6.3\FirefoxPortable\FirefoxPortable.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
H:\Firefox Portable 3.6.3\FirefoxPortable\App\Firefox\firefox.exe
H:\Firefox Portable 3.6.3\FirefoxPortable\App\Firefox\plugin-container.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fpdisp4.exe
C:\Program Files\HAS\HAS.exe
H:\GMER and Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bloomberg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 127.0.0.0 http://216.156.194.139
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [CANON DR2080C SVC] rundll32.exe DR2KSVC.dll,EntryPointUserMessage
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fpdisp4.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ATI Desktop Control Panel] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'Default user')
O4 - Startup: atiptaxx.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe
O9 - Extra 'Tools' menuitem: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.co ... 4152914953
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8868313453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7425448234
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D54588EC-ECCF-413D-B475-782ED18AFBFC}: Domain = the-beach.net
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 10359 bytes

*************
Here is my uninstall list:

ACDSee Photo Manager 2009
Acoustica Audio Converter Pro
Acronis DriveCleanser
Acronis True Image Home
Active Ports
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe PDF IFilter 4.1
AI RoboForm (All Users)
AimAtFile 4.0
AntiLogger
AntiLogger
Any Video Converter 3.1.8
APL+Win Version 4.0
Apple Application Support
Apple Software Update
a-squared Free 4.5
a-squared HiJackFree 3.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
avast! Free Antivirus
calibre
Canon DR-2080C Scanner Driver
Canon ScanGear Toolbox CS 2.2
Canopus Codec Option
CapturePerfect 1.0
CapturePerfect 2.0
Catalog Max 1.63
CCleaner
Clear Cache feature for Internet Explorer
Compatibility Pack for the 2007 Office system
Convert
CPUID CPU-Z 1.51
CutePDF Writer 2.7
Device Remover
Disk Space Fan Pro 2.0.13.680
DiskAnalyzer Pro 3.0
Diskeeper 2010 EnterpriseServer
DivX Codec 3.1alpha release
doPDF 6.2 printer
DPS AVI Codec
DriveImage XML (Private Edition)
Duplicate File Finder 1.1.0.0
DVD Identifier
DVD Shrink 3.2
Easy Duplicate Finder v. 2.2.1
EasyCleaner
EasyRecovery Professional
EncryptOnClick
ERUNT 1.1j
Fast Duplicate File Finder 1.1.0.0
File Shredder 2.0
FileAlyzer 2
FinePrint 2000
FLAC 1.2.1b (remove only)
Flash Decompiler
FLV Player 2.0 (build 25)
Folder Size for Windows
foobar2000 v0.9.6.5
Foxit PDF Editor
Foxit PDF IFilter
Foxit Reader
Fractal eXtreme
FrameShots Video Screen Capture
Free Disk Analyzer
Free Extended Task Manager
Google Earth
Google Updater
HashTab 3.0.0
Heatsoft Automatic Synchronizer 2.01
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huffyuv AVI lossless video codec (Remove Only)
ID3-TagIT 3
Image Resizer Powertoy for Windows XP
ImgBurn
Inline Search v1.2 for Internet Explorer (remove only)
Instant VideoMPX
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Explorer Q903235
iSilo
Java(TM) 6 Update 21
John's Background Switcher 4.0
KeyNote 1.6.5
KeyScrambler
K-Lite Codec Pack 6.3.0 (Full)
KLS Mail Backup 1.7.0.0
Kruptos 2
LanHelper v1.98
Lizardtech DjVu Control
LookInMyPC
Lupas Rename 2000 v5.0 Release
Magic ISO Maker v5.5 (build 0274)
MagicDisc 2.7.106
MailStore Home 4.0.0.3493
MainConcept H.264 Encoder
Malwarebytes' Anti-Malware
MDI2PDF 2.6
Media Library Management Wizard
Mega Manager
MetaTrader 4.00
MetaTrader 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access database engine 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office XP Professional with FrontPage
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft Streets & Trips 2010
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Windows Media Video 9 VCM
Microsoft XML Parser and SDK
mIRC
MozBackup 1.4.10
Mozilla Firefox (3.6.12)
MRU-Blaster v1.5 (Database 3/28/2004)
MSRSD v4.5.1
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My Drivers 3.31
MyWANiP 2.0
Neo's SafeKeys 2008
NetShow Tools 3.0
No More Cookies 1.1
Notepad++
NVIDIA NVIDIA DVD Decoder
Online Armor 4.5
OutBack Plus 7.0
PaperPort 9.0
pdfsam
PDF-Tools 4
PeerBlock 1.0+ (r484)
PerfectDisk 10.0.119 Pro by FreeRyde
PerformanceTest v4.0
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
Port Detective
Post-it® Software Notes Version 2
Preventative Maint. for Microsoft® Windows Server™ 2003
PrintFolders 2.21
ProCoder 3
ProCoder 3
QuickPar 0.9
Quicksys RegDefrag 2.2
QuickTime
Rapidshare Auto Downloader 3.6.2
RAR Repair Tool v.4.0
Recuva (remove only)
RegSupreme 1.3
Remove Hidden Data Tool
Replay Video Capture
Revo Uninstaller 1.88
RSDownloader 2.3
Sandboxie 3.442
Secunia PSI
SecureZIP for Windows 12.30.0016
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shockwave
SIW version 1.73
SnagIt 8
Sophos Anti-Rootkit 1.3.1
SpywareBlaster 4.4
SpywareGuard v2.2
SQLIO
SUPERAntiSpyware Free Edition
TeraCopy 2.12
TIFF to PDF v3.1
Total Video Converter 3.61 100319
Trader Workstation 4.0
Tweak UI
TWS Interoperability Components
Ulead MediaStudio Pro 7.0
Ulead Photo Explorer 8.0
Ulead Photo Explorer 8.5
Ulead PhotoImpact 10
Unlocker 1.8.9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
User Profile Hive Cleanup Service
VC 9.0 Runtime
Video Snapshot and Thumbnail Maker 1.5 TRIAL
VideoCharge
VideoCharge Studio
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
Virtual Desktop Manager Powertoy for Windows XP
Virtual Earth 3D (Beta)
Virtual Machine Network Services Driver
VirusTotal Uploader 2.0
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
VivoActive PowerPlayer
VivoActive Producer v2.00
VLC media player 1.1.6
VobSub v2.05 (Remove Only)
What's Running 2.2
Winamp (Remove Only)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live installer
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Media Bonus Pack for Windows XP
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format 11 SDK
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Resource Kit Tools
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 2
WinHTTrack Website Copier 3.43
WinISO 5.3
WinPatrol 2010
WinRAR archiver
XdN Tweaker 0.9.1.5
X-NetStat Pro 5.56
XnView 1.96
xp-AntiSpy 3.97
xplorer² professional
Y!Fit
jan29ab
Active Member
 
Posts: 4
Joined: February 11th, 2011, 10:36 am
Advertisement
Register to Remove

Re: Svchost and system connnections to Facebook & Yahoo all

Unread postby askey127 » February 15th, 2011, 4:06 pm

Hi jan29ab,
If you still need help and are not receiving it elsewhere, please proceed as follows:
(Please don't scan, install, or remove anything unless I ask, until we are done cleaning the machine.)
  • Is there a reason you have chosen not to install SP3?
  • I notice there is a utorrent process running, but it's not in the Installed Programs list. Can you tell me about that? If it's present, please Uninstall it.
  • Don't ever use a Registry Cleaner, Booster, Optimizer, etc. They don't do any good, and they can break your machine.

You have more "security" programs than you need. They will interfere with each other.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
AntiLogger
a-squared Free 4.5
a-squared HiJackFree 3.1
EasyCleaner
Hitman Pro 3.5
Rapidshare Auto Downloader 3.6.2
RegSupreme 1.3
SpywareBlaster 4.4
SpywareGuard v2.2
xp-AntiSpy 3.97

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

So we are looking for the two logs from OTL, and the log from CKScanner.
Also any info you can provide on my initial questions.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Svchost and system connnections to Facebook & Yahoo all

Unread postby jan29ab » February 15th, 2011, 6:45 pm

Thank you for your reply.

SP3 is not installed because my computer is a very old, legacy machine with some equally old, legacy software that is crucial to my work duties. At the time SP3 came out, there was much discussion about some apps being broken, and it was a risk I decided was not worth it. Although I have Acronis installed, I find using it to be quite scary, as you're never sure until the end that it's going to work (I've had to resort to a full image restore only once, thankfully). Although SP3 is not installed, I subscribe to Microsoft's security newsletter and install the latest security updates as they become available. Similarly, I very recently updated Java to release 23, and Flash to the latest release (020811).

I don't know why uTorrent didn't show on the list, as it (was installed). I uninstalled it and all the other programs you requested I uninstall. Speaking of which, I have used Revo Uninstaller for so long that I automatically turned to it to remove the programs, and as I was finishing removing the last program, xp-AntiSpy 3.97, I realized that Revo Uninstalled *is* a form of registry cleaner. So I guess I shouldn't have used it, and only used the Windows built-in uninstaller. If you want any additional programs removed, should I use only Windows Uninstaller, and leave Revo Uninstaller untouched?

I will have to post the logs in a follow-up, because I was just warned that my message contains 127969 characters, and the maxiumum allowed is 100000.

Thanks again.
jan29ab
Active Member
 
Posts: 4
Joined: February 11th, 2011, 10:36 am

Re: Svchost and system connnections to Facebook & Yahoo all

Unread postby jan29ab » February 15th, 2011, 6:48 pm

OTL logfile created on: 2/15/2011 4:59:22 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 592.00 Mb Available Physical Memory | 58.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): E:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 14.06 Gb Free Space | 37.75% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 63.16 Gb Free Space | 42.38% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 324.04 Gb Free Space | 23.19% Space Free | Partition Type: NTFS
Drive J: | 33.87 Gb Total Space | 27.44 Gb Free Space | 81.00% Space Free | Partition Type: NTFS
Drive K: | 33.91 Gb Total Space | 29.22 Gb Free Space | 86.15% Space Free | Partition Type: NTFS
Drive T: | 436.47 Gb Total Space | 118.90 Gb Free Space | 27.24% Space Free | Partition Type: NTFS
Drive U: | 1863.01 Gb Total Space | 373.99 Gb Free Space | 20.07% Space Free | Partition Type: NTFS

Computer Name: DELL2400-2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/15 15:34:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/02/12 15:45:51 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/10/26 19:52:28 | 002,345,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/10/26 19:52:26 | 000,973,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2010/04/17 05:56:08 | 000,394,984 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/04/17 05:56:06 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/09 20:50:00 | 001,945,960 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/02/09 20:39:16 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/02/09 20:39:08 | 000,407,072 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/02/09 20:33:32 | 001,165,680 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/17 21:05:00 | 000,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\atiptaxx.exe
PRC - [2002/10/30 16:47:02 | 000,364,544 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fpdisp4.exe


========== Modules (SafeList) ==========

MOD - [2011/02/15 15:34:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/10/26 19:52:32 | 001,108,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/19 07:59:41 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\iphlpapi.dll
MOD - [2004/08/04 02:56:46 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\winsta.dll
MOD - [2004/08/04 02:56:46 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wsock32.dll
MOD - [2004/08/04 02:56:46 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wtsapi32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (HidServ)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/04/17 05:56:06 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/26 13:46:16 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2010/01/26 13:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009/12/24 07:55:22 | 001,732,960 | ---- | M] (Diskeeper Corporation) [On_Demand | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2008/01/07 10:04:10 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\\AstSrv.exe -- (Ast Service)
SRV - [2007/11/14 20:46:00 | 000,131,072 | ---- | M] (Brio) [Disabled | Stopped] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/02/09 20:39:08 | 000,407,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/12/02 05:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2002/05/03 11:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel(R)
SRV - [2001/09/10 18:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2010/10/26 19:52:50 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\oahlp32.sys -- (oahlpXX)
DRV - [2010/10/26 19:52:44 | 000,202,064 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys -- (OADevice)
DRV - [2010/10/26 19:52:44 | 000,029,272 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OAnet.sys -- (OAnet)
DRV - [2010/10/26 19:52:44 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys -- (OAmon)
DRV - [2010/07/07 09:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys -- (PSI)
DRV - [2010/06/23 06:23:55 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/17 05:56:02 | 000,115,944 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/03/05 13:27:56 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/05 13:27:56 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/10 13:48:40 | 000,045,616 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/11/23 08:10:58 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pssdk42.sys -- (PSSDK42)
DRV - [2009/10/04 16:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/08/20 11:11:30 | 000,073,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/07/20 12:35:04 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KbdCap.sys -- (kbdcap)
DRV - [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - [2008/12/18 22:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2008/12/18 22:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV - [2008/12/18 22:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/10/19 03:50:50 | 000,024,320 | ---- | M] (Steganos GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tapavpn.sys -- (tapavpn)
DRV - [2007/03/04 13:41:15 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/03/04 13:41:15 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2007/03/04 13:40:53 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/01/26 11:55:32 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/01/26 11:55:26 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/01/26 11:55:08 | 000,069,168 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112.sys -- (SI3112)
DRV - [2006/03/27 10:03:42 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tap0801.sys -- (tap0801)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hardlock.sys -- (hardlock)
DRV - [2005/02/15 21:34:20 | 000,857,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 01:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2004/08/04 01:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2004/08/04 01:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/08/04 01:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:59:50 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/07/06 21:35:42 | 000,101,120 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAV708.SYS -- (USBAV708)
DRV - [2003/11/25 17:51:04 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Haspnt.sys -- (Haspnt)
DRV - [2003/09/26 02:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/09/19 18:23:40 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
DRV - [2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/10/15 00:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/08/14 14:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/01/24 21:40:52 | 000,046,405 | R--- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ga302nd5.sys -- (ga302nd5)
DRV - [2001/09/10 18:09:46 | 000,057,392 | ---- | M] (Macrovision) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANT.SYS -- (C-Dilla)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 12:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bloomberg.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.99
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5
FF - prefs.js..extensions.enabledItems: cookiekiller@joseph.moran:1.0.8
FF - prefs.js..extensions.enabledItems: {00084897-021a-4361-8423-083407a033e0}:1.4
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.85
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: IncredibleBookmarks@visibotech.com:0.7.3
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: oldAddBookmarkBehavior@alice:2.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.6.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/02/12 15:46:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/02/13 10:09:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/05 17:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/05 17:29:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components [2011/02/12 14:32:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins

[2010/04/12 13:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/12 13:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/14 12:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
[2011/02/12 15:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions
[2010/04/21 12:24:15 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/09/08 18:28:19 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/21 12:24:17 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/04/21 12:24:07 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011/02/12 15:09:53 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/06/19 14:29:42 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/04/21 12:24:07 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010/09/08 18:27:56 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/08 18:28:44 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/21 12:24:16 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/06/19 14:29:42 | 000,000,000 | ---D | M] (Incredible Bookmarks) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\IncredibleBookmarks@visibotech.com
[2010/04/21 11:46:19 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\keyscrambler@qfx.software.corporation
[2010/04/21 12:24:07 | 000,000,000 | ---D | M] ("Old Add Bookmark Behavior") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6wex85hi.default\extensions\oldAddBookmarkBehavior@alice
[2011/02/12 15:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions
[2010/05/26 16:10:13 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/05/26 16:09:45 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/05/26 16:09:59 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/05/26 16:10:15 | 000,000,000 | ---D | M] (Netcraft Anti-Phishing Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{0e10f3d7-07f6-4f12-97b9-9b27e07139a5}
[2010/05/26 16:10:09 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/05/26 16:09:42 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2010/05/26 16:10:07 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/26 16:10:00 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/05/26 16:10:14 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/26 16:10:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/26 16:10:18 | 000,000,000 | ---D | M] (Context Search) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2010/05/26 16:10:05 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010/05/26 16:10:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/15 08:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/05/26 16:10:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/26 16:09:46 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/05/26 16:10:06 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/05/26 16:10:01 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/05/26 16:10:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/26 16:10:20 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/05/26 16:10:15 | 000,000,000 | ---D | M] (CookieKiller) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\cookiekiller@joseph.moran
[2010/05/26 16:10:07 | 000,000,000 | ---D | M] (Coral IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\ietab@ip.cn
[2010/05/26 16:10:15 | 000,000,000 | ---D | M] (Incredible Bookmarks) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\IncredibleBookmarks@visibotech.com
[2010/05/26 16:10:14 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\keyscrambler@qfx.software.corporation
[2010/05/26 16:10:19 | 000,000,000 | ---D | M] ("SortPlaces") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Profile from Portable Firefox\extensions\sortplaces@andyhalford.com
[2010/10/29 09:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/29 09:57:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/19 14:39:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\{22119944-ED35-4AB1-910B-E619EA06A115}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\{902D2C4A-457A-4EF9-AD43-7014562929FF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\COOKIEKILLER@JOSEPH.MORAN.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\SORTPLACES@ANDYHALFORD.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6WEX85HI.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/02/13 10:09:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/27 01:10:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/27 01:10:20 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/27 01:10:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2011/02/05 17:29:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/02/05 17:29:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/02/05 17:29:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/02/05 17:29:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/02/05 17:29:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/02/05 17:29:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/02/05 17:29:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/03/29 07:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2010/10/26 23:49:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/26 23:49:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/26 23:49:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/26 23:49:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/26 23:49:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/10/26 23:49:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/26 23:49:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/02/14 08:27:01 | 000,002,855 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (InlineSearchHandleHotKeys Class) - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CANON DR2080C SVC] C:\WINDOWS\System32\DR2KSVC.DLL (Canon Electronics)
O4 - HKLM..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fpdisp4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [ATI Desktop Control Panel] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\atiptaxx.exe (ATI Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe (Pronto Internet Solutions Corporation)
O9 - Extra 'Tools' menuitem : No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe (Pronto Internet Solutions Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.co ... 4152914953 (MUCatalogWebControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 8868313453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 7425448234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\AutorunsDisabled\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/21 13:27:00 | 000,000,008 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/11/13 10:54:16 | 000,000,000 | -H-- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\V:) - File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\I:) - File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/15 16:27:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/02/15 15:34:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/13 10:09:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/13 10:09:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/13 10:09:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/13 10:09:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/12 19:01:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/12 15:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[2011/02/12 14:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 11
[2011/02/12 13:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel Application Accelerator
[2011/02/11 18:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeraCopy
[2011/02/06 09:49:54 | 000,339,968 | ---- | C] (ATI Technologies, Inc.) -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\atiptaxx.exe
[2011/02/05 17:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/02/05 17:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/05 17:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/05 14:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\avd
[2011/02/05 14:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Video Snapshot and Thumbnail Maker 1.5 TRIAL
[2011/02/05 14:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Snapshot and Thumbnail Maker 1.5 TRIAL
[2011/02/04 17:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\calibre
[2011/02/04 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011/02/04 17:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2011/02/01 16:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/01/27 16:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Any Video Converter
[2011/01/27 16:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft
[2011/01/27 16:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AnvSoft
[2011/01/27 16:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2011/01/21 15:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/15 16:55:00 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/02/15 16:54:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/02/15 15:35:27 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe
[2011/02/15 15:34:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/15 13:43:55 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2003.lnk
[2011/02/15 08:26:18 | 000,001,790 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2011/02/14 08:27:01 | 000,002,855 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/02/13 10:09:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/13 10:09:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/13 10:09:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/13 10:09:04 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/13 10:09:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/12 20:35:02 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\drive.lnk
[2011/02/12 15:04:50 | 000,005,024 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011/02/12 14:32:35 | 000,001,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/11 19:22:07 | 000,000,328 | -HS- | M] () -- C:\BOOT.INI
[2011/02/11 18:35:09 | 000,002,672 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2011/02/11 11:25:53 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malware description.rtf
[2011/02/10 15:31:03 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 14:25:52 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/08 15:27:12 | 000,000,100 | ---- | M] () -- C:\WINDOWS\Pex.INI
[2011/02/05 15:14:58 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2011/02/02 15:48:37 | 000,000,296 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/01/31 12:10:19 | 000,009,634 | ---- | M] () -- C:\WINDOWS\SetScan.ini
[2011/01/26 07:19:56 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/01/21 15:15:42 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2011/01/21 08:12:25 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.idx
[2011/01/20 22:25:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/15 15:35:27 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe
[2011/02/12 20:35:02 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\drive.lnk
[2011/02/12 14:32:35 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/12 14:32:35 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/11 09:00:41 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malware description.rtf
[2011/01/21 08:42:17 | 000,038,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2010/09/14 11:36:01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/09/02 13:15:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/02 13:14:57 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/02 13:14:57 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/02 13:14:56 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/13 11:14:32 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2010/08/13 11:14:32 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2010/08/13 11:14:32 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2010/08/13 11:14:32 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2010/08/13 11:14:32 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2010/08/13 11:14:31 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2010/08/13 11:14:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2010/08/03 16:54:02 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/01 16:58:13 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/14 14:38:21 | 000,003,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\com.koingosw.LibrarianPro.xml
[2010/05/08 21:06:04 | 000,005,024 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/04/24 09:28:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/12/15 08:30:26 | 000,000,457 | ---- | C] () -- C:\WINDOWS\fractalx.INI
[2009/11/24 14:10:29 | 000,202,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/11/23 08:54:01 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/10/15 07:34:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/09/06 10:18:19 | 000,000,426 | ---- | C] () -- C:\WINDOWS\psa_fe.ini
[2009/08/25 17:56:42 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/08/11 13:57:48 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2009/07/21 07:15:13 | 000,000,100 | ---- | C] () -- C:\WINDOWS\pnmedia.ini
[2009/07/20 12:35:04 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys
[2009/07/17 17:40:31 | 000,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
[2009/07/15 14:02:21 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Ietis.ini
[2009/05/14 11:46:41 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2009/05/07 11:35:07 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2009/04/05 20:39:43 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 16:01:00 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/25 09:07:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008/09/04 16:14:47 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/02 10:00:31 | 000,000,328 | ---- | C] () -- C:\WINDOWS\VivTV.ini
[2008/08/13 13:54:59 | 000,000,160 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2008/04/12 15:40:06 | 000,000,108 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
[2008/02/13 16:26:03 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2008/01/16 16:23:10 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll
[2008/01/16 16:23:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\hasp_windows.dll
[2007/12/05 14:28:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/08 15:32:15 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/09/07 14:59:28 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/08/01 11:00:27 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ib.ini
[2007/08/01 11:00:19 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2007/07/16 11:03:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Kruptos.INI
[2007/03/21 13:16:48 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/02/14 13:18:21 | 000,000,254 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007/02/14 13:14:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/04/21 13:27:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/02/03 09:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/01/31 09:08:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/27 11:19:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2006/01/27 11:19:06 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\vb32dx8pl.dll
[2006/01/05 15:07:25 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/01/05 14:47:53 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/05/02 10:01:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/28 11:39:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Aeditor.INI
[2005/03/27 07:53:38 | 000,000,296 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/03/26 14:04:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\icset25.ini
[2005/03/26 11:07:21 | 000,004,510 | ---- | C] () -- C:\WINDOWS\CDMMP3.ini
[2005/03/26 10:06:56 | 000,000,277 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2005/02/19 13:52:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2005/01/28 16:45:54 | 000,005,224 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/28 16:45:54 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4B503BEA36.sys.old
[2004/11/16 19:00:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/11/14 10:04:16 | 000,101,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBAV708.SYS
[2004/10/29 16:15:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2004/10/03 09:26:31 | 000,000,111 | ---- | C] () -- C:\WINDOWS\OED.INI
[2004/09/28 23:20:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\cbSendMail.dll
[2004/08/29 09:27:40 | 000,000,290 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/05/31 11:42:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ole2ct.dll
[2004/05/31 11:42:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\FCabinet.ini
[2004/05/31 11:41:54 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\mwMenu6.dll
[2004/05/31 11:41:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jciniref.dll
[2004/05/31 11:41:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/05/30 16:13:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\jpegcrop.INI
[2004/04/23 12:08:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PeerLibF.dll
[2004/04/23 12:08:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PeerLibK.dll
[2004/04/23 12:08:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PSWPMod.dll
[2004/04/04 09:03:49 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\SndDrv32x.ini
[2004/01/29 17:32:05 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\WETSTD32.DLL
[2004/01/29 17:32:01 | 001,204,224 | ---- | C] () -- C:\WINDOWS\System32\DTENGINE.DLL
[2004/01/19 12:20:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/01/01 18:38:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/01/01 18:32:19 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2004/01/01 16:16:06 | 000,000,486 | ---- | C] () -- C:\WINDOWS\DEMO.INI
[2003/12/06 15:52:08 | 000,000,334 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2003/12/06 14:36:26 | 000,009,634 | ---- | C] () -- C:\WINDOWS\SetScan.ini
[2003/11/28 15:52:40 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/11/27 10:46:11 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2003/11/25 17:51:04 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2003/10/10 17:06:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL
[2003/09/10 10:06:04 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2003/06/29 09:20:57 | 000,000,049 | ---- | C] () -- C:\WINDOWS\accgnat.ini
[2003/06/29 09:20:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\stdsoap2.dll
[2003/04/27 16:14:02 | 000,000,065 | ---- | C] () -- C:\WINDOWS\TOPO.INI
[2003/04/18 15:10:45 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2003/04/04 18:17:40 | 000,008,813 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2003/04/03 11:24:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/03/19 12:28:29 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2003/02/10 12:50:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\msdevctl.ini
[2003/02/10 12:22:00 | 000,000,132 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2003/02/09 13:07:36 | 000,012,499 | ---- | C] () -- C:\WINDOWS\System32\EONSYSREV_1.DLL
[2003/02/09 11:42:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2003/01/15 09:53:03 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2003/01/14 15:58:44 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2003/01/14 15:49:17 | 000,002,848 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2003/01/13 15:19:09 | 000,000,017 | ---- | C] () -- C:\WINDOWS\pixworks.ini
[2003/01/13 15:19:03 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\LFCMP60N.DLL
[2003/01/13 15:19:03 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL60N.DLL
[2003/01/13 15:19:03 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP60N.DLL
[2003/01/13 15:19:02 | 000,000,372 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/29 12:58:06 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2002/12/29 11:37:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/12/15 12:41:13 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/12/14 18:52:45 | 000,000,045 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2002/12/06 13:55:23 | 000,245,760 | ---- | C] () -- C:\WINDOWS\ddedll.dll
[2002/12/06 13:55:22 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2002/12/05 15:49:53 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2002/10/25 16:23:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/10/22 17:37:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/22 17:29:37 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/10/22 17:21:51 | 000,000,112 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/22 15:19:46 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/19 16:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/01/18 20:56:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll
[2001/08/31 09:01:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2000/02/04 00:18:12 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2000/01/05 11:51:22 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[1995/03/13 23:22:21 | 000,000,160 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll

========== LOP Check ==========

[2005/04/28 06:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.ABC 3.0.0
[2005/04/24 11:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BitTornado
[2005/03/26 11:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ableton
[2009/06/20 17:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2007/10/14 10:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis
[2010/08/03 16:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Active Alarm Clock
[2011/01/27 16:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AnvSoft
[2010/12/02 20:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2009/11/30 20:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BinarySense
[2011/02/04 17:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\calibre
[2004/12/13 09:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Electronics
[2005/01/23 15:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canopus
[2009/04/06 08:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2009/05/07 09:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cspa
[2010/05/29 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DiskSpaceFan
[2009/10/03 11:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Doubleclick Industries
[2009/08/08 07:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy Macro Recorder
[2010/07/05 17:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Eazy-Ware
[2007/02/14 13:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Eltima Software
[2010/05/28 20:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EMCO
[2005/01/24 10:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ExplorerPlus
[2009/09/29 13:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileFactory Turbo
[2003/12/12 12:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileOpen
[2009/05/04 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FireShot
[2011/02/14 20:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2010/05/08 08:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2007/03/14 11:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2008/07/23 19:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GPSoftware
[2003/07/02 08:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GuruNet
[2010/04/25 16:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2005/02/09 09:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Internet Security Alliance
[2009/08/19 10:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iSilo
[2003/08/05 11:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IsolatedStorage
[2009/11/27 09:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\johnsadventures.com
[2010/07/14 14:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jutoh
[2010/09/18 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KeePass
[2004/09/15 15:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kontiki
[2009/07/03 14:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Launchy
[2009/12/22 16:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/05/03 09:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\leafChat
[2005/05/07 06:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MCMPEGEnc
[2009/10/15 06:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Megaupload
[2003/04/11 11:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NetMedia Providers
[2009/07/20 12:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2010/07/05 17:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OBP7Backup
[2009/11/24 15:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OnlineArmor
[2009/08/01 10:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2009/05/07 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OtakuSoftware
[2005/10/23 14:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDFPublisher
[2009/06/23 12:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PKWARE
[2003/04/11 11:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2006/02/03 09:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2005/02/07 08:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SharpReader
[2006/01/27 08:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2006/02/05 12:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steganos
[2009/07/26 17:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steganos VPN
[2005/06/27 11:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg
[2009/06/08 18:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2011/02/15 15:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeraCopy
[2007/08/04 10:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thornsoft Development
[2006/08/29 08:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
[2010/08/31 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS Support
[2010/05/14 15:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2005/03/26 18:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2008/11/18 10:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Video Converter for Any Flv Player
[2010/07/22 17:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VideoCharge Studio
[2009/11/28 12:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebApps
[2005/09/20 08:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebCompiler3
[2007/10/08 15:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebEx
[2010/05/30 08:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2009/11/30 16:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Winsplit Revolution
[2011/02/14 07:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\X-NetStat
[2005/09/08 07:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\X2Net
[2010/09/18 12:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\XnView
[2008/08/04 08:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2BrightSparks
[2009/06/20 16:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/03/05 10:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/12/28 08:44:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2010/07/05 17:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AJSystems
[2010/04/01 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/10/01 08:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/09/13 16:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canopus
[2009/03/08 15:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DiskAnalyzer
[2010/05/16 16:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2009/05/07 11:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions
[2008/01/16 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grass Valley
[2010/07/31 06:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Heatsoft
[2011/02/10 14:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2005/05/19 11:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
[2010/08/16 13:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/05/02 07:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KLS Soft
[2010/05/02 08:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kruptos
[2007/11/29 13:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/09/08 08:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MetaQuotes
[2005/08/17 13:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2003/12/13 18:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/14 07:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/06/13 15:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paragon
[2009/06/23 12:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2006/06/24 15:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/11/05 18:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/07/24 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboTask
[2006/01/14 17:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/24 18:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STDUConverter
[2009/05/04 17:32:41 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2009/03/08 14:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskManager
[2007/02/05 18:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/02/15 15:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/31 09:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TS Support
[2010/05/14 16:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/05/06 14:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/11/11 08:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/24 14:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/23 11:42:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/05/14 15:36:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA0E532
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 108 bytes -> C:\WINDOWS:

< End of report >
jan29ab
Active Member
 
Posts: 4
Joined: February 11th, 2011, 10:36 am

Re: Svchost and system connnections to Facebook & Yahoo all

Unread postby jan29ab » February 15th, 2011, 6:50 pm

OTL Extras logfile created on: 2/15/2011 4:59:22 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 592.00 Mb Available Physical Memory | 58.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): E:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 14.06 Gb Free Space | 37.75% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 63.16 Gb Free Space | 42.38% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 324.04 Gb Free Space | 23.19% Space Free | Partition Type: NTFS
Drive J: | 33.87 Gb Total Space | 27.44 Gb Free Space | 81.00% Space Free | Partition Type: NTFS
Drive K: | 33.91 Gb Total Space | 29.22 Gb Free Space | 86.15% Space Free | Partition Type: NTFS
Drive T: | 436.47 Gb Total Space | 118.90 Gb Free Space | 27.24% Space Free | Partition Type: NTFS
Drive U: | 1863.01 Gb Total Space | 373.99 Gb Free Space | 20.07% Space Free | Partition Type: NTFS

Computer Name: DELL2400-2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [aimatfile] -- "C:\Program Files\AimAtFile\AimAtFile.exe" /d "%1" (AimingTech Company)
Directory [Dupehunter Professional] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open_x2] -- "C:\Program Files\zabkat\xplorer2\xplorer2_uc.exe" /1 /M /T "%1" (ZabKat)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [UsePrintFolders] -- "C:\Program Files\PrintFolders\PrintFolders.exe" "%1" (Stratopoint Software)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Directory [xplorer2] -- C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe "%1" (ZabKat)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:LocalSubNet:Enabled:RPC_PD

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Disabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"H:\Media\Software\Utilities\d4time\d4time41(2)\D4.EXE" = H:\Media\Software\Utilities\d4time\d4time41(2)\D4.EXE:*:Enabled:Dimension 4 -- (Thinking Man Software)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\deepinvent\MailStore Home\MailStoreLocal.exe" = C:\Program Files\deepinvent\MailStore Home\MailStoreLocal.exe:*:Enabled:MailStore Home -- (deepinvent Software GmbH)
"C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" = C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe:LocalSubNet:Enabled:PDAgent -- (Raxco Software, Inc.)
"C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" = C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe:LocalSubNet:Enabled:PDEngine -- (Raxco Software, Inc.)
"C:\Program Files\Raxco\PerfectDisk10\PDEnginePS.dll" = C:\Program Files\Raxco\PerfectDisk10\PDEnginePS.dll:LocalSubNet:Enabled:PDEnginePS -- (Raxco Software, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009435FA-9011-4C36-AE7C-CCC9669E7875}" = Windows Media Format 11 SDK
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA NVIDIA DVD Decoder
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07D97136-A219-41FE-9FF9-E18C8A312A7E}" = ProCoder 3
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{10CD702D-CEB4-4602-B0B0-B921181A7916}" = Setup
"{114DA897-CC99-4B97-B4BE-A26400ED19F0}" = MainConcept H.264 Encoder
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1" = PDF-Tools 4
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D643CCD-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{29D3773E-54F4-23C2-D523-236A4453B845}_is1" = FileAlyzer 2
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3436DDF8-D043-4CF0-902B-FF4A3225C8CB}" = SecureZIP for Windows 12.30.0016
"{3446CF00-AA01-11D1-94C0-00609781261C}" = APL+Win Version 4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser and SDK
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader 4.00
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{47C26313-29A9-4AD1-820D-DF7F91591DD8}" = Y!Fit
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE3B1FB-31C9-4FA4-B7FE-37025785FCE9}" = calibre
"{4D701F5D-F149-4FAC-AAA2-A36C088C5FE3}" = Ulead MediaStudio Pro 7.0
"{4E901875-0F15-44BA-89DE-94AA41A7F507}" = Clear Cache feature for Internet Explorer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D26BF7B-BEF6-477D-8FC1-0C1C159B6364}_is1" = Quicksys RegDefrag 2.2
"{5D39E57E-2F0E-45B2-A754-76F9EE3B7463}" = RSDownloader 2.3
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{613EA65C-E570-4BE0-B26F-1EDF2536B3EA}" = VideoCharge
"{624EA87E-9946-4DFF-8A3F-9C8346A185D3}" = PrintFolders 2.21
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{663118ED-6E80-45D6-9484-6830798B8B86}" = ProCoder 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{772E9146-D676-4869-A298-047FF2A2B92D}" = Canopus Codec Option
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10.0.119 Pro by FreeRyde
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0302AB-28E3-43F4-8414-10B8E0954ED9}" = Setup
"{8C64E14C-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8FEBA60E-4DAB-46C4-99E0-197721785DA1}" = Instant VideoMPX
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{931099E3-8F73-4028-A780-02C738176152}" = VideoCharge Studio
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FAFFC-35E9-42E0-9C58-9AADE646F92A}" = Diskeeper 2010 EnterpriseServer
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1795AC0-9B6A-40D9-8E07-A82662268D9F}" = Virtual Machine Network Services Driver
"{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}" = SnagIt 8
"{A2273570-B532-4F8D-892E-14999C591E25}" = Kruptos 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 1.73
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 1.1.0.0
"{B1D61981-8241-493F-ACAA-C4595D231D70}" = Preventative Maint. for Microsoft® Windows Server™ 2003
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.0
"{DD971DE9-FAF0-4A15-9BE4-5D766B05D11E}" = SQLIO
"{DE05C377-B3AF-4447-9227-B9308203C500}" = ContextConvert Pro
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFA597E4-73D3-4142-90DB-BE28E5589F99}_is1" = Device Remover
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F9263444-9913-4896-8D7C-E056C4C5FB38}_is1" = MSRSD v4.5.1
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDCE9C15-EB45-11D5-89C7-0050DA162A25}" = PaperPort 9.0
"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Acoustica Audio Converter Pro" = Acoustica Audio Converter Pro
"Active Ports" = Active Ports
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = RoboForm 7-2-2 (All Users)
"AimAtFile_is1" = AimAtFile 4.0
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 3.1.8
"ATI Display Driver" = ATI Display Driver
"audcle" = Plus! MP3 Audio Converter LE
"avast5" = avast! Free Antivirus
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CapturePerfect 1.0" = CapturePerfect 1.0
"CapturePerfect 2.0" = CapturePerfect 2.0
"Catalog Max_is1" = Catalog Max 1.63
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Disk Space Fan Pro_is1" = Disk Space Fan Pro 2.0.13.680
"DiskAnalyzer Pro_is1" = DiskAnalyzer Pro 3.0
"DivXCodec" = DivX Codec 3.1alpha release
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DPS AVI Codec" = DPS AVI Codec
"DR2080C" = Canon DR-2080C Scanner Driver
"DriveCleanser" = Acronis DriveCleanser
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Duplicate File Finder_is1" = Duplicate File Finder 1.1.0.0
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.2.1
"EncryptOnClick_is1" = EncryptOnClick
"ERUNT_is1" = ERUNT 1.1j
"File Shredder_is1" = File Shredder 2.0
"FinePrint 2000" = FinePrint 2000
"FLAC" = FLAC 1.2.1b (remove only)
"Flash Decompiler_is1" = Flash Decompiler
"FLV Player" = FLV Player 2.0 (build 25)
"foobar2000" = foobar2000 v0.9.6.5
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Fractal eXtreme" = Fractal eXtreme
"FrameShots" = FrameShots Video Screen Capture
"Free Disk Analyzer" = Free Disk Analyzer
"Free Extended Task Manager" = Free Extended Task Manager
"Google Updater" = Google Updater
"HashTab" = HashTab 3.0.0
"Heatsoft Automatic Synchronizer_is1" = Heatsoft Automatic Synchronizer 2.01
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Inline Search" = Inline Search v1.2 for Internet Explorer (remove only)
"InstallShield_{114DA897-CC99-4B97-B4BE-A26400ED19F0}" = MainConcept H.264 Encoder
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"iSilo" = iSilo
"KeyNote_is1" = KeyNote 1.6.5
"KeyScrambler" = KeyScrambler
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"KLS Mail Backup_is1" = KLS Mail Backup 1.7.0.0
"LanHelper_is1" = LanHelper v1.98
"LookInMyPC" = LookInMyPC
"Lupas Rename 2000_is1" = Lupas Rename 2000 v5.0 Release
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MailStore Home_is1" = MailStore Home 4.0.0.3493
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDI2PDF Converter_is1" = MDI2PDF 2.6
"MetaTrader 5" = MetaTrader 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft NetShow Tools 2.0" = NetShow Tools 3.0
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"mIRC" = mIRC
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Firefox 4.0b11 (x86 en-US)" = Mozilla Firefox 4.0b11 (x86 en-US)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Drivers_is1" = My Drivers 3.31
"My_Wan_IP_1.0" = MyWANiP 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"No More Cookies" = No More Cookies 1.1
"Notepad++" = Notepad++
"OBP7_is1" = OutBack Plus 7.0
"OnlineArmor_is1" = Online Armor 4.5
"PDF IFilter" = Adobe PDF IFilter 4.1
"pdfsam" = pdfsam
"PerformanceTest_is1" = PerformanceTest v4.0
"Port" = Port Detective
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"PSN2" = Post-it® Software Notes Version 2
"Q903235" = Internet Explorer Q903235
"QuickPar" = QuickPar 0.9
"RAR Repair Tool_is1" = RAR Repair Tool v.4.0
"Recuva" = Recuva (remove only)
"Replay Video Capture3.1B" = Replay Video Capture
"Revo Uninstaller" = Revo Uninstaller 1.88
"Sandboxie" = Sandboxie 3.442
"Secunia PSI" = Secunia PSI
"Shockwave" = Shockwave
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"ST6UNST #1" = Neo's SafeKeys 2008
"TeraCopy_is1" = TeraCopy 2.12
"TIFF to PDF_is1" = TIFF to PDF v3.1
"Total Video Converter 3.61_is1" = Total Video Converter 3.61 100319
"Trader Workstation 4.0" = Trader Workstation 4.0
"Tweak UI 2.10" = Tweak UI
"TWS Interoperability Components" = TWS Interoperability Components
"Unlocker" = Unlocker 1.8.9
"Video Snapshot and Thumbnail Maker 1.5 TRIAL_is1" = Video Snapshot and Thumbnail Maker 1.5 TRIAL
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VivoActive PowerPlayer" = VivoActive PowerPlayer
"VivoActiveProducer200DeinstKey" = VivoActive Producer v2.00
"VLC media player" = VLC media player 1.1.6
"VobSub" = VobSub v2.05 (Remove Only)
"wa2wmp" = Windows Media Player Skin Importer
"What's Running_is1" = What's Running 2.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp (Remove Only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43
"WinISO_is1" = WinISO 5.3
"WinPatrol" = WinPatrol 2010
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XdN Tweaker" = XdN Tweaker 0.9.1.5
"X-NetStat Pro" = X-NetStat Pro 5.56
"XnView_is1" = XnView 1.96
"xplorer2p" = xplorer² professional

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DeskSpace" = DeskSpace 1.5.4.4 Trial
"Lookout" = Lookout
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 2/15/2011 5:54:17 PM | Computer Name = DELL2400-2 | Source = ga302nd5 | ID = 327684
Description = : The network link is down. Check to make sure the network cable
is properly connected.


< End of report >

*********************

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\favorites\bookmarks - temp\keep your cell phone charged during power outages using your ups « crackerboy.url
scanner sequence 3.DF.11
----- EOF -----
jan29ab
Active Member
 
Posts: 4
Joined: February 11th, 2011, 10:36 am

Re: Svchost and system connnections to Facebook & Yahoo all

Unread postby askey127 » February 15th, 2011, 9:24 pm

-- Announcement --
This service is provided to you, without charge, by people who volunteer their own time to help.
There is an implied trust that you will respect that donated time, and provide all the information possible to bring the dialog to a successful conclusion.
If false information is provided, that trust is violated, and it is no longer the obligation of the volunteer to continue assistance.
This site will no longer help with this topic.

This Thread is Closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware