Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably Infected with Keylogger


  • Please log in to reply
11 replies to this topic

#1 darthkurai

darthkurai

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 30 September 2009 - 08:59 PM

My World of Warcraft account was hacked, and I suspect it was the work of a keylogger. I ran SuperAntiSpyware and Spybot Search and Destroy, which found nothing other than some tracking cookies.

Below is my DDS report. Thank you for any help you may be able to give!


DDS (Ver_09-09-29.01) - NTFSx86
Run by John at 21:51:17.08 on Wed 09/30/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3324.1066 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbkcoms.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\CTXFIHLP.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Program Files\SolidWorks\sldworks.exe
C:\Users\John\AppData\Local\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530XV
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530XV
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530XV
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530XV
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim6]
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [<NO NAME>]
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\6w2ctc5x.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\john\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\6w2ctc5x.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\solidworks\cosmos\floworks\bincfw\StandAloneSlv.exe [2008-1-23 245760]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-6 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-5-25 2789160]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652]
R3 IAMTV;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTV.sys [2007-4-17 38280]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-4-17 5504]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S2 gupdate1c98b21879bd73f;Google Update Service (gupdate1c98b21879bd73f);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-5-25 15656]

=============== Created Last 30 ================

2009-09-30 20:41 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-09-30 20:41 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-09-30 20:40 <DIR> --d----- c:\users\john\appdata\roaming\SUPERAntiSpyware.com
2009-09-30 20:40 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-24 18:59 <DIR> --d----- c:\program files\iPod
2009-09-24 18:59 <DIR> --d----- c:\program files\iTunes
2009-09-20 20:07 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-20 20:07 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-20 20:05 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 20:05 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-09 22:11 <DIR> --d----- c:\program files\Amazon
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 19:17 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 19:17 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-09-30 20:07 115,702 a------- c:\programdata\nvModes.dat
2009-09-30 20:07 115,702 a------- c:\progra~2\nvModes.dat
2009-09-20 19:59 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-20 19:59 86,016 a------- c:\windows\inf\infstor.dat
2009-09-20 19:59 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 09:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 08:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 08:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 06:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 15:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-05-24 12:10 2,516 a--sh--- c:\programdata\KGyGaAvL.sys
2009-05-24 12:10 2,516 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-05-24 12:10 88 ---shr-- c:\programdata\715B4EC147.sys
2009-05-24 12:10 88 ---shr-- c:\progra~2\715B4EC147.sys
2008-12-23 02:32 174 a--sh--- c:\program files\desktop.ini
2008-12-23 02:22 665,600 a------- c:\windows\inf\drvindex.dat
2007-10-17 19:32 0 a------- c:\users\john\appdata\roaming\wklnhst.dat
2007-07-27 11:36 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-08 19:46 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-07-08 19:46 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-07-08 19:46 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-05-29 16:53 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-05-29 16:53 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-05-29 16:53 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 21:52:09.84 ===============

BC AdBot (Login to Remove)

 


#2 darthkurai

darthkurai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 30 September 2009 - 09:25 PM

UPDATE: I downloaded and ran MBAM, here is my log:

Malwarebytes' Anti-Malware 1.41
Database version: 2880
Windows 6.0.6001 Service Pack 1

9/30/2009 10:18:10 PM
mbam-log-2009-09-30 (22-18-10).txt

Scan type: Quick Scan
Objects scanned: 112264
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae53} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d360501e-dc73-4de6-a61c-21925aed7835} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9668ada-fc6b-47f4-8381-de861dba5115} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\McAfee\MPS\McPopup.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.


And this is a post MBAM DDS report:



DDS (Ver_09-09-29.01) - NTFSx86
Run by John at 22:32:22.39 on Wed 09/30/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3324.1792 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbkcoms.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\CtHelper.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530XV
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530XV
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530XV
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX530XV
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim6]
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [<NO NAME>]
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\6w2ctc5x.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\john\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\john\appdata\roaming\mozilla\firefox\profiles\6w2ctc5x.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R3 IAMTV;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTV.sys [2007-4-17 38280]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-4-17 5504]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-09-30 22:10 <DIR> --d----- c:\users\john\appdata\roaming\Malwarebytes
2009-09-30 22:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 22:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-30 22:10 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-30 22:10 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-30 22:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 20:41 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-09-30 20:41 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-09-30 20:40 <DIR> --d----- c:\users\john\appdata\roaming\SUPERAntiSpyware.com
2009-09-30 20:40 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-24 18:59 <DIR> --d----- c:\program files\iPod
2009-09-24 18:59 <DIR> --d----- c:\program files\iTunes
2009-09-20 20:07 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-20 20:07 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-20 20:05 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 20:05 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-09 22:11 <DIR> --d----- c:\program files\Amazon
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 19:17 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 19:17 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-09-30 22:23 115,702 a------- c:\programdata\nvModes.dat
2009-09-30 22:23 115,702 a------- c:\progra~2\nvModes.dat
2009-09-20 19:59 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-20 19:59 86,016 a------- c:\windows\inf\infstor.dat
2009-09-20 19:59 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 09:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 08:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 08:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 06:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 15:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-05-24 12:10 2,516 a--sh--- c:\programdata\KGyGaAvL.sys
2009-05-24 12:10 2,516 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-05-24 12:10 88 ---shr-- c:\programdata\715B4EC147.sys
2009-05-24 12:10 88 ---shr-- c:\progra~2\715B4EC147.sys
2008-12-23 02:32 174 a--sh--- c:\program files\desktop.ini
2008-12-23 02:22 665,600 a------- c:\windows\inf\drvindex.dat
2007-10-17 19:32 0 a------- c:\users\john\appdata\roaming\wklnhst.dat
2007-07-27 11:36 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-08 19:46 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-07-08 19:46 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-07-08 19:46 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-05-29 16:53 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-05-29 16:53 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-05-29 16:53 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 22:33:22.35 ===============

Attached Files


Edited by darthkurai, 30 September 2009 - 09:36 PM.


#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 18 October 2009 - 12:04 PM

Hello darthkurai

Welcome to Welcome to BleepingComputer :(
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 darthkurai

darthkurai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 18 October 2009 - 05:30 PM

Thanks for the reply kahsah.

I ran OTL and here are the results:

OTL Extras logfile created on: 10/18/2009 6:03:48 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.71% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.79 Gb Total Space | 175.65 Gb Free Space | 38.45% Space Free | Partition Type: NTFS
Drive D: | 8.97 Gb Total Space | 4.35 Gb Free Space | 48.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIKARINOKO
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4120350716-3939426360-3702466338-1001]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4120350716-3939426360-3702466338-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09424403-468E-4A9D-BF21-299A38EC0163}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{0F67672F-27C4-4CF3-875D-8822C1A8EC96}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{19A7CA66-3C0C-4F23-8193-D80A77F7426E}" = lport=30396 | protocol=6 | dir=in | name=torrent |
"{228928E0-E818-44D3-9913-E1921831BAD9}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{27BBB00D-0328-464A-A2D7-5BD633A70FCC}" = lport=10244 | protocol=6 | dir=in | app=system |
"{288268DC-675D-4DA3-9E7E-688EF0DA0598}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2AF9167E-A16E-4C63-A94B-2B76EE8C9ED5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F8A1B27-8800-4112-AAE7-114CC72E34F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3EEF78DC-8BCE-46AF-80A3-E73A1F62359F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41D9533C-DCCC-46C4-9A8E-C9A2B4A8D266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50363D82-9513-4079-8EDA-FF6930295497}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59B659F4-B448-427D-A476-AB367437DCDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BACB16A-6B87-4357-B756-FFC6946EF93A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{5C851AC4-68AB-46B5-A3B3-B28B8E5D80B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6EC9EF0E-30BF-4CEC-B34A-A33911C6FAE5}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{71C8FD69-6D5C-4E31-90B2-D2D9934BE3F1}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8425C9EB-03A9-413C-910E-19AF4AD26800}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{90B457ED-0E82-4B28-B1D0-57C4C850D975}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95415AB8-E428-4244-926B-BBE34FCFFF7D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A05BA21D-5218-4FA1-9FD0-DED1143458A8}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{AA86A101-455C-4E0C-B2DB-784C6C56E332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB013C07-2D36-4B87-A80F-6ACE98A8424B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD7DE6C5-E04E-47D7-8325-51978BC9BD9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C58296E6-A5F5-489C-8AF3-216F127F3543}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C6596013-219A-470B-A2EE-9410F2D892EC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{CA27468F-4AA5-4B7E-89F8-40ED883E106F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CC7B1A5F-41BF-407D-B046-D3DFDAD8733F}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{CE917560-D860-4A2C-9B37-E9835E1AE9D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6E2153B-CA39-4DFF-8430-AEB796E9AE27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D8FEDA3E-DB30-4517-AFAC-854BB720BBF0}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{DBC15321-F35C-46F4-851D-520ED75F8227}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{E0BE89DA-238E-47F0-A5C6-3AB25DD3505C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{ED069C94-E620-4036-A73C-40D163D1F9DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F52FE76C-6A82-49D3-806B-A0D5B576F02F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{FDD84DBE-5E89-4419-828A-DD8D1E3F0CB6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01314FBA-15AC-430C-A140-EA73434AFAA5}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{020C30DF-B84F-49B3-9186-F48EC925E7F4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{02586751-A407-40B0-9F5E-9BF236547C9F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{03493FD2-FA04-455E-9187-E0DC389BCE6A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{053E42AE-160E-4602-BA98-42D5BE09364C}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{064F916C-3663-4772-881C-DE9A21AB37FA}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{18B4FA1D-B065-49B0-8141-9F3F9901C263}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{28925926-0391-4124-AEA1-9483701522C6}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"{2A3B823E-C2A5-45C0-A406-09CE067EA907}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{31856DDE-BB66-4A22-9E54-2360A3C21F40}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{35FDDE13-8D71-4E4B-A7C6-CF02D665636C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3611060E-0377-4AAE-9BEC-D228502B3F64}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{367DD1AC-BE2C-4825-8F48-D65F05991878}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{38ED917A-F939-40CE-B72C-76639E88AC99}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3CD11527-14B8-4BAD-BD04-C40F58A09342}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3DB629CD-6D9B-41EA-B012-2132BAF07351}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{404B5E86-B38E-48A1-8760-5466E0653A13}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{411F87BC-6AA1-4645-B315-2E3061DA26F5}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{4DAECA2B-E2CB-498B-9071-169A35F26623}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4E81DBAB-BC92-48F0-BD78-CE6DE9D550C5}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5935B217-3686-4FF8-B5AE-6C899B6B53EA}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{5B10EEAF-8860-4E89-9C49-A768ED94FC16}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{61591828-2AA0-4A63-9490-082C89FBA7A0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{65B20B9F-08D3-4C93-B8C8-81F3664519FE}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{69195D88-3578-47D2-B8EC-181274F49CED}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{6DE05BEC-D3AC-491A-A798-E13481900E34}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{70E6B87F-F57D-4303-8F4B-D900CE5BE4A8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{74D5966C-9E69-464C-954A-78ACEE63D978}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{79A52073-BD51-4628-9859-071AC661AE2F}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{7B386385-2171-45FC-B086-4AA3EFEE7DF1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{7C2C64BF-600F-4E36-9824-01D8D72EA7D3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7D310FF2-1061-4048-9EC2-88E2087C6C93}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{7D6F3428-511C-4FD1-9E22-70E734649680}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7D9C5DC7-C375-4C48-ABC5-B61084778437}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{80CE554F-ED4D-47ED-AAC8-52BF3EF3FD81}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{897060F2-3A16-4FC1-8B09-7DF79FFDE186}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{8A0D36D4-12A3-48CC-BF97-D37E1443D940}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{8A15B178-8998-460B-994E-42A0A5D73461}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{90CA0A27-8B5F-4E10-BD75-766C41DA0DAE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{917CCB7B-6CED-48F7-8620-0FA859998F21}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{930762A9-F6F6-4FEE-9525-1A1568911D99}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{970E5559-559F-4EA6-931D-4F921BB4E9B1}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{9801D5BB-A097-46CC-986D-F3E6D613A6B8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{98F99052-B0F7-415C-B193-CECA56A0080C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{9F418987-8073-4BCA-9A0F-5D4EC2AE977B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{A7E5F1BE-B1A9-47A4-9E62-17CF1C13601D}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{A9B80AF5-E350-45D0-9542-7BCC01767AC1}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B054E651-69FA-49D8-BA6C-660FFCB1660C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B06D3F4E-A2A0-4099-B326-CDC8CB2FF0B2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{B172846D-C154-4866-A464-687A696C8B59}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{B9046082-DA08-41AE-880E-88AFDDA69F99}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BA18DDF8-02A5-4419-BCBF-E3F27366A823}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{BA4A9F2F-2FB9-4FA0-AD1A-2EA147B85D65}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"{BC2447B2-6708-430F-BD29-BFC51A502DFC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BF7B2055-17F3-489C-AB9E-E8EE3092F1CC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C7F714E7-0C9D-46F7-A29D-9392AA805D1B}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{D01A8BC3-09EB-4548-BACF-0087A92C5410}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{D27CF404-58A5-4A4E-A060-1AC68ACB9E89}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{DAE58BAD-B435-46CD-BDF8-66CC1A5ECFD0}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{DC87111C-7E41-46AF-94A2-99EF1A404891}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E13EF6CA-87EB-4BCA-8969-D913C57C06D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E283F549-47EA-4252-BDC6-77E2744F3E38}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{E5DDE536-FBE6-4266-A787-9298E9AF811C}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{E62081BD-B2D6-4F14-9F24-026A72113E2C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E6B12311-AB74-4CB6-8D20-49B6A29F1906}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EC4CF830-3A43-4501-8A2C-A9E920261D50}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{ECBB96ED-01A3-4DAD-B8B5-5F2B9B520A62}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EDCCD23C-7EA4-49ED-A46D-3A925723CF46}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{F0C8818C-4393-498E-A127-0121A520C489}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F6BA6C20-1930-4EE7-909F-39C904E99F22}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{FB2BCFB2-FDCA-41A2-8C80-741A09D4643C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{FDBAF04A-C91E-4E6F-8A5B-FABAF8F942D2}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{FFE0A928-A556-45ED-A235-6D84723C8381}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{FFF133A1-357F-40F9-B4FB-8D3F5FCEB810}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{3F25D132-823F-4043-99A1-901C62591327}C:\users\john\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{AEC36250-0E9E-427C-AB4D-CE6C655BA1F4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D71F4AF0-AA3A-41E3-B48B-EFCB45AD9AA5}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{E041AB44-6406-47B5-A94E-B7ED525F468F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{EA490DCF-F0CE-4F24-BB08-FD249856DAA9}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{62B536C3-182E-4E2B-A3E3-BE1D1E1E7B34}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{9EC2F0D9-271A-4194-86B2-498F54A17CDC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{AA75F2BB-95AC-47B4-91C2-D59C3289B7CA}C:\users\john\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{AE9E6E11-C80A-4E86-9F4A-890CE656443D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{FF4ABCFC-C0DF-4527-815A-6E6D50D6ECF0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C631AC5-3AA0-418F-B132-29F8432F1C19}" = COSMOSWorks 2008 SP03
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{266EB766-9ABB-40D0-AB9F-41EE46D23876}" = SolidWorks 2008 SP03
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv™ Software
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FB418AB-562D-43B4-BA0D-9282AAD8C207}" = Logitech G-series Keyboard Software
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33A9C38A-E3CC-4077-9E24-CBEFCFA76EFA}" = DWGeditor
"{33BAD028-D921-4A9E-8004-89B11E413C6C}" = COSMOSFloWorks 2008 SP03
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40A5DF56-329E-433C-8E79-99807E02F90F}" = Rayman Raving Rabbids
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A385AA5D-4B9C-4BB4-A3D9-8BA006D6E831}" = D-Link Wireless N USB Adapter DWA-130
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}" = SolidWorks Explorer 2008 sp0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA8CA88-8A22-43D1-867F-ABD7944C9815}" = Intel® Network Connections 14.3.0.0
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABBBD1A8-E4C9-4714-A202-17D5F6AE58AC}" = COSMOSM 2008 (2008/040)
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD624CE2-CAD5-421C-B845-F29F4A8BA57B}" = World of Goo
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E69411C0-8D66-4F9C-B6D6-9ED2FB89D0E4}" = eDrawings 2008
"{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}" = Gabbasoft Cube Demo
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FED8A261-FE64-416D-ADDD-3EA1173D3D2D}" = COSMOSMotion 2008 SP03
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CurseClient" = Curse Client
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastCAD" = FastCAD
"Fraps" = Fraps (remove only)
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Guild Wars" = Guild Wars
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSC" = McAfee SecurityCenter
"Network Addon Mod" = Network Addon Mod Version March 2009
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"OpenAL" = OpenAL
"Peggle" = Peggle (remove only)
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Pen Tablet Driver" = Pen Tablet
"PROSetDX" = Intel® Network Connections 14.3.0.0
"RealAlt_is1" = Real Alternative 1.60
"ROSE Online Evolution182" = ROSE Online Evolution
"Star Trek Starfleet Command III" = Star Trek Starfleet Command III
"Starcraft" = Starcraft
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Playerdows\CurrentVersion\Un
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"538e2a4af313161a" = FasterPing
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2009 9:07:38 PM | Computer Name = HikarinoKo | Source = EventSystem | ID = 4621
Description =

Error - 10/12/2009 9:09:50 PM | Computer Name = HikarinoKo | Source = TabletServicePen | ID = 0
Description =

Error - 10/12/2009 9:16:24 PM | Computer Name = HikarinoKo | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18294, time stamp
0x4a6199f8, faulting module VBScript.dll, version 5.7.0.18068, time stamp 0x48237767,
exception code 0xc0000005, fault offset 0x0000148c, process id 0x143c, application
start time 0x01ca4ba2c3c240a2.

Error - 10/12/2009 9:39:45 PM | Computer Name = HikarinoKo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/13/2009 12:25:29 AM | Computer Name = HikarinoKo | Source = EventSystem | ID = 4621
Description =

Error - 10/14/2009 11:07:49 PM | Computer Name = HikarinoKo | Source = EventSystem | ID = 4621
Description =

Error - 10/16/2009 12:17:50 AM | Computer Name = HikarinoKo | Source = EventSystem | ID = 4621
Description =

Error - 10/17/2009 7:43:29 PM | Computer Name = HikarinoKo | Source = Application Hang | ID = 1002
Description = The program googleearth.exe version 5.0.11733.9347 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 144c Start Time: 01ca4f80aca3900b Termination Time: 215

Error - 10/18/2009 1:00:02 AM | Computer Name = HikarinoKo | Source = EventSystem | ID = 4621
Description =

Error - 10/18/2009 5:59:17 PM | Computer Name = HikarinoKo | Source = Application Error | ID = 1000
Description = Faulting application iPodService.exe, version 9.0.1.8, time stamp
0x4ab80678, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00043387, process id 0x1798, application
start time 0x01ca503e3a799d18.

[ Broadcom Wireless LAN Events ]
Error - 9/7/2009 12:42:08 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 12:42:08, Mon, Sep 07, 09 Error - Unable to gain access to user store


Error - 9/9/2009 11:14:56 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 23:14:56, Wed, Sep 09, 09 Error - Unable to gain access to user store


Error - 9/10/2009 12:55:12 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 12:55:12, Thu, Sep 10, 09 Error - Unable to gain access to user store


Error - 9/11/2009 8:25:45 PM | Computer Name = HIKARINOKO | Source = WLAN-Tray | ID = 0
Description = 20:25:45, Fri, Sep 11, 09 Error - Unable to gain access to user store


Error - 9/13/2009 7:10:18 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 19:10:18, Sun, Sep 13, 09 Error - Unable to gain access to user store


Error - 9/19/2009 12:12:29 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 12:12:29, Sat, Sep 19, 09 Error - Unable to gain access to user store


Error - 9/20/2009 6:32:55 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 18:32:55, Sun, Sep 20, 09 Error - Unable to gain access to user store


Error - 9/27/2009 3:42:47 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 15:42:47, Sun, Sep 27, 09 Error - Unable to gain access to user store


Error - 10/1/2009 6:38:19 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 18:38:19, Thu, Oct 01, 09 Error - Unable to gain access to user store


Error - 10/2/2009 7:03:11 PM | Computer Name = HikarinoKo | Source = WLAN-Tray | ID = 0
Description = 19:03:11, Fri, Oct 02, 09 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 12/1/2007 6:48:02 PM | Computer Name = HikarinoKo | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/5/2007 6:57:10 PM | Computer Name = HikarinoKo | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/21/2007 5:22:54 PM | Computer Name = HikarinoKo | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2008 9:08:26 PM | Computer Name = HikarinoKo | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/24/2008 2:34:38 AM | Computer Name = HikarinoKo | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 11:24:47 AM | Computer Name = HikarinoKo | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/18/2009 10:40:54 PM | Computer Name = HikarinoKo | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/12/2009 4:54:23 PM | Computer Name = HikarinoKo | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/25/2009 1:03:10 PM | Computer Name = HikarinoKo | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/31/2009 6:08:55 PM | Computer Name = HikarinoKo | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 10/18/2009 12:40:18 AM | Computer Name = HikarinoKo | Source = HTTP | ID = 15016
Description =

Error - 10/18/2009 12:41:01 AM | Computer Name = HikarinoKo | Source = Service Control Manager | ID = 7026
Description =

Error - 10/18/2009 8:02:38 AM | Computer Name = HikarinoKo | Source = HTTP | ID = 15016
Description =

Error - 10/18/2009 8:06:21 AM | Computer Name = HikarinoKo | Source = Service Control Manager | ID = 7043
Description =

Error - 10/18/2009 8:08:03 AM | Computer Name = HikarinoKo | Source = HTTP | ID = 15016
Description =

Error - 10/18/2009 8:08:36 AM | Computer Name = HikarinoKo | Source = Service Control Manager | ID = 7026
Description =

Error - 10/18/2009 5:57:13 PM | Computer Name = HikarinoKo | Source = HTTP | ID = 15016
Description =

Error - 10/18/2009 5:57:49 PM | Computer Name = HikarinoKo | Source = Service Control Manager | ID = 7026
Description =

Error - 10/18/2009 5:59:17 PM | Computer Name = HikarinoKo | Source = Service Control Manager | ID = 7023
Description =

Error - 10/18/2009 5:59:43 PM | Computer Name = HikarinoKo | Source = DCOM | ID = 10010
Description =


< End of report >


OTL logfile created on: 10/18/2009 6:03:48 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.71% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.79 Gb Total Space | 175.65 Gb Free Space | 38.45% Space Free | Partition Type: NTFS
Drive D: | 8.97 Gb Total Space | 4.35 Gb Free Space | 48.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIKARINOKO
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe (Intel® Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPS\mps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPS\mpsevh.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Users\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\bcmwltry.exe (Broadcom Corporation)
PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\Windows\System32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Windows\System32\dlbkcoms.exe ( )
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WISPTIS.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\WLTRAY.EXE (Broadcom Corporation)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (AlertService [Auto | Running]) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dlbk_device [Auto | Running]) -- C:\Windows\System32\dlbkcoms.exe ( )
SRV - (DQLWinService [Auto | Running]) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Emproxy [On_Demand | Stopped]) -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe (McAfee, Inc.)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [Disabled | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (gupdate1c98b21879bd73f [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ISSM [Auto | Running]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (M1 Server [Auto | Running]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (McAfee HackerWatch Service [Auto | Running]) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
SRV - (MCLServiceATL [Auto | Running]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [Auto | Running]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McRedirector [Auto | Running]) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Auto | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (mi-raysat_3dsmax2010_32 [Auto | Running]) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MPS9 [Auto | Running]) -- C:\Program Files\McAfee\MPS\mps.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PSI_SVC_2 [Auto | Running]) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Remote Solver for COSMOSFloWorks 2008 [Auto | Running]) -- C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe ()
SRV - (Remote UI Service [Auto | Running]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SiteAdvisor Service [Disabled | Stopped]) -- C:\Program Files\SiteAdvisor\6261\SAService.exe ()
SRV - (SolidWorks Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (StarWindServiceAE [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (Steam Client Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TabletServicePen [Auto | Running]) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (VMAuthdService [Disabled | Stopped]) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP [Disabled | Stopped]) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (vmount2 [Disabled | Stopped]) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (VMware NAT Service [Disabled | Stopped]) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adfs [Auto | Running]) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (Cdr4_xp [System | Running]) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (ctac32k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (e1express [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (emupia [On_Demand | Running]) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha20x2k [On_Demand | Running]) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (hcmon [Auto | Running]) -- C:\Windows\System32\Drivers\hcmon.sys (VMware, Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IAMTV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\IAMTV.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntelDH [On_Demand | Running]) -- C:\Windows\System32\Drivers\IntelDH.sys (Intel Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (nmsgopro [Auto | Running]) -- C:\Windows\System32\DRIVERS\nmsgopro.sys (Gteko Ltd.)
DRV - (nmsunidr [Auto | Running]) -- C:\Windows\System32\DRIVERS\nmsunidr.sys (Gteko Ltd.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (Point32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\point32k.sys (Microsoft Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (TSHWMDTCP [On_Demand | Stopped]) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vmkbd [On_Demand | Running]) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetAdapter [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys (VMware, Inc.)
DRV - (VMnetBridge [Auto | Running]) -- C:\Windows\System32\DRIVERS\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetuserif [Auto | Running]) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMparport [Auto | Running]) -- C:\Windows\System32\Drivers\VMparport.sys (VMware, Inc.)
DRV - (vmx86 [Auto | Running]) -- C:\Windows\System32\Drivers\vmx86.sys (VMware, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vstor2 [Auto | Running]) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (wacmoumonitor [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\WacomVKHid.sys (Wacom Technology)
DRV - (winusb [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\winusb.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=FX530XV
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=FX530XV
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...P&M=FX530XV

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=FX530XV
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: FFClickOnce@softwarepunk.com:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.86
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/startpage|google.com"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:15:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/20 20:03:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/20 20:03:41 | 00,000,000 | ---D | M]

[2008/09/04 09:56:38 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Extensions
[2008/09/04 09:56:38 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/12 21:16:58 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions
[2009/09/07 21:21:04 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/29 18:50:30 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/05/30 12:42:02 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/30 12:42:02 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/10/12 21:16:58 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\DTToolbar@toolbarnet.com
[2009/02/24 11:44:57 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\es-es@dictionaries.addons.mozilla.org
[2008/08/10 20:59:07 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\FFClickOnce@softwarepunk.com
[2009/09/29 18:50:29 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\foxmarks@kei.com
[2009/01/19 21:40:22 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\moveplayer@movenetworks.com
[2009/09/29 18:50:20 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\6w2ctc5x.default\extensions\nasanightlaunch@example.com
[2009/10/12 21:16:15 | 00,002,399 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\FireFox\Profiles\6w2ctc5x.default\searchplugins\daemon-search.xml
[2007/12/20 13:05:29 | 00,002,386 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\FireFox\Profiles\6w2ctc5x.default\searchplugins\siteadvisor.xml
[2008/09/10 15:47:14 | 00,001,546 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\FireFox\Profiles\6w2ctc5x.default\searchplugins\wowhead.xml
[2009/09/29 18:50:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/14 16:27:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/28 08:43:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2008/09/04 09:56:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/04/14 16:27:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/14 16:27:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/12/12 20:42:04 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/12/11 15:44:44 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/01/16 02:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/04/14 16:27:40 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/10/07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/20 20:03:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/20 20:03:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/20 20:03:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/20 20:03:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/20 20:03:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/20 20:03:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/20 20:03:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/10/07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/09/04 09:56:32 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/04 09:56:32 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/04 09:56:32 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/19 14:55:26 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/04 09:56:32 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/04 09:56:32 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/04 09:56:32 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (324330 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11103 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Broadcom Corporation)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 00,000,053 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{717672fc-db7b-11dd-b317-0019d16a32b6}\Shell - "" = AutoRun
O33 - MountPoints2\{717672fc-db7b-11dd-b317-0019d16a32b6}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -- File not found
O33 - MountPoints2\P\Shell - "" = AutoRun
O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/20 20:05:49 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/05 20:19:17 | 00,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2009/10/12 21:17:44 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/09/30 22:10:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/30 20:41:55 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/12 21:16:01 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2009/09/30 22:10:09 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2009/09/30 20:40:48 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/05 20:19:17 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\2DBoy
[2009/10/05 20:17:36 | 00,000,000 | ---D | C] -- C:\Program Files\Brighter Minds Media
[2009/10/12 21:16:05 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/09/24 18:59:35 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/24 18:59:34 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/30 22:10:00 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/20 20:02:50 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/30 20:40:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/01 23:40:25 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/10/18 18:02:22 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2009/10/14 17:14:26 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/14 17:14:19 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/14 17:14:19 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/14 17:14:18 | 01,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/14 17:14:18 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/14 17:14:17 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/14 17:14:15 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/14 17:14:14 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/14 17:14:12 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/14 17:14:12 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/14 17:14:11 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/14 17:14:09 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/14 17:14:09 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/14 17:14:08 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/14 17:14:08 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/14 17:14:06 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/14 17:14:00 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/14 17:13:49 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/14 17:13:49 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/14 17:13:32 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/14 17:13:31 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/14 17:13:28 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/14 17:13:26 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/14 17:13:26 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/14 17:13:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/14 17:13:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/14 17:13:06 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/03 16:11:53 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/03 16:11:53 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/03 16:11:52 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/03 16:11:52 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/03 16:10:54 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/03 16:10:54 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/03 16:10:54 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/03 16:10:36 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/03 16:10:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/09/30 22:10:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/30 22:10:01 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/30 21:52:37 | 00,472,064 | ---- | C] ( ) -- C:\Users\John\Desktop\RootRepeal.exe
[2009/09/20 20:07:16 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/09/20 20:07:16 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2007/04/17 17:24:03 | 00,034,816 | ---- | C] ( ) -- C:\Windows\System32\A3D.DLL
[2007/03/21 13:41:30 | 00,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2007/01/30 14:47:52 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2007/01/30 14:46:00 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2007/01/30 14:38:18 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[2007/01/30 14:36:30 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2007/01/30 14:35:00 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2007/01/30 14:32:06 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2007/01/30 14:31:08 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2007/01/30 14:30:30 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2007/01/30 14:22:32 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2007/01/30 14:21:46 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2007/01/30 14:17:02 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009/10/18 18:03:00 | 00,361,858 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/18 18:03:00 | 00,327,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/18 18:03:00 | 00,042,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/18 18:02:23 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2009/10/18 17:59:59 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/10/18 17:59:13 | 00,115,702 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/10/18 17:58:26 | 00,115,702 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/18 17:58:23 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C015C757-2E55-4B2B-A2BC-0A4E08CCB36E}.job
[2009/10/18 17:58:06 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/18 17:57:14 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/18 17:57:14 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/18 17:57:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/18 17:57:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/18 17:57:07 | 34,862,24384 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/18 08:57:13 | 00,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2009/10/18 08:57:13 | 00,053,968 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2009/10/18 08:57:13 | 00,053,968 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2009/10/18 08:57:13 | 00,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2009/10/18 08:57:13 | 00,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2009/10/18 08:56:52 | 00,031,812 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/10/18 08:37:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/18 08:19:02 | 05,695,776 | ---- | M] () -- C:\Users\John\Desktop\091016_0784-1363_800-450.avi
[2009/10/18 08:17:01 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120350716-3939426360-3702466338-1001UA.job
[2009/10/16 23:53:09 | 03,639,432 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2009/10/14 19:21:07 | 00,002,589 | ---- | M] () -- C:\Users\John\Desktop\Rosetta Stone Version 3.lnk
[2009/10/12 21:23:15 | 00,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2009/10/12 21:17:36 | 00,002,037 | ---- | M] () -- C:\Users\John\Desktop\Google Chrome.lnk
[2009/10/12 21:17:09 | 00,003,919 | ---- | M] () -- C:\Users\John\Desktop\Alcohol_120__Retail_v1.9.8.7612.5098359.TPB.torrent
[2009/10/11 23:42:35 | 00,148,734 | ---- | M] () -- C:\Users\John\Desktop\Rosetta.Stone.V.3.3.5.Plus.Language.Packs.5102611.TPB.torrent
[2009/10/11 12:17:00 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120350716-3939426360-3702466338-1001Core.job
[2009/10/08 19:55:10 | 48,121,344 | ---- | M] () -- C:\Users\John\Desktop\The Philips Phile Wed 9-23-09.mp3
[2009/10/08 19:54:02 | 48,264,984 | ---- | M] () -- C:\Users\John\Desktop\The Philips Phile Thu 9-24-09.mp3
[2009/10/08 19:53:29 | 48,060,504 | ---- | M] () -- C:\Users\John\Desktop\The Philips Phile Fri 9-25-09.mp3
[2009/10/05 20:18:33 | 00,001,053 | ---- | M] () -- C:\Users\John\Desktop\World of Goo.lnk
[2009/10/04 23:48:01 | 00,000,000 | ---- | M] () -- C:\Users\John\Desktop\settings.dat
[2009/10/04 23:41:40 | 02,129,408 | ---- | M] () -- C:\Users\John\Desktop\warlock_dps_v320a.xls
[2009/10/03 12:42:41 | 00,010,792 | ---- | M] () -- C:\Windows\System32\Support.xml
[2009/10/02 19:11:04 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/09/30 22:10:05 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 21:52:37 | 00,472,064 | ---- | M] ( ) -- C:\Users\John\Desktop\RootRepeal.exe
[2009/09/30 21:51:04 | 00,361,369 | ---- | M] () -- C:\Users\John\Desktop\dds.scr
[2009/09/30 21:38:36 | 00,002,337 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks 2008 SP3.0.lnk
[2009/09/30 20:40:53 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/28 20:28:29 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/25 22:26:49 | 00,075,264 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/25 22:26:46 | 35,376,538 | ---- | M] () -- C:\Users\John\Desktop\English version.wmv

========== Files - No Company Name ==========
[2009/10/18 18:06:41 | 00,291,328 | ---- | C] () -- C:\Users\John\Desktop\d0105fh8.exe
[2009/10/18 08:18:57 | 05,695,776 | ---- | C] () -- C:\Users\John\Desktop\091016_0784-1363_800-450.avi
[2009/10/12 21:23:15 | 00,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2009/10/12 21:17:09 | 00,003,919 | ---- | C] () -- C:\Users\John\Desktop\Alcohol_120__Retail_v1.9.8.7612.5098359.TPB.torrent
[2009/10/11 23:42:32 | 00,148,734 | ---- | C] () -- C:\Users\John\Desktop\Rosetta.Stone.V.3.3.5.Plus.Language.Packs.5102611.TPB.torrent
[2009/10/08 19:54:42 | 48,121,344 | ---- | C] () -- C:\Users\John\Desktop\The Philips Phile Wed 9-23-09.mp3
[2009/10/08 19:53:36 | 48,264,984 | ---- | C] () -- C:\Users\John\Desktop\The Philips Phile Thu 9-24-09.mp3
[2009/10/08 19:52:45 | 48,060,504 | ---- | C] () -- C:\Users\John\Desktop\The Philips Phile Fri 9-25-09.mp3
[2009/10/05 20:18:33 | 00,001,053 | ---- | C] () -- C:\Users\John\Desktop\World of Goo.lnk
[2009/10/04 23:48:01 | 00,000,000 | ---- | C] () -- C:\Users\John\Desktop\settings.dat
[2009/10/02 19:11:04 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/30 22:10:05 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 21:51:03 | 00,361,369 | ---- | C] () -- C:\Users\John\Desktop\dds.scr
[2009/09/30 20:40:53 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/25 22:24:41 | 35,376,538 | ---- | C] () -- C:\Users\John\Desktop\English version.wmv
[2009/09/24 19:00:48 | 00,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/15 14:45:56 | 00,000,000 | ---- | C] () -- C:\Windows\Sfc3ng.ini
[2009/06/15 21:51:17 | 00,115,702 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/15 21:50:35 | 00,115,702 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/01 19:30:10 | 00,000,600 | ---- | C] () -- C:\Users\John\AppData\Local\PUTTY.RND
[2009/05/24 11:18:14 | 00,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/05/24 11:18:14 | 00,000,088 | RHS- | C] () -- C:\ProgramData\715B4EC147.sys
[2009/03/15 12:41:35 | 00,008,704 | ---- | C] () -- C:\Windows\System32\ibfs32.dll
[2009/03/15 12:31:16 | 00,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2008/09/04 15:34:46 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/25 10:59:45 | 00,000,196 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/07/21 20:42:32 | 00,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/04/07 02:20:06 | 03,639,432 | -H-- | C] () -- C:\Users\John\AppData\Local\IconCache.db
[2008/03/26 20:06:10 | 00,000,552 | ---- | C] () -- C:\Users\John\AppData\Local\d3d8caps.dat
[2008/02/05 13:28:20 | 00,000,051 | ---- | C] () -- C:\Users\John\AppData\Local\setup.txt
[2007/12/11 15:46:02 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/12/11 15:44:28 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/12/11 15:44:28 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/12/11 15:43:44 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/10/17 19:32:11 | 00,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2007/09/19 18:26:40 | 00,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2007/08/21 20:46:34 | 00,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2007/08/06 00:30:45 | 00,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2007/07/27 11:36:15 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{92f64726-3c4e-11dc-8c27-0019d16a32b6}.TMContainer00000000000000000002.regtrans-ms
[2007/07/27 11:36:15 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{92f64726-3c4e-11dc-8c27-0019d16a32b6}.TMContainer00000000000000000001.regtrans-ms
[2007/07/27 11:36:15 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{92f64714-3c4e-11dc-8c27-0019d16a32b6}.TMContainer00000000000000000002.regtrans-ms
[2007/07/27 11:36:15 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{92f64714-3c4e-11dc-8c27-0019d16a32b6}.TMContainer00000000000000000001.regtrans-ms
[2007/07/27 11:36:15 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/07/27 11:36:15 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{92f64726-3c4e-11dc-8c27-0019d16a32b6}.TM.blf
[2007/07/27 11:36:15 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{92f64714-3c4e-11dc-8c27-0019d16a32b6}.TM.blf
[2007/07/27 11:36:15 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/07/27 11:36:15 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/07/08 20:40:24 | 00,024,064 | ---- | C] () -- C:\Users\John\AppData\Roaming\UserTile.png
[2007/04/20 19:01:25 | 00,075,264 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/20 18:55:22 | 00,116,656 | ---- | C] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/04/17 17:24:05 | 00,000,269 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2007/04/17 17:24:05 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/04/17 17:24:03 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2007/04/17 16:46:10 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/04/17 16:40:31 | 00,065,154 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2007/04/17 16:40:31 | 00,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2007/03/21 13:53:26 | 00,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2007/03/21 13:53:16 | 00,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2007/03/21 13:41:20 | 00,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2007/02/22 22:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2007/02/07 22:58:00 | 00,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/12/11 18:32:50 | 00,003,554 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/12/11 18:30:10 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,244 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 12:09:34 | 00,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/12/16 19:15:44 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2005/09/13 21:27:08 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2005/09/13 21:27:08 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
[1997/06/13 21:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/10/12 21:16:01 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming
[2009/06/26 17:54:25 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\acccore
[2009/09/09 22:14:20 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon
[2009/05/25 23:11:49 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
[2009/07/06 09:10:13 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Coding4Fun
[2009/05/24 11:18:17 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Corel
[2008/04/12 14:51:51 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CyberLink
[2009/10/12 21:18:31 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools
[2009/10/12 21:18:31 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2009/04/20 15:24:19 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DassaultSystemes
[2009/08/09 19:56:40 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\dvdcss
[2009/03/15 12:40:09 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DWGeditor
[2009/06/07 22:40:15 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\e-on software
[2007/11/17 22:07:06 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2007/07/27 12:42:21 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MusicNet
[2009/03/11 15:46:32 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PTC
[2007/04/20 19:10:52 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SampleView
[2008/09/04 16:19:45 | 00,000,000 | RH-D | M] -- C:\Users\John\AppData\Roaming\SecuROM
[2009/09/30 21:38:49 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SolidWorks
[2009/03/30 12:01:38 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SolidWorks 2008
[2008/09/23 18:29:32 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SPORE
[2008/08/23 16:54:16 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SPORE Creature Creator
[2007/10/17 19:32:10 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2009/03/12 16:34:49 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uk.co.planetside
[2009/10/12 21:30:40 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2008/06/14 16:02:21 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Ventrilo
[2007/08/28 00:43:26 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WowAce
[2009/10/18 17:58:12 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WTablet
[2008/08/04 19:10:04 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Xfire
[2009/10/18 17:59:59 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/10/18 17:58:06 | 00,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/18 08:37:00 | 00,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/11 12:17:00 | 00,000,852 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120350716-3939426360-3702466338-1001Core.job
[2009/10/18 08:17:01 | 00,000,904 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120350716-3939426360-3702466338-1001UA.job
[2009/08/15 10:17:44 | 00,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/08/01 01:00:14 | 00,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/10/18 17:57:13 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/18 08:56:52 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/18 17:58:23 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C015C757-2E55-4B2B-A2BC-0A4E08CCB36E}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 497 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >



I downloaded the file you included. When I ran the first time, it ran for a couple of minutes, and when it reached \Device\HarddiskVolumeShadowCopy1 , the computer gave me a "this program has stopped working" massage and shut it down. Second try I got a Blue Screen of Death and had to hard reboot. Third try was exactly the same as the first, error on \Device\HarddiskVolumeShadowCopy1 and shutdown.

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 18 October 2009 - 06:27 PM

Hmm ok try this program.

Download RootRepeal from one of the following locations:Unzip it to your Desktop.
  • Right click RootRepeal.exe and choose "Run as Administrator" to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan should not take very long. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
Please copy and paste the report into your Post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 darthkurai

darthkurai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 18 October 2009 - 10:28 PM

Ok ... I tried RootRepeal, but it freezes after it reaches a certain file (stayed the same for 30 minutes). I had to close it, and not when I try to run it I get an error:

23:27:59: Could not get the name for PID 4.
23:27:59: Could not get the name for PID 500.
23:27:59: Could not get the name for PID 568.
23:27:59: Could not get the name for PID 620.
23:27:59: Could not get the name for PID 628.
23:27:59: Could not get the name for PID 664.
23:27:59: Could not get the name for PID 692.
23:27:59: Could not get the name for PID 700.
23:27:59: Could not get the name for PID 844.
23:27:59: Could not get the name for PID 888.
23:27:59: Could not get the name for PID 920.
23:27:59: Could not get the name for PID 1012.
23:27:59: Could not get the name for PID 1044.
23:27:59: Could not get the name for PID 1064.
23:27:59: Could not get the name for PID 1124.
23:27:59: Could not get the name for PID 1148.
23:27:59: Could not get the name for PID 1208.
23:27:59: Could not get the name for PID 1248.
23:27:59: Could not get the name for PID 1356.
23:27:59: Could not get the name for PID 1492.
23:27:59: Could not get the name for PID 1504.
23:27:59: Could not get the name for PID 1588.
23:27:59: Could not get the name for PID 1612.
23:27:59: Could not get the name for PID 408.
23:27:59: Could not get the name for PID 368.
23:27:59: Could not get the name for PID 432.
23:27:59: Could not get the name for PID 508.
23:27:59: Could not get the name for PID 548.
23:27:59: Could not get the name for PID 1364.
23:27:59: Could not get the name for PID 1868.
23:27:59: Could not get the name for PID 1460.
23:27:59: Could not get the name for PID 2044.
23:27:59: Could not get the name for PID 832.
23:27:59: Could not get the name for PID 1956.
23:27:59: Could not get the name for PID 2084.
23:27:59: Could not get the name for PID 2132.
23:27:59: Could not get the name for PID 2172.
23:27:59: Could not get the name for PID 2204.
23:27:59: Could not get the name for PID 2308.
23:27:59: Could not get the name for PID 2328.
23:27:59: Could not get the name for PID 2356.
23:27:59: Could not get the name for PID 2448.
23:27:59: Could not get the name for PID 2516.
23:27:59: Could not get the name for PID 2616.
23:27:59: Could not get the name for PID 2772.
23:27:59: Could not get the name for PID 3336.
23:27:59: Could not get the name for PID 3368.
23:27:59: Could not get the name for PID 3380.
23:27:59: Could not get the name for PID 3392.
23:27:59: Could not get the name for PID 3408.
23:27:59: Could not get the name for PID 3416.
23:27:59: Could not get the name for PID 3424.
23:27:59: Could not get the name for PID 3432.
23:27:59: Could not get the name for PID 3464.
23:27:59: Could not get the name for PID 3772.
23:27:59: Could not get the name for PID 3856.
23:27:59: Could not get the name for PID 3864.
23:27:59: Could not get the name for PID 3908.
23:27:59: Could not get the name for PID 3996.
23:27:59: Could not get the name for PID 2892.
23:27:59: Could not get the name for PID 2900.
23:27:59: Could not get the name for PID 2704.
23:27:59: Could not get the name for PID 3064.
23:27:59: Could not get the name for PID 2728.
23:27:59: Could not get the name for PID 4164.
23:27:59: Could not get the name for PID 4256.
23:27:59: Could not get the name for PID 4564.
23:27:59: Could not get the name for PID 4668.
23:27:59: Could not get the name for PID 4816.
23:27:59: Could not get the name for PID 4900.
23:27:59: Could not get the name for PID 4920.
23:27:59: Could not get the name for PID 5004.
23:27:59: Could not get the name for PID 5028.
23:27:59: Could not get the name for PID 5060.
23:27:59: Could not get the name for PID 5216.
23:27:59: Could not get the name for PID 5244.
23:27:59: Could not get the name for PID 5284.
23:27:59: Could not get the name for PID 5300.
23:27:59: Could not get the name for PID 5308.
23:27:59: Could not get the name for PID 5324.
23:27:59: Could not get the name for PID 5380.
23:27:59: Could not get the name for PID 5484.
23:27:59: Could not get the name for PID 5708.
23:27:59: Could not get the name for PID 5768.
23:27:59: Could not get the name for PID 5836.
23:27:59: Could not get the name for PID 6140.
23:27:59: Could not get the name for PID 4040.
23:27:59: Could not get the name for PID 2632.
23:27:59: Could not get the name for PID 3848.
23:27:59: Could not get the name for PID 1708.
23:27:59: Could not get the name for PID 4632.
23:27:59: Could not get the name for PID 4052.
23:27:59: Could not get the name for PID 5544.
23:27:59: Could not get the name for PID 2500.
23:27:59: Could not get the name for PID 3652.
23:27:59: Could not get the name for PID 744.
23:27:59: Could not get the name for PID 5868.
23:27:59: Could not get the name for PID 3556.
23:27:59: Could not get the name for PID 7676.
23:27:59: Could not get the name for PID 6496.
23:27:59: Could not get the name for PID 7100.
23:27:59: Could not get the name for PID 7512.
23:27:59: Could not get the name for PID 5500.
23:27:59: Could not get the name for PID 5020.
23:27:59: Could not get the name for PID 7864.
23:27:59: Could not get the name for PID 1008.
23:27:59: DeviceIoControl Error! Error Code = 0x0
23:27:59: DeviceIoControl Error! Error Code = 0x0

#7 darthkurai

darthkurai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 18 October 2009 - 10:39 PM

strangely ... way after this happened, I got a random message pop up "rootrepeal has stopped working". I re-launched and a report was waiting for me there:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 23:38
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 368 Status: -

Path: C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PID: 408 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 432 Status: -

Path: C:\Windows\System32\smss.exe
PID: 500 Status: -

Path: C:\Windows\System32\dlbkcoms.exe
PID: 508 Status: -

Path: C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PID: 548 Status: -

Path: C:\Windows\System32\csrss.exe
PID: 568 Status: -

Path: C:\Windows\System32\wininit.exe
PID: 620 Status: -

Path: C:\Windows\System32\csrss.exe
PID: 628 Status: -

Path: C:\Windows\System32\services.exe
PID: 664 Status: -

Path: C:\Windows\System32\lsass.exe
PID: 692 Status: -

Path: C:\Windows\System32\lsm.exe
PID: 700 Status: -

Path: C:\Program Files\Logitech\G-series Software\LCDMon.exe
PID: 744 Status: -

Path: C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
PID: 832 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 844 Status: -

Path: C:\Windows\System32\nvvsvc.exe
PID: 888 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 920 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1012 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1044 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1064 Status: -

Path: C:\Windows\System32\audiodg.exe
PID: 1124 Status: Locked to the Windows API!

Path: C:\Windows\System32\winlogon.exe
PID: 1148 Status: -

Path: C:\Windows\System32\SLsvc.exe
PID: 1208 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1248 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1356 Status: -

Path: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PID: 1364 Status: -

Path: C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
PID: 1460 Status: -

Path: C:\Windows\System32\WLTRYSVC.EXE
PID: 1492 Status: -

Path: C:\Windows\System32\BCMWLTRY.EXE
PID: 1504 Status: -

Path: C:\Windows\System32\spoolsv.exe
PID: 1588 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1612 Status: -

Path: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 1708 Status: -

Path: C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PID: 1868 Status: -

Path: C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
PID: 1956 Status: -

Path: C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
PID: 2044 Status: -

Path: C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PID: 2084 Status: -

Path: C:\Program Files\McAfee\MPF\MpfSrv.exe
PID: 2132 Status: -

Path: C:\PROGRA~1\McAfee\MPS\mps.exe
PID: 2172 Status: -

Path: C:\Program Files\McAfee\MSK\msksrver.exe
PID: 2204 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2308 Status: -

Path: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PID: 2328 Status: -

Path: C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
PID: 2356 Status: -

Path: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PID: 2448 Status: -

Path: C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PID: 2500 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2516 Status: -

Path: C:\Windows\System32\Pen_Tablet.exe
PID: 2616 Status: -

Path: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 2632 Status: -

Path: C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PID: 2704 Status: -

Path: C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PID: 2728 Status: -

Path: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 2772 Status: -

Path: C:\Windows\System32\WTablet\Pen_TabletUser.exe
PID: 2892 Status: -

Path: C:\Windows\System32\Pen_Tablet.exe
PID: 2900 Status: -

Path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PID: 3064 Status: -

Path: C:\Windows\System32\dwm.exe
PID: 3336 Status: -

Path: C:\Windows\System32\nvvsvc.exe
PID: 3368 Status: -

Path: C:\Windows\explorer.exe
PID: 3380 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 3392 Status: -

Path: C:\Windows\System32\wisptis.exe
PID: 3408 Status: -

Path: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PID: 3416 Status: -

Path: C:\Windows\System32\wisptis.exe
PID: 3424 Status: -

Path: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PID: 3432 Status: -

Path: C:\Windows\System32\SearchIndexer.exe
PID: 3464 Status: -

Path: C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
PID: 3556 Status: -

Path: C:\Windows\System32\wuauclt.exe
PID: 3652 Status: -

Path: C:\Program Files\McAfee\MPS\mpsevh.exe
PID: 3772 Status: -

Path: C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PID: 3848 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 3856 Status: -

Path: C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PID: 3864 Status: -

Path: C:\Windows\System32\WUDFHost.exe
PID: 3908 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 3996 Status: -

Path: C:\Windows\System32\wbem\unsecapp.exe
PID: 4040 Status: -

Path: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
PID: 4052 Status: -

Path: C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PID: 4164 Status: -

Path: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
PID: 4256 Status: -

Path: C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
PID: 4564 Status: -

Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 4632 Status: -

Path: C:\Windows\System32\mobsync.exe
PID: 4668 Status: -

Path: C:\Windows\System32\CtHelper.exe
PID: 4816 Status: -

Path: C:\Windows\System32\CTXFIHLP.EXE
PID: 4900 Status: -

Path: C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PID: 4920 Status: -

Path: C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PID: 5004 Status: -

Path: C:\Windows\System32\WLTRAY.EXE
PID: 5028 Status: -

Path: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PID: 5060 Status: -

Path: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PID: 5216 Status: -

Path: C:\Program Files\Logitech\G-series Software\LGDCore.exe
PID: 5244 Status: -

Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 5284 Status: -

Path: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 5300 Status: -

Path: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 5308 Status: -

Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 5324 Status: -

Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 5380 Status: -

Path: C:\Program Files\DAEMON Tools Lite\daemon.exe
PID: 5484 Status: -

Path: C:\Program Files\McAfee\MSC\mcuimgr.exe
PID: 5544 Status: -

Path: C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PID: 5708 Status: -

Path: C:\Windows\System32\CTXFISPI.EXE
PID: 5768 Status: -

Path: C:\Windows\System32\svchost.exe
PID: 5836 Status: -

Path: C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
PID: 5868 Status: -

Path: C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PID: 6140 Status: -

Path: C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
PID: 6432 Status: -

Path: C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
PID: 6496 Status: -

Path: C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
PID: 7100 Status: -

Path: C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
PID: 7512 Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 8464 Status: -

Path: C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
PID: 8932 Status: -

Path: C:\Windows\System32\dllhost.exe
PID: 9524 Status: -

Path: C:\Windows\System32\dllhost.exe
PID: 9560 Status: -

Path: C:\Users\John\Desktop\RootRepeal.exe
PID: 9588 Status: -

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 18 October 2009 - 11:04 PM

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
====================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 darthkurai

darthkurai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 19 October 2009 - 05:24 PM

kadah, here is my log:

Malwarebytes' Anti-Malware 1.41
Database version: 2985
Windows 6.0.6001 Service Pack 1

10/19/2009 6:12:28 PM
mbam-log-2009-10-19 (18-12-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 771958
Time elapsed: 2 hour(s), 54 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 22 October 2009 - 07:07 AM

Do you have the online scanner log?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 darthkurai

darthkurai
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 October 2009 - 08:55 PM

kahdah ... I have tried the online scaner several times, but it always reaches about 32% and encounters an error and closes. Up to that point, it has found no threat.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 23 October 2009 - 07:20 AM

Ok try the following please:

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users