Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs not updating


  • This topic is locked This topic is locked
28 replies to this topic

#1 stevek1948

stevek1948

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 27 December 2009 - 02:36 AM

Hello,

Lately, I've noticed that some programs that try to update themselves (not by opening a browser) get an error box stating that they are unable to connect. Enen if I hit the update button. I tried turning off my security programs ie: Eset Smart Security, WinPatrol, SpywareBlaster. Still not connecting. Otherwise, I'm able to connect through my browser and email. I was wondering if I picked something up that might cause that. Any help would be appreciated.


DDS (Ver_09-12-01.01) - NTFSX64
Run by Steve at 19:36:31.66 on Sat 12/26/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4093.1993 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\MHotKey.exe
C:\Windows\RAVCpl64.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Form Pilot Pro\fppragent.exe
C:\Program Files (x86)\ClipMate7\ClipMate.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Weather Watcher\ww.exe
C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\AnVir Task Manager Pro\AnVir.exe
C:\Program Files (x86)\1st Clock\1stClock.exe
C:\Program Files (x86)\Bookmark Buddy\BmkBuddy.exe
C:\Program Files (x86)\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\1st Clock\ClockApi64.exe
C:\Program Files (x86)\Mass Downloader\massdown.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe
C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Vista Start Menu\VistaHookApp.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe
C:\program files (x86)\mozilla firefox\firefox.exe
C:\Program Files (x86)\Mass Downloader\LowCookies.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Steve\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
uWindow Title = Steve Kecskes
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files (x86)\techsmith\snagit 8\SnagItBHO.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6d53ec84-6aae-4787-aeee-f4628f01010c} - Symantec Intrusion Prevention
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Bookmark Buddy Helper: {c6ceac32-d45c-11d4-94af-0050babd5fd6} - c:\program files (x86)\bookmark buddy\UrlOrgIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files (x86)\techsmith\snagit 8\SnagItIEAddin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ClipMate7] c:\program files (x86)\clipmate7\ClipMate.exe
uRun: [Sidebar] c:\program files (x86)\windows sidebar\SideBar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WeatherWatcher] c:\program files (x86)\weather watcher\ww.exe
uRun: [Registry Cleaner Scheduler] "c:\program files (x86)\cleanmypc\registry cleaner\RCHelper.exe" /startup
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [AlcoholAutomount] "c:\program files (x86)\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [MSCS] c:\program files (x86)\maxa cookie manager\Cookie.exe /autorun
uRun: [VistaStartMenu] c:\program files (x86)\vista start menu\VistaStartMenu.exe
uRun: [USB Safely Remove] c:\program files (x86)\usb safely remove\USBSafelyRemove.exe /startup
uRun: [RoboForm] "c:\program files (x86)\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [AnVir Task Manager Pro] "c:\program files (x86)\anvir task manager pro\AnVir.exe" Minimized
mRun: [Smart Copy] "c:\program files (x86)\ioi\smart copy\ButtonMonitor.exe" -A
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [WinPatrol] "c:\program files (x86)\billp studios\winpatrol\winpatrol.exe" -expressboot
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files (x86)\acronis\trueimagehome\TimounterMonitor.exe
mRun: [PivotSoftware] "c:\program files (x86)\portrait displays\pivot software\wpctrl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Display] c:\program files (x86)\apc\apc powerchute personal edition\DataCollectionLauncher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\1stclo~1.lnk - c:\program files (x86)\1st clock\1stClock.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\bookma~1.lnk - c:\program files (x86)\bookmark buddy\BmkBuddy.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\hddlife.lnk - c:\program files (x86)\binarysense\hddlife 3\HDDlifePro.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - c:\program files (x86)\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\massdo~1.lnk - c:\program files (x86)\mass downloader\massdown.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: + &Mass Downloader: download this file - c:\program files (x86)\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files (x86)\mass downloader\Add_All.htm
IE: Customize Menu - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: Sothink SWF Catcher - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files (x86)\mass downloader\massdown.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files (x86)\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files (x86)\common files\binarysense\hlAPP.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: Directory Opus Shell Execute Hook: {ee761688-c137-4b04-8fab-3c9cdf0886f0} - c:\program files\gpsoftware\directory opus\dopuslib32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
IFEO: taskmgr.exe - "c:\program files (x86)\anvir task manager pro\AnVir.exe"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun-x64: [Form Pilot Pro virtual printer agent] "c:\program files\form pilot pro\fppragent.exe"
SEH-X64: Directory Opus Shell Execute Hook: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - c:\program files\gpsoftware\directory opus\dopuslib.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\10i97vl5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cneta&p=
FF - component: c:\program files (x86)\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\10i97vl5.default\extensions\{d249fd00-4df9-11d9-9fdc-0080481ada61}\components\mpint.dll
FF - plugin: c:\program files (x86)\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files (x86)\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\steve\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\10i97vl5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\10i97vl5.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 134024]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2009-4-14 39240]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\astsrv.exe --> c:\windows\system32\ASTSRV.EXE [?]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-5-14 44944]
R2 GPAdjustTimeService;1st Clock Adjust Time Service;c:\program files (x86)\1st clock\1stClockAdjustTimeSvc.exe [2008-12-7 448512]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files (x86)\common files\binarysense\hldasvc.exe [2009-4-24 818840]
R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-9 3580712]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\usb safely remove\USBSRService.exe [2009-8-31 531704]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD64.sys [2008-6-12 432256]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\drivers\CAXHWBS2.sys [2008-6-12 403968]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\drivers\point64k.sys [2008-6-10 36424]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-10-20 183888]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2009-12-21 121424]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-9 18216]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-9-4 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-3-22 93184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 40464]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-8-27 19912]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-8-27 13264]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-9-4 7408]
S4 gupdate1c9908f5bae5f31;Google Update Service (gupdate1c9908f5bae5f31);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-2-16 133104]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-12-26 07:44:35 43008 ----a-w- c:\windows\system32\fpprpm.dll
2009-12-26 07:44:33 0 d-----w- c:\program files\common files\Invention Pilot Shared
2009-12-26 07:44:31 0 d-----w- c:\program files\Form Pilot Pro
2009-12-24 02:13:31 49152 ----a-w- c:\windows\syswow64\StudioBridge.dll
2009-12-23 07:48:32 0 d-----w- C:\HijackThis
2009-12-22 07:30:36 0 d-----w- c:\windows\Logo Design Studio Pro
2009-12-22 07:30:36 0 d-----w- c:\program files (x86)\Summitsoft
2009-12-22 01:32:47 0 d-----w- c:\program files (x86)\DAZ 3D
2009-12-21 07:40:34 121424 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2009-12-17 02:17:19 0 d-----w- c:\program files (x86)\East-Tec Eraser 2010
2009-12-16 01:48:21 0 d-----w- c:\users\steve\appdata\roaming\EAST Technologies
2009-12-14 06:34:39 90112 ----a-w- c:\windows\syswow64\lfjbg13n.dll
2009-12-14 06:34:39 73728 ----a-w- c:\windows\syswow64\lffax13n.dll
2009-12-14 06:34:39 388608 ----a-w- c:\windows\syswow64\lfcmp13n.dll
2009-12-14 06:34:39 246272 ----a-w- c:\windows\syswow64\lfj2k13n.dll
2009-12-14 06:34:39 1693696 ----a-w- c:\windows\syswow64\ltclr13n.dll
2009-12-14 06:34:39 142848 ----a-w- c:\windows\syswow64\lftif13n.dll
2009-12-14 06:34:38 453120 ----a-w- c:\windows\syswow64\ltkrn13n.dll
2009-12-14 06:34:38 445440 ----a-w- c:\windows\syswow64\ltimg13n.dll
2009-12-14 06:34:38 265216 ----a-w- c:\windows\syswow64\ltdis13n.dll
2009-12-14 06:34:38 206848 ----a-w- c:\windows\syswow64\ltefx13n.dll
2009-12-14 06:34:38 189976 ----a-w- c:\windows\syswow64\mfimgvwr.ocx
2009-12-14 06:34:38 154112 ----a-w- c:\windows\syswow64\ltfil13n.dll
2009-12-14 06:34:29 0 d-----w- c:\program files (x86)\MFInstall
2009-12-10 23:46:13 0 d-----w- c:\users\steve\appdata\roaming\TreeCardGames
2009-12-10 23:46:08 0 d-----w- c:\program files (x86)\Sudoku Up
2009-12-10 02:12:11 0 d-----w- c:\program files (x86)\Visual Thesaurus 3
2009-12-08 23:46:09 32768 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 23:46:08 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2009-12-08 23:46:07 610304 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 23:46:06 33792 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:46:06 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2009-12-08 23:44:29 442368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 23:44:29 378368 ----a-w- c:\windows\syswow64\winhttp.dll
2009-12-05 23:20:09 0 d-----w- c:\users\steve\appdata\roaming\Foxit Software
2009-12-02 01:36:09 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-02 01:36:09 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-02 01:36:09 145184 ----a-w- c:\windows\syswow64\java.exe
2009-11-30 07:13:38 4702 ----a-w- c:\windows\system32\fppr
2009-11-30 06:53:02 0 d-----w- c:\users\steve\appdata\roaming\MAXACookie

==================== Find3M ====================

2009-12-26 22:49:01 100908 ----a-w- c:\programdata\nvModes.dat
2009-12-24 23:36:45 1320 ----a-w- c:\users\steve\appdata\roaming\wklnhst.dat
2009-12-21 07:40:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-21 07:40:29 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-21 07:40:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-03 23:13:58 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 06:52:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:46:36 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:46:36 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-11-21 06:40:03 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-11-21 06:38:17 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-11-21 06:35:43 5940736 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-21 06:35:38 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-11-21 06:35:38 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-11-21 06:34:58 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-11-21 06:34:39 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-11-21 06:34:39 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-11-21 06:34:38 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-11-21 06:34:38 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-11-21 06:34:38 11069952 ----a-w- c:\windows\syswow64\ieframe.dll
2009-11-21 06:34:33 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-11-21 05:07:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 04:59:58 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-11-21 04:59:52 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-11-21 04:59:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-10-29 10:00:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 09:41:23 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-10-11 11:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-10-07 19:08:30 260872 ----a-w- c:\windows\system32\PDBoot.exe
2009-10-07 12:57:40 280576 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 12:57:38 295936 ----a-w- c:\windows\system32\raschap.dll
2009-10-07 12:41:32 244224 ----a-w- c:\windows\syswow64\rastls.dll
2009-10-07 12:41:31 281600 ----a-w- c:\windows\syswow64\raschap.dll
2009-10-01 19:26:54 50672 ----a-w- c:\windows\syswow64\KarenWareInet.exe
2008-09-29 02:11:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-06 03:51:54 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-09-06 03:51:54 65536 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-06 03:51:54 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-09 23:51:42 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-01-21 02:47:31 400896 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_4d76c90c0812a431\WinMail.exe
2008-01-21 02:47:31 400896 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_4f62421805346f7d\WinMail.exe

============= FINISH: 19:37:12.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:07 PM

Posted 06 January 2010 - 04:10 PM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log
Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 stevek1948

stevek1948
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 06 January 2010 - 09:17 PM

Hello Elise,

Thank you for your help. Here are the scans:


DDS (Ver_09-12-01.01) - NTFSX64
Run by Steve at 18:55:21.82 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4093.2314 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\MHotKey.exe
C:\Windows\Explorer.EXE
C:\Windows\ChiFuncExt.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Form Pilot Pro\fppragent.exe
C:\Program Files (x86)\ClipMate7\ClipMate.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Weather Watcher\ww.exe
C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files (x86)\AnVir Task Manager Pro\AnVir.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\1st Clock\1stClock.exe
C:\Program Files (x86)\Bookmark Buddy\BmkBuddy.exe
C:\Program Files (x86)\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files (x86)\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Mass Downloader\massdown.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe
C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Vista Start Menu\VistaHookApp.exe
C:\Program Files (x86)\1st Clock\ClockApi64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskeng.exe
C:\program files (x86)\mozilla firefox\firefox.exe
C:\Program Files (x86)\Mass Downloader\LowCookies.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Steve\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
uWindow Title = Steve Kecskes
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files (x86)\techsmith\snagit 8\SnagItBHO.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6d53ec84-6aae-4787-aeee-f4628f01010c} - Symantec Intrusion Prevention
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Bookmark Buddy Helper: {c6ceac32-d45c-11d4-94af-0050babd5fd6} - c:\program files (x86)\bookmark buddy\UrlOrgIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files (x86)\techsmith\snagit 8\SnagItIEAddin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ClipMate7] c:\program files (x86)\clipmate7\ClipMate.exe
uRun: [Sidebar] c:\program files (x86)\windows sidebar\SideBar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WeatherWatcher] c:\program files (x86)\weather watcher\ww.exe
uRun: [Registry Cleaner Scheduler] "c:\program files (x86)\cleanmypc\registry cleaner\RCHelper.exe" /startup
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [AlcoholAutomount] "c:\program files (x86)\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [MSCS] c:\program files (x86)\maxa cookie manager\Cookie.exe /autorun
uRun: [VistaStartMenu] c:\program files (x86)\vista start menu\VistaStartMenu.exe
uRun: [USB Safely Remove] c:\program files (x86)\usb safely remove\USBSafelyRemove.exe /startup
uRun: [AnVir Task Manager Pro] "c:\program files (x86)\anvir task manager pro\AnVir.exe" Minimized
uRun: [RoboForm] "c:\program files (x86)\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Smart Copy] "c:\program files (x86)\ioi\smart copy\ButtonMonitor.exe" -A
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [WinPatrol] "c:\program files (x86)\billp studios\winpatrol\winpatrol.exe" -expressboot
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files (x86)\acronis\trueimagehome\TimounterMonitor.exe
mRun: [PivotSoftware] "c:\program files (x86)\portrait displays\pivot software\wpctrl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Display] c:\program files (x86)\apc\apc powerchute personal edition\DataCollectionLauncher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\1stclo~1.lnk - c:\program files (x86)\1st clock\1stClock.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\bookma~1.lnk - c:\program files (x86)\bookmark buddy\BmkBuddy.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\hddlife.lnk - c:\program files (x86)\binarysense\hddlife 3\HDDlifePro.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - c:\program files (x86)\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\massdo~1.lnk - c:\program files (x86)\mass downloader\massdown.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: + &Mass Downloader: download this file - c:\program files (x86)\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files (x86)\mass downloader\Add_All.htm
IE: Customize Menu - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: Sothink SWF Catcher - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files (x86)\mass downloader\massdown.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files (x86)\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files (x86)\common files\binarysense\hlAPP.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: Directory Opus Shell Execute Hook: {ee761688-c137-4b04-8fab-3c9cdf0886f0} - c:\program files\gpsoftware\directory opus\dopuslib32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
IFEO: taskmgr.exe - "c:\program files (x86)\anvir task manager pro\AnVir.exe"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun-x64: [Form Pilot Pro virtual printer agent] "c:\program files\form pilot pro\fppragent.exe"
SEH-X64: Directory Opus Shell Execute Hook: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - c:\program files\gpsoftware\directory opus\dopuslib.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\10i97vl5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cneta&p=
FF - component: c:\program files (x86)\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\10i97vl5.default\extensions\{d249fd00-4df9-11d9-9fdc-0080481ada61}\components\mpint.dll
FF - plugin: c:\program files (x86)\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files (x86)\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\steve\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\10i97vl5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\10i97vl5.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 134024]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2009-4-14 39240]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\astsrv.exe --> c:\windows\system32\ASTSRV.EXE [?]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-5-14 44944]
R2 GPAdjustTimeService;1st Clock Adjust Time Service;c:\program files (x86)\1st clock\1stClockAdjustTimeSvc.exe [2008-12-7 448512]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files (x86)\common files\binarysense\hldasvc.exe [2009-4-24 818840]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2009-11-5 294880]
R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-9 3580712]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\usb safely remove\USBSRService.exe [2009-8-31 531704]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD64.sys [2008-6-12 432256]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\drivers\CAXHWBS2.sys [2008-6-12 403968]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\drivers\point64k.sys [2008-6-10 36424]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-10-20 183888]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2009-12-21 121424]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-9 18216]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-9-4 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-3-22 93184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 40464]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-8-27 19912]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-8-27 13264]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-9-4 7408]
S4 gupdate1c9908f5bae5f31;Google Update Service (gupdate1c9908f5bae5f31);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-2-16 133104]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-01-01 07:19:18 327168 ----a-w- c:\windows\syswow64\cutil32.dll
2010-01-01 07:19:18 285696 ----a-w- c:\windows\syswow64\cudart.dll
2010-01-01 07:19:18 27136 ----a-w- c:\windows\syswow64\PCWizard.cpl
2010-01-01 07:19:18 0 d-----w- c:\windows\Java
2010-01-01 07:19:05 0 d-----w- c:\program files (x86)\CPUID
2009-12-30 00:23:25 0 d-----w- c:\programdata\Macrium
2009-12-30 00:22:09 0 d-----w- c:\program files\Macrium
2009-12-29 07:36:00 23 --sha-w- c:\windows\system32\edacded0.dat
2009-12-29 07:36:00 23 ----a-w- c:\windows\system32\bcdadac7.xml
2009-12-29 07:35:28 0 d-----w- c:\program files (x86)\jv16 PowerTools 2009
2009-12-29 07:11:45 0 d-----w- c:\program files (x86)\DVDFAST
2009-12-26 07:44:35 43008 ----a-w- c:\windows\system32\fpprpm.dll
2009-12-26 07:44:33 0 d-----w- c:\program files\common files\Invention Pilot Shared
2009-12-26 07:44:31 0 d-----w- c:\program files\Form Pilot Pro
2009-12-24 02:13:31 49152 ----a-w- c:\windows\syswow64\StudioBridge.dll
2009-12-23 07:48:32 0 d-----w- C:\HijackThis
2009-12-22 07:30:36 0 d-----w- c:\windows\Logo Design Studio Pro
2009-12-22 07:30:36 0 d-----w- c:\program files (x86)\Summitsoft
2009-12-22 01:32:47 0 d-----w- c:\program files (x86)\DAZ 3D
2009-12-21 07:40:34 121424 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2009-12-17 02:17:19 0 d-----w- c:\program files (x86)\East-Tec Eraser 2010
2009-12-16 01:48:21 0 d-----w- c:\users\steve\appdata\roaming\EAST Technologies
2009-12-14 06:34:39 90112 ----a-w- c:\windows\syswow64\lfjbg13n.dll
2009-12-14 06:34:39 73728 ----a-w- c:\windows\syswow64\lffax13n.dll
2009-12-14 06:34:39 388608 ----a-w- c:\windows\syswow64\lfcmp13n.dll
2009-12-14 06:34:39 246272 ----a-w- c:\windows\syswow64\lfj2k13n.dll
2009-12-14 06:34:39 1693696 ----a-w- c:\windows\syswow64\ltclr13n.dll
2009-12-14 06:34:39 142848 ----a-w- c:\windows\syswow64\lftif13n.dll
2009-12-14 06:34:38 453120 ----a-w- c:\windows\syswow64\ltkrn13n.dll
2009-12-14 06:34:38 445440 ----a-w- c:\windows\syswow64\ltimg13n.dll
2009-12-14 06:34:38 265216 ----a-w- c:\windows\syswow64\ltdis13n.dll
2009-12-14 06:34:38 206848 ----a-w- c:\windows\syswow64\ltefx13n.dll
2009-12-14 06:34:38 189976 ----a-w- c:\windows\syswow64\mfimgvwr.ocx
2009-12-14 06:34:38 154112 ----a-w- c:\windows\syswow64\ltfil13n.dll
2009-12-14 06:34:29 0 d-----w- c:\program files (x86)\MFInstall
2009-12-10 23:46:13 0 d-----w- c:\users\steve\appdata\roaming\TreeCardGames
2009-12-10 23:46:08 0 d-----w- c:\program files (x86)\Sudoku Up
2009-12-10 02:12:11 0 d-----w- c:\program files (x86)\Visual Thesaurus 3
2009-12-08 23:46:09 32768 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 23:46:08 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2009-12-08 23:46:07 610304 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 23:46:06 33792 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:46:06 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2009-12-08 23:44:29 442368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 23:44:29 378368 ----a-w- c:\windows\syswow64\winhttp.dll

==================== Find3M ====================

2010-01-07 01:41:25 100908 ----a-w- c:\programdata\nvModes.dat
2009-12-24 23:36:45 1320 ----a-w- c:\users\steve\appdata\roaming\wklnhst.dat
2009-12-21 07:40:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-21 07:40:29 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-21 07:40:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-03 23:13:58 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 06:52:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:46:36 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:46:36 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-11-21 06:40:03 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-11-21 06:38:17 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-11-21 06:35:43 5940736 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-21 06:35:38 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-11-21 06:35:38 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-11-21 06:34:58 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-11-21 06:34:39 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-11-21 06:34:39 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-11-21 06:34:38 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-11-21 06:34:38 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-11-21 06:34:38 11069952 ----a-w- c:\windows\syswow64\ieframe.dll
2009-11-21 06:34:33 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-11-21 05:07:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 04:59:58 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-11-21 04:59:52 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-11-21 04:59:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-11-11 22:42:48 38368 ----a-w- c:\windows\system32\drivers\psmounter.sys
2009-10-29 10:00:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 09:41:23 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-10-11 11:17:33 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-10-11 11:17:32 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-10-11 11:17:31 145184 ----a-w- c:\windows\syswow64\java.exe
2009-10-11 11:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2008-09-29 02:11:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-06 03:51:54 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-09-06 03:51:54 65536 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-06 03:51:54 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-09 23:51:42 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-01-21 02:47:31 400896 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_4d76c90c0812a431\WinMail.exe
2008-01-21 02:47:31 400896 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_4f62421805346f7d\WinMail.exe

============= FINISH: 18:56:15.69 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/12/2008 1:00:41 AM
System Uptime: 12/26/2009 3:48:00 PM (4 hours ago)

Motherboard: Gateway | | G33M05G1
Processor: Intel® Core™2 Quad CPU Q9300 @ 2.50GHz | Socket 775 | 2498/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 531 GiB total, 367.985 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 8.012 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 154.258 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP602: 11/29/2009 5:40:13 PM - Scheduled Checkpoint
RP603: 12/1/2009 6:16:12 PM - Scheduled Checkpoint
RP604: 12/1/2009 6:35:22 PM - Installed Java™ 6 Update 17
RP605: 12/2/2009 4:58:07 PM - Scheduled Checkpoint
RP606: 12/3/2009 5:18:58 PM - Scheduled Checkpoint
RP607: 12/4/2009 4:33:05 PM - Scheduled Checkpoint
RP608: 12/5/2009 5:39:51 PM - Scheduled Checkpoint
RP609: 12/6/2009 5:03:16 PM - Scheduled Checkpoint
RP610: 12/7/2009 5:16:41 PM - Scheduled Checkpoint
RP611: 12/8/2009 4:45:43 PM - Windows Update
RP612: 12/9/2009 6:34:49 PM - Scheduled Checkpoint
RP613: 12/10/2009 6:12:29 PM - Scheduled Checkpoint
RP614: 12/11/2009 5:10:27 PM - Scheduled Checkpoint
RP615: 12/12/2009 6:16:13 PM - Scheduled Checkpoint
RP616: 12/13/2009 5:40:27 PM - Scheduled Checkpoint
RP617: 12/14/2009 6:17:51 PM - Scheduled Checkpoint
RP618: 12/15/2009 5:06:54 PM - Scheduled Checkpoint
RP619: 12/16/2009 5:18:40 PM - Scheduled Checkpoint
RP620: 12/17/2009 2:06:32 PM - Scheduled Checkpoint
RP621: 12/18/2009 5:12:19 PM - Scheduled Checkpoint
RP622: 12/19/2009 8:18:57 PM - Scheduled Checkpoint
RP623: 12/20/2009 6:43:26 PM - Scheduled Checkpoint
RP624: 12/21/2009 12:40:13 AM - Device Driver Package Install: High Criteria Sound, video and game controllers
RP625: 12/21/2009 6:38:31 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP626: 12/22/2009 5:05:25 PM - Scheduled Checkpoint
RP627: 12/23/2009 6:22:03 PM - Scheduled Checkpoint
RP628: 12/24/2009 8:20:33 PM - Scheduled Checkpoint
RP629: 12/25/2009 8:36:42 PM - Scheduled Checkpoint
RP630: 12/26/2009 7:29:32 PM - Scheduled Checkpoint

==== Installed Programs ======================

1st Clock 4.0 (Full)
3D Text Commander 2.0 by Insofta Development
ABC Amber Barca Converter
Ace Pro Screensaver Creator
Acronis True Image Home
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 8.1.7
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
Advanced Uninstaller PRO - Version 9
AI RoboForm (All Users)
AKVIS Sketch
Alien Skin Bokeh
Alien Skin Image Doctor 2
Alien Skin Snap Art
AllMedia Grabber
AnVir Task Manager Pro
APC PowerChute Personal Edition v2.2
Apophysis 2.0
Apple Software Update
ArtRage 2
AV Bros. Page Curl Pro 2.2 (Remove Only)
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
Axialis IconWorkshop 6.0
B/W Styler 1.02
Barca 2.8 (Build 4400)
BenVista PhotoZoom Pro 2.3.4
Bookmark Buddy
BrainsBreaker 4.9(307b)
Bryce 6.3
Bryce 6.3 Content
Bryce Lightning 6.3
Camtasia Studio 5
Chessmaster 10th Edition
CHM Editor
CleanMyPC - Registry Cleaner
ClipMate 7
Color Picker Pro 1.0
ColorPic
ColorSchemer Studio 2
Compatibility Pack for the 2007 Office system
Connect
Convert
Cookie Monster
Curvy 3D 1.5
Daniusoft Media Converter Pro(Build 2.4.1.0)
DAZ|Studio 1.4.16.0
do-Organizer 3.1
Driver Magician 3.4
Duplicate File Detective 3
Dynamic-Photo HDR 3.44
East-Tec Eraser 2010 Version 9.6
EclipseCrossword
Edraw Max 4
EMCO UnLock IT
EULAlyzer 2.0
Extreme Picture Finder 3.10
ffdshow [rev 1723] [2007-12-24]
FileZilla Client 3.2.2.1
Flash Renamer 6.1
Folder Lock
FolderSizes 4
FormatFactory
FormatFactory 2.00
FotoSketcher - Version 1.9
Foxit Reader
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Gateway Recovery Center Installer
GearDrvs
Genuine Fractals 6.0.2 Professional Edition
Glary Utilities Pro 2.9.0.518
Gold Wave Editor Pro v10.2.2
Google Chrome
Google Earth
Google Update Helper
Google Updater
GPSoftware Directory Opus
Gravity Version 2.8.1
Harry's Filters 3
HDDlife Pro 3.1
Help Workshop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTML Help Workshop
Hyper Shutdown 2.2
Image Comparer v3.7
Image Mender 1.1
Index.dat Analyzer v2.5
indii.org/tintii
Inpaint
Internet RadioFan 1.3.0
IrfanView (remove only)
Java™ 6 Update 17
Java™ 6 Update 5
Java™ 6 Update 7
JGsoft EditPad Pro 5 v.5.4.5
Karen's 'Net Monitor
Karen's LAN Monitor
Karen's Version Browser
KB0817 Keyboard Driver
kuler
Kyodai Mahjongg 2006 v1.42
LabelPrint
LameACM
Liquid Story Binder XE 3.71
Logo Design Studio Pro
Mailbag Assistant (Remove only)
MailWasher Pro
MainType 2.1.1
Malwarebytes' Anti-Malware
Mani II Screen Saver
Mask Pro 4.1
Mavis Beacon Teaches Typing Platinum 20
MAXA Cookie Manager Pro 4.0
Merriam-Webster 3.0
MetaProducts Mass Downloader
MFZ0 codec (Remove Only)
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Run Time Lib Setup
Microsoft Word 2002
Microsoft Works
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Moffsoft Calculator 2
Morpheus Photo Animation Suite v3.10
MotionArtist 3.0
Moyea YouTube FLV Downloader version: 2.0.6.0
Mozilla Firefox (3.5.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyConnection PC
NEF Codec
Noiseware Professional Edition
Noiseware Professional Plug-in
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
odf-converter-integrator
OpenOffice.org 3.0
Partition Wizard Home Edition 4.0
PC Wizard 2008.1.871
PDF Settings
PhotoFrame 3.1
Photomatix Pro version 3.1.3
Photoshop Camera Raw
PixelToolbox 1.1
Pixie 3.1 (remove only)
Power2Go 5.0
Project Dogwaffle Professional
Punch! Home Design - AS4000
QuickTime Alternative 2.8.0
Readiris Pro 11
Real Alternative 1.9.0 Lite
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recover My Files
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
ShiftN 3.5
Smart Copy 3.0.5.8
Smart Defrag 1.11
SnagIt 8
SolSuite 2009 v9.11
SolSuite Graphics Pack Volume 1 - v1.25
SolSuite Graphics Pack Volume 2 - v2.15
Sothink FLV Player
Sothink JWScroller
Sothink SWF Decompiler
Sothink SWF Quicker
Sothink SWF to Video Converter
Sothink Tree Menu
Sothink Video Encoder for Adobe Flash
Sothink Web Video Downloader
SpeedCrunch 0.10
Spyware Terminator
SpywareBlaster 4.2
Starry Night Pro 4.5
Sudoku Up 2009 v3.0
Suite Shared Configuration CS4
Super Flexible File Synchronizer v3.77
SUPERAntiSpyware Professional
SWF & FLV Toolbox 3.5 (build 3.5.23.412)
SWiSH Max2
SWiSH Max3
The 'Jongg DVD
The 'Jongg DVD - Additional Music
The Jongg DVD - Additional Tilesets
Topaz Adjust 3
Topaz Detail
Total Privacy 5
Total Recorder 8.0
uMark Professional 1.3
Uninstall DreamSuite Bonus
Uninstall Mystical
Uninstall MysticalTTC
Uninstall Tool
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Safely Remove 4.2
Vista Start Menu 3.4
Visual Thesaurus 3.0.3
Viveza
Vizros Plug-ins 4.1
Vue 5 Esprit
Wacom Tablet
Water Illusion Screensaver
Watermark Factory 2
WD Diagnostics
Weather Watcher
Winamp
Windows 7 Upgrade Advisor
WinPatrol 2009
WinPcap 4.0.2
WinRAR archiver
Wire Pilot Lite 3.0.4
Wireshark 1.0.7
Wondershare Flash Gallery Factory 4.7.1
Wondershare Movie Story GAOTD Edition 4.5.0
Wondershare Photo Story Platinum (2.8.0)
Wondershare Video Converter Platinum(Build 4.2.0.56)
Works Suite OS Pack
Zoner GIF Animator 5

==== Event Viewer Messages From Past Week ========

12/20/2009 7:04:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
12/20/2009 5:02:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
12/20/2009 4:17:49 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001FE204B79D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/19/2009 7:18:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001FE204B79D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/19/2009 7:16:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL SASDIFSV SASKUTIL
12/19/2009 7:16:08 PM, Error: Service Control Manager [7000] - The Parallels Networking Driver service failed to start due to the following error: The system cannot find the file specified.
12/19/2009 7:14:29 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/19/2009 7:14:29 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 19:11:39
Windows 6.0.6001 Service Pack 1
Running: c92dp2r6.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D40B273-D3CB-CE40-DA92-3F9DEE2521B6}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D40B273-D3CB-CE40-DA92-3F9DEE2521B6}@maejhdnkcbodokdjkopafldpef 0x6A 0x61 0x64 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D40B273-D3CB-CE40-DA92-3F9DEE2521B6}@nagibfggddcplplibkamiapaifgl 0x6A 0x61 0x63 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97B16B80-7DEE-701B-6E07-89880FD2AFA4}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97B16B80-7DEE-701B-6E07-89880FD2AFA4}@jadbabjbekiahephalen 0x62 0x61 0x63 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97B16B80-7DEE-701B-6E07-89880FD2AFA4}@jadbabjbekiahephalan 0x62 0x61 0x63 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97B16B80-7DEE-701B-6E07-89880FD2AFA4}@iadombfnejogngfpid 0x6B 0x61 0x6B 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97B16B80-7DEE-701B-6E07-89880FD2AFA4}@hanoopmodmfnncfj 0x6B 0x61 0x6B 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97B16B80-7DEE-701B-6E07-89880FD2AFA4}@hahbeamgppmbndll 0x70 0x61 0x69 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97B16B80-7DEE-701B-6E07-89880FD2AFA4}@jainbbinjeanpaclojgd 0x64 0x62 0x69 0x6E ...

---- EOF - GMER 1.0.15 ----

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:07 PM

Posted 07 January 2010 - 04:08 AM

Hello stevek1948,

I notice the presence of CleanMyPC Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • MBAM log
  • OTL report

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 stevek1948

stevek1948
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 07 January 2010 - 08:55 PM

Hello,

Again, thank you for your help. I am posting my malwarebytes and OTL texts.

Regards


Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

1/7/2010 6:15:55 PM
mbam-log-2010-01-07 (18-15-55).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 498309
Time elapsed: 1 hour(s), 11 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 1/7/2010 6:20:28 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 38.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 530.95 Gb Total Space | 439.74 Gb Free Space | 82.82% Space Free | Partition Type: NTFS
Drive D: | 15.56 Gb Total Space | 8.01 Gb Free Space | 51.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 113.31 Gb Free Space | 24.33% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/04 01:03:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2010/01/03 19:51:10 | 02,455,552 | ---- | M] (OrdinarySoft) -- C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe
PRC - [2010/01/03 16:31:04 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/12/05 01:54:22 | 03,237,600 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager Pro\AnVir.exe
PRC - [2009/12/03 19:06:22 | 01,401,096 | ---- | M] (CleanMyPC Software) -- C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
PRC - [2009/12/02 14:37:10 | 02,034,624 | ---- | M] (MetaProducts corp.) -- C:\Program Files (x86)\Mass Downloader\massdown.exe
PRC - [2009/12/02 14:37:10 | 00,022,464 | ---- | M] () -- C:\Program Files (x86)\Mass Downloader\lowcookies.exe
PRC - [2009/11/19 13:42:08 | 00,966,656 | ---- | M] (MAXA Research Int'l Inc.) -- C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
PRC - [2009/10/27 22:04:04 | 01,513,744 | ---- | M] () -- C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/10/10 14:07:08 | 00,320,832 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/07/22 12:58:18 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
PRC - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/06/18 10:32:26 | 19,121,072 | ---- | M] (Firetrust Ltd) -- C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/05/05 11:44:34 | 01,060,864 | ---- | M] (Edward Leigh) -- C:\Program Files (x86)\Bookmark Buddy\BmkBuddy.exe
PRC - [2009/04/24 16:10:52 | 02,252,440 | ---- | M] (BinarySense, Inc.) -- C:\Program Files (x86)\BinarySense\HDDlife 3\HDDlifePro.exe
PRC - [2009/04/24 16:03:32 | 00,818,840 | ---- | M] (BinarySense, Inc.) -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
PRC - [2009/01/31 10:00:40 | 03,760,424 | ---- | M] (Thornsoft Development, Inc.) -- C:\Program Files (x86)\ClipMate7\ClipMate.exe
PRC - [2009/01/20 23:45:00 | 00,960,536 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/20 23:34:36 | 00,377,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/20 23:06:10 | 04,359,280 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/01/06 23:25:02 | 00,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2008/10/08 19:54:49 | 00,570,880 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
PRC - [2008/05/30 10:50:28 | 00,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 17:05:16 | 00,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 11:04:50 | 00,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2008/01/20 19:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2007/11/11 02:37:30 | 02,842,624 | ---- | M] (Green Parrots Software) -- C:\Program Files (x86)\1st Clock\1stClock.exe
PRC - [2007/11/11 02:37:26 | 00,448,512 | ---- | M] (Green Parrots Software) -- C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe
PRC - [2007/08/07 11:22:18 | 00,073,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/05/12 10:23:30 | 01,036,288 | ---- | M] (Singer's Creations) -- C:\Program Files (x86)\Weather Watcher\ww.exe
PRC - [2007/02/09 12:17:30 | 00,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 00,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2007/01/08 14:51:56 | 00,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe
PRC - [2006/11/02 08:04:16 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe


========== Modules (SafeList) ==========

MOD - [2010/01/04 01:03:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
MOD - [2008/04/25 10:31:13 | 00,062,776 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2008/01/20 19:52:09 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/20 19:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/02/09 12:16:08 | 00,245,760 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/05 12:59:44 | 00,294,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2009/10/07 12:08:14 | 01,486,088 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2009/10/07 12:08:10 | 01,503,496 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/05/14 15:54:26 | 00,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2008/10/10 12:07:00 | 03,580,712 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2008/03/16 06:37:32 | 00,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 19:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/10/27 22:04:08 | 00,531,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2009/09/23 16:37:30 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/22 12:58:18 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (ASTSRV)
SRV - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/04/24 16:03:32 | 00,818,840 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
SRV - [2009/02/20 20:47:49 | 00,182,768 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/16 16:36:07 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9908f5bae5f31) Google Update Service (gupdate1c9908f5bae5f31)
SRV - [2009/01/20 23:37:46 | 00,828,856 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/01/06 23:25:02 | 00,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2008/10/21 16:12:57 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/08 19:54:49 | 00,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2008/07/27 11:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/11/11 02:37:26 | 00,448,512 | ---- | M] (Green Parrots Software) [Auto | Running] -- C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe -- (GPAdjustTimeService)
SRV - [2007/08/07 11:22:18 | 00,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/05/28 09:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 06:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/20 18:00:12 | 00,121,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)
DRV:64bit: - [2009/10/20 18:00:06 | 00,183,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec7.sys -- (TotRec7)
DRV:64bit: - [2009/08/20 11:11:38 | 00,101,904 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2009/07/19 11:05:48 | 00,019,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2009/07/19 11:05:46 | 00,013,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2009/05/14 15:49:54 | 00,044,944 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/05/14 15:49:50 | 00,033,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/05/14 15:49:48 | 00,165,960 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfw.sys -- (epfw)
DRV:64bit: - [2009/05/14 15:47:16 | 00,134,024 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 15:41:14 | 00,142,776 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:64bit: - [2009/05/09 01:14:20 | 00,015,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/25 23:52:59 | 00,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/04/14 12:30:28 | 00,039,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\nm3.sys -- (nm3)
DRV:64bit: - [2009/02/13 17:46:16 | 01,581,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV:64bit: - [2009/02/13 17:45:40 | 00,880,160 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/02/13 17:45:38 | 00,237,600 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV:64bit: - [2008/11/11 22:52:33 | 00,083,488 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2008/10/06 11:53:26 | 00,018,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/07/11 11:16:50 | 00,015,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/06/10 13:04:28 | 00,036,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2008/06/05 19:21:44 | 00,066,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/04/17 13:12:54 | 00,019,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/03/16 06:48:25 | 00,324,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/03/16 06:37:38 | 01,513,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/16 06:37:37 | 00,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/16 06:37:37 | 00,403,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/03/16 06:37:34 | 00,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/03/16 06:37:32 | 00,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/01/20 19:47:27 | 00,214,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 19:46:55 | 00,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 19:46:51 | 00,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2008/01/20 19:46:51 | 00,017,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/11/06 13:23:14 | 00,040,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2007/04/10 01:51:10 | 00,432,256 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer88xHD64.sys -- (AVer88xHD)
DRV:64bit: - [2007/02/16 11:12:36 | 00,012,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 16:11:26 | 00,012,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006/11/16 17:26:44 | 00,019,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2006/11/02 00:48:50 | 02,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/11/01 22:28:10 | 00,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/06 19:13:22 | 00,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2009/09/04 14:50:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/04 14:50:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/04 14:49:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/17 00:06:48 | 00,197,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\WinVd32.sys -- (WinVd32)
DRV - [2009/06/17 00:06:45 | 00,021,888 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysWOW64\WinFLdrv.sys -- (WinFLdrv)
DRV - [2008/03/16 06:37:35 | 00,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
DRV - [2006/09/18 14:36:40 | 00,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 00,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...M=FX4710-UB802A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...M=FX4710-UB802A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...M=FX4710-UB802A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...M=FX4710-UB802A


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...M=FX4710-UB802A
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...M=FX4710-UB802A
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...M=FX4710-UB802A
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...M=FX4710-UB802A
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...M=FX4710-UB802A
IE - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\S-1-5-21-1766746167-4257547100-2808806850-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\S-1-5-21-1766746167-4257547100-2808806850-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-cneta&type=rapidtyping_10666000"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-cneta&type=rapidtyping_10666000"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.20.0
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.6.1
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: maxacookie@maxatools.com:3.5.1
FF - prefs.js..extensions.enabledItems: {D249FD00-4DF9-11D9-9FDC-0080481ADA61}:1.2.4
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.6
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-cneta&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2008/09/28 23:53:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\program files (x86)\Mozilla Firefox\components [2009/12/16 23:44:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\program files (x86)\Mozilla Firefox\plugins [2009/12/16 23:44:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/09/15 18:19:56 | 00,000,000 | ---D | M]

[2008/09/28 19:52:53 | 00,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/01/07 18:17:24 | 00,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions
[2009/03/15 23:43:09 | 00,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/11/10 18:53:30 | 00,000,000 | ---D | M] (FEBE) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/12/10 23:43:42 | 00,000,000 | ---D | M] (ScrapBook) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/09/27 23:40:22 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/07/14 23:00:46 | 00,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2009/01/27 23:32:36 | 00,000,000 | ---D | M] (CookieSafe) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
[2009/11/05 00:08:52 | 00,000,000 | ---D | M] (WOT) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/09 23:13:03 | 00,000,000 | ---D | M] (DictionarySearch) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2009/12/04 00:59:23 | 00,000,000 | ---D | M] (gTranslate) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/01/07 18:17:20 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/22 18:56:42 | 00,000,000 | ---D | M] (MetaProducts Integration) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
[2009/10/28 22:43:33 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/13 23:38:03 | 00,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\extensions\support@ancestry.com
[2009/11/23 00:35:27 | 00,002,172 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\searchplugins\bing.xml
[2009/07/05 23:45:08 | 00,002,198 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\10i97vl5.default\searchplugins\wolfram-alpha.xml
[2010/01/07 18:17:24 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/06/30 13:44:08 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2009/11/15 16:47:07 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Bookmark Buddy Helper) - {C6CEAC32-D45C-11D4-94AF-0050BABD5FD6} - C:\Program Files (x86)\Bookmark Buddy\urlorgIE.dll (Edward Leigh)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Form Pilot Pro virtual printer agent] C:\Program Files\Form Pilot Pro\fppragent.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [AnVir Task Manager Pro] C:\Program Files (x86)\AnVir Task Manager Pro\AnVir.exe (AnVir Software)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [ClipMate7] C:\Program Files (x86)\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [MSCS] C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe (MAXA Research Int'l Inc.)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [Registry Cleaner Scheduler] C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\SideBar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe ()
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000..\Run: [WeatherWatcher] C:\Program Files (x86)\Weather Watcher\ww.exe (Singer's Creations)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk = C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy.lnk = C:\Program Files (x86)\Bookmark Buddy\BmkBuddy.exe (Edward Leigh)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk = C:\Program Files (x86)\BinarySense\HDDlife 3\HDDlifePro.exe (BinarySense, Inc.)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mass Downloader.lnk = C:\Program Files (x86)\Mass Downloader\massdown.exe (MetaProducts corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O8:64bit: - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files (x86)\Mass Downloader\add_url.htm ()
O8:64bit: - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files (x86)\Mass Downloader\add_all.htm ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files (x86)\Mass Downloader\add_url.htm ()
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files (x86)\Mass Downloader\add_all.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files (x86)\Mass Downloader\massdown.exe (MetaProducts corp.)
O9 - Extra 'Tools' menuitem : &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files (x86)\Mass Downloader\massdown.exe (MetaProducts corp.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1766746167-4257547100-2808806850-1000\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files (x86)\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\Program Files (x86)\AnVir Task Manager Pro\AnVir.exe" (AnVir Software)
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/16 07:49:12 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/09/28 01:13:11 | 00,000,000 | ---D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 00,000,036 | -H-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{82926872-94f6-11de-b605-001fe204b79d}\Shell - "" = AutoRun
O33 - MountPoints2\{82926872-94f6-11de-b605-001fe204b79d}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/07 16:17:31 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup.exe
[2010/01/07 16:15:51 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/01/07 16:14:53 | 00,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Mal Results
[2010/01/06 19:20:29 | 00,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\NetStat Agent
[2010/01/06 19:20:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Flexbyte Software
[2010/01/06 19:19:43 | 02,162,698 | ---- | C] (Flexbyte Software ) -- C:\Users\Steve\Desktop\netagent-setup-302.exe
[2010/01/05 23:24:20 | 17,137,528 | ---- | C] (TreeCardGames.com ) -- C:\Users\Steve\Desktop\solsuite2010_v100_setup.exe
[2010/01/01 00:19:18 | 00,285,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\cudart.dll
[2010/01/01 00:19:18 | 00,027,136 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl
[2010/01/01 00:19:18 | 00,000,000 | ---D | C] -- C:\Windows\Java
[2010/01/01 00:19:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CPUID
[2009/12/29 19:01:38 | 00,000,000 | ---D | C] -- C:\Users\Steve\Documents\Reflect
[2009/12/29 17:23:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2009/12/29 17:22:09 | 00,000,000 | ---D | C] -- C:\Program Files\Macrium
[2009/12/29 00:35:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2009
[2009/12/29 00:11:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFAST
[2009/12/28 00:44:14 | 05,359,048 | ---- | C] (Foxit Software) -- C:\Users\Steve\Desktop\FoxitReader31_enu_Setup_091125.exe
[2009/12/26 00:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Invention Pilot Shared
[2009/12/26 00:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Form Pilot Pro
[2009/12/23 19:13:31 | 00,049,152 | ---- | C] (DAZ 3D, Inc) -- C:\Windows\SysWow64\StudioBridge.dll
[2009/12/23 00:48:32 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/12/22 00:34:08 | 00,000,000 | ---D | C] -- C:\Users\Steve\Documents\My Logo Design Studio Pro Projects
[2009/12/22 00:32:30 | 00,000,000 | ---D | C] -- C:\Users\Steve\Documents\My Logo Design Studio Projects
[2009/12/22 00:30:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Summitsoft
[2009/12/22 00:30:36 | 00,000,000 | ---D | C] -- C:\Windows\Logo Design Studio Pro
[2009/12/21 18:32:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2009/12/16 19:17:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\East-Tec Eraser 2010
[2009/12/15 18:48:21 | 00,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\EAST Technologies
[2009/12/13 23:34:39 | 01,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltclr13n.dll
[2009/12/13 23:34:39 | 00,388,608 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfcmp13n.dll
[2009/12/13 23:34:39 | 00,246,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfj2k13n.dll
[2009/12/13 23:34:39 | 00,142,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lftif13n.dll
[2009/12/13 23:34:39 | 00,090,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfjbg13n.dll
[2009/12/13 23:34:39 | 00,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lffax13n.dll
[2009/12/13 23:34:38 | 00,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltkrn13n.dll
[2009/12/13 23:34:38 | 00,445,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltimg13n.dll
[2009/12/13 23:34:38 | 00,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltdis13n.dll
[2009/12/13 23:34:38 | 00,206,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltefx13n.dll
[2009/12/13 23:34:38 | 00,189,976 | ---- | C] (MyFamily.com, Inc.) -- C:\Windows\SysWow64\mfimgvwr.ocx
[2009/12/13 23:34:38 | 00,154,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltfil13n.dll
[2009/12/13 23:34:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MFInstall
[2009/12/10 16:46:13 | 00,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\TreeCardGames
[2009/12/10 16:46:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sudoku Up
[2009/12/09 19:12:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Thesaurus 3

========== Files - Modified Within 30 Days ==========

[2010/01/07 22:15:50 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup.exe
[2010/01/07 18:22:43 | 09,175,040 | ---- | M] () -- C:\Users\Steve\NTUSER.DAT
[2010/01/07 18:01:09 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 18:01:09 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 16:18:11 | 00,000,819 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/07 16:01:51 | 00,001,018 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk
[2010/01/07 16:01:32 | 00,100,908 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/07 16:01:29 | 00,100,908 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/07 16:01:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/07 16:01:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/07 16:01:06 | 42,930,58560 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 00:51:54 | 00,524,288 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{884c34a3-2ad7-11de-b09a-001fe204b79d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 00:51:54 | 00,065,536 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{884c34a3-2ad7-11de-b09a-001fe204b79d}.TM.blf
[2010/01/07 00:51:52 | 03,364,370 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/01/07 00:34:52 | 00,018,432 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/06 17:27:12 | 02,162,698 | ---- | M] (Flexbyte Software ) -- C:\Users\Steve\Desktop\netagent-setup-302.exe
[2010/01/05 23:25:39 | 00,000,753 | ---- | M] () -- C:\Users\Public\Desktop\SolSuite.lnk
[2010/01/05 19:21:48 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/05 19:21:48 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/05 19:21:48 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/04 01:03:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/01/03 00:39:34 | 00,000,090 | ---- | M] () -- C:\Users\Steve\Desktop\Paul Thurrott's SuperSite for Windows Clean Install Windows 7 with Upgrade Media.URL
[2010/01/01 19:01:11 | 00,000,072 | ---- | M] () -- C:\Users\Steve\Desktop\Sitemap-Tips4pc.com offers free computer education and tips.URL
[2009/12/31 00:43:26 | 56,855,2501 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/29 18:56:39 | 00,002,547 | ---- | M] () -- C:\Users\Steve\Desktop\Macrium Reflect.lnk
[2009/12/29 00:36:00 | 00,000,023 | -HS- | M] () -- C:\Windows\SysNative\edacded0.dat
[2009/12/29 00:36:00 | 00,000,023 | ---- | M] () -- C:\Windows\SysNative\bcdadac7.xml
[2009/12/26 01:01:12 | 00,000,590 | ---- | M] () -- C:\Windows\win.ini
[2009/12/26 00:44:35 | 00,000,823 | ---- | M] () -- C:\Users\Steve\Desktop\Form Pilot Pro.lnk
[2009/12/24 16:36:45 | 00,001,320 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\wklnhst.dat
[2009/12/24 16:05:17 | 00,002,579 | ---- | M] () -- C:\Users\Steve\Desktop\Word.lnk
[2009/12/24 14:38:56 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/23 00:50:08 | 00,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2009/12/22 15:39:08 | 02,336,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/12/22 00:34:10 | 00,128,560 | ---- | M] () -- C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/17 14:13:40 | 00,017,634 | ---- | M] () -- C:\Users\Steve\Documents\Death.odt
[2009/12/14 13:57:03 | 00,049,152 | ---- | M] (DAZ 3D, Inc) -- C:\Windows\SysWow64\StudioBridge.dll
[2009/12/10 16:46:11 | 00,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Sudoku Up.lnk
[2009/12/09 05:33:54 | 17,137,528 | ---- | M] (TreeCardGames.com ) -- C:\Users\Steve\Desktop\solsuite2010_v100_setup.exe

========== Files Created - No Company Name ==========

[2010/01/07 16:18:11 | 00,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:48:01 | 42,930,58560 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/05 00:20:29 | 01,339,288 | ---- | C] () -- C:\Users\Steve\Desktop\sar_15_sfx.exe
[2010/01/03 00:39:34 | 00,000,090 | ---- | C] () -- C:\Users\Steve\Desktop\Paul Thurrott's SuperSite for Windows Clean Install Windows 7 with Upgrade Media.URL
[2010/01/01 19:01:11 | 00,000,072 | ---- | C] () -- C:\Users\Steve\Desktop\Sitemap-Tips4pc.com offers free computer education and tips.URL
[2010/01/01 00:19:18 | 00,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009/12/29 17:22:10 | 00,002,547 | ---- | C] () -- C:\Users\Steve\Desktop\Macrium Reflect.lnk
[2009/12/29 00:36:00 | 00,000,023 | -HS- | C] () -- C:\Windows\SysNative\edacded0.dat
[2009/12/29 00:36:00 | 00,000,023 | ---- | C] () -- C:\Windows\SysNative\bcdadac7.xml
[2009/12/26 00:44:35 | 00,043,008 | ---- | C] () -- C:\Windows\SysNative\fpprpm.dll
[2009/12/26 00:44:35 | 00,000,823 | ---- | C] () -- C:\Users\Steve\Desktop\Form Pilot Pro.lnk
[2009/12/24 14:38:56 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/23 00:50:08 | 00,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2009/12/21 00:40:34 | 00,121,424 | ---- | C] () -- C:\Windows\SysNative\drivers\TotRec8.sys
[2009/12/16 23:56:06 | 00,017,634 | ---- | C] () -- C:\Users\Steve\Documents\Death.odt
[2009/12/10 16:46:11 | 00,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Sudoku Up.lnk
[2009/08/12 00:38:17 | 00,001,099 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\ShiftN.ini
[2009/08/10 11:21:02 | 06,451,712 | ---- | C] () -- C:\Windows\SysWow64\tlidetail10.dll
[2009/07/29 17:55:30 | 00,100,908 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/29 17:55:28 | 00,100,908 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/28 15:30:09 | 00,522,732 | ---- | C] () -- C:\Users\Steve\AppData\Local\dd_ATL80SP1_KB973923MSI3197.txt
[2009/07/28 15:30:09 | 00,011,736 | ---- | C] () -- C:\Users\Steve\AppData\Local\dd_ATL80SP1_KB973923UI3197.txt
[2009/07/28 15:29:50 | 00,522,438 | ---- | C] () -- C:\Users\Steve\AppData\Local\dd_ATL80SP1_KB973923MSI3159.txt
[2009/07/28 15:29:50 | 00,011,752 | ---- | C] () -- C:\Users\Steve\AppData\Local\dd_ATL80SP1_KB973923UI3159.txt
[2009/07/20 18:20:31 | 00,000,020 | ---- | C] () -- C:\Windows\SWISHM~1.INI
[2009/07/16 00:07:44 | 00,000,073 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2009/06/17 00:06:48 | 00,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2009/06/17 00:06:45 | 00,021,888 | ---- | C] () -- C:\Windows\SysWow64\WinFLdrv.sys
[2009/05/20 00:06:41 | 00,000,045 | ---- | C] () -- C:\Windows\SWFConverter.INI
[2009/05/20 00:06:38 | 00,135,168 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/04/03 14:10:04 | 07,262,208 | ---- | C] () -- C:\Windows\SysWow64\tliadjust32.dll
[2009/03/31 16:04:21 | 00,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/03/31 16:04:21 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/03/23 00:28:38 | 00,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2009/01/04 00:14:32 | 00,028,160 | ---- | C] () -- C:\Windows\SysWow64\fpopmd.dll
[2008/10/31 16:36:55 | 00,000,145 | ---- | C] () -- C:\Windows\StarryNight.ini
[2008/10/30 19:56:00 | 00,000,065 | ---- | C] () -- C:\Windows\SysWow64\oeminfo.ini
[2008/10/30 16:43:11 | 00,000,141 | ---- | C] () -- C:\Windows\SysWow64\09wutili.sys
[2008/10/16 22:33:39 | 00,000,150 | ---- | C] () -- C:\Windows\Readiris.ini
[2008/10/08 19:54:49 | 00,141,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/10/06 19:49:08 | 00,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2008/10/06 18:29:13 | 00,208,896 | ---- | C] () -- C:\Windows\SysWow64\medpdll.dll
[2008/10/04 19:38:00 | 00,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2008/10/02 17:49:33 | 00,018,432 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/29 18:05:58 | 00,003,690 | ---- | C] () -- C:\Windows\jzzk_n.ini
[2008/09/29 13:23:54 | 00,001,320 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\wklnhst.dat
[2008/09/29 13:21:37 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/12 01:09:45 | 00,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2008/06/12 01:09:45 | 00,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/01/20 19:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/06 13:19:28 | 00,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2003/10/06 01:21:31 | 00,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
[2002/11/19 21:25:16 | 00,001,446 | ---- | C] () -- C:\Windows\WaterIllusion.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 969 bytes -> C:\Users\Steve\Documents\SolSuite - Solitaire Card Games Suite1 - Support.eml:OECustomProperty
@Alternate Data Stream - 969 bytes -> C:\Users\Steve\Documents\SolSuite - Solitaire Card Games Suite - Support.eml:OECustomProperty
@Alternate Data Stream - 881 bytes -> C:\Users\Steve\Documents\RE Fineprint 64 Bit for Vista1.eml:OECustomProperty
@Alternate Data Stream - 881 bytes -> C:\Users\Steve\Documents\RE Fineprint 64 Bit for Vista.eml:OECustomProperty
@Alternate Data Stream - 837 bytes -> C:\Users\Steve\Documents\Your key request from TechSmith.eml:OECustomProperty
@Alternate Data Stream - 421 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 240 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:2BE9FEFC
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:44807EFA
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:76C85903
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:D2F2F703
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:C265C458
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:D00F0074
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:867C1254
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:335CB24A
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:408F95E5
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:B0D4D817
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:C97C8631
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:8D49B91E
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DCE70D73
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:E965A533
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BFE23423
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:054B9966
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >


OTL Extras logfile created on: 1/7/2010 6:20:28 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 38.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 530.95 Gb Total Space | 439.74 Gb Free Space | 82.82% Space Free | Partition Type: NTFS
Drive D: | 15.56 Gb Total Space | 8.01 Gb Free Space | 51.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 113.31 Gb Free Space | 24.33% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_USERS\S-1-5-21-1766746167-4257547100-2808806850-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\program files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\program files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\program files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Search with Duplicate File Detective] -- "C:\Program Files (x86)\Key Metric Software\Duplicate File Detective 3\DFD.exe" "%L" (Key Metric Software, LLC.)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\program files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\program files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Search with Duplicate File Detective] -- "C:\Program Files (x86)\Key Metric Software\Duplicate File Detective 3\DFD.exe" "%L" (Key Metric Software, LLC.)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1766746167-4257547100-2808806850-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13B12723-4EB0-4EEE-8AB9-03FCDE9EBF9E}" = rport=138 | protocol=17 | dir=out | app=system |
"{30C0DEA1-0949-48EA-8C80-8F31C7F29393}" = rport=139 | protocol=6 | dir=out | app=system |
"{51B44C01-EB53-458D-9DB2-E37CA73DCAF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98579E54-BBBE-4B1D-8FC0-224D58975553}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D6593B2-7883-4821-BDE3-81B522BC6634}" = lport=139 | protocol=6 | dir=in | app=system |
"{B39CABF5-79BC-440C-B1DD-8B86351C8B02}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3439917-A8A9-46E4-9423-48566AB9A947}" = lport=137 | protocol=17 | dir=in | app=system |
"{CAA9EF6C-2876-419B-BBE7-855B4AB0177D}" = rport=445 | protocol=6 | dir=out | app=system |
"{CF63A3CF-97E9-4CCC-B68A-5C2DD74B1FDC}" = rport=137 | protocol=17 | dir=out | app=system |
"{D1A8069E-9FD6-43D2-AD7C-E72A4A243C2B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E634907F-B833-4815-9016-DEC7C7294687}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C12F477-66BE-4054-9B6D-6CCB819CF523}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B241B35-1086-4ABA-9C98-1053AE70179A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3ABC3BAE-9BD0-4A19-922D-F29AE5D2EF02}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4D8DD88E-7EBF-44EC-A197-278C53ECB460}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8F57B427-31AE-4DE9-A4D6-57E6DD6A9D05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9F3C1776-8FDB-48B6-9AE5-7A34E860A9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A8768E10-781B-4BC5-A062-2221B393D746}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E9B19418-E5BC-4DAB-81E2-49E5288C7AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D3BAD4-28ED-4EF2-A369-D148A240D0B3}" = Foxit PDF IFilter
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13CA4073-A66B-4F07-9491-B933018E63D2}_is1" = Moyea SWF to Video Converter Pro version 3.6.2.1
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{365C5A10-6561-454F-B975-56EA878D0A06}" = Microsoft Network Monitor 3.3
"{6378ABCE-F816-4330-A7B1-FBEBCD50B746}" = ESET Smart Security
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{991B1E79-12B6-40C3-A081-1FC47C6F2F37}" = Bulk Rename Utility 2, 7, 0, 4
"{A345CF6A-53D4-4BDA-A5F8-BE44B924E168}" = The Panorama Factory V5 x64 Edition
"{A9D6787F-24E2-4A08-8CF9-7950D384CCE4}" = Microsoft Network Monitor: Microsoft Parsers 3.3
"{AC1B58BB-55ED-43F0-98D9-6CEB24C2C5CD}" = Macrium Reflect - Free Edition
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85B1A3C-E404-44E5-A0E1-C4D0438A49C1}" = Adobe Photoshop Lightroom 2.5 64-bit
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Ace Utilities_is1" = Ace Utilities
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"FileLocator Pro (64-bit)_is1" = FileLocator Pro Version 5.1 (64-bit)
"FinePrint" = FinePrint
"Form Pilot Pro_is1" = Form Pilot Pro version 2.27
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.0 Plug-in (build 2006)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3x64_is1" = Photomatix Pro version 3.2
"PROSet" = Intel® PRO Network Connections Drivers
"Registry Workshop" = Registry Workshop

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CECB87-1410-43D0-86E4-C55617B16F90}" = HDDlife Pro 3.1
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17B8AC4D-9CAA-4823-9B4E-1818F6EE556D}" = AKVIS Sketch
"{17FE8F8E-D8FA-440E-9ACF-3C51787E7225}" = FolderSizes 4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C63AA59-66B2-418C-BDF5-53A534DA5690}_is1" = Sothink SWF to Video Converter
"{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1" = Watermark Factory 2
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
"{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1" = ClipMate 7
"{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}" = Zoner GIF Animator 5
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4B150D79-50E1-4992-8250-F320388035D6}" = ArtRage 2
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{554EB98C-D995-471F-8874-D2BA7BF5EB3E}" = Noiseware Professional Edition
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5CB3DDA0-F143-4E65-A2FA-3C95F82139D2}_is1" = Wondershare Movie Story GAOTD Edition 4.5.0
"{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}" = GPSoftware Directory Opus
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}" = Noiseware Professional Plug-in
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin
"{855887C8-9A77-482a-8BB9-D346F159C5AF}_is1" = Sothink JWScroller
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C52A46C-7961-4A81-AB4B-92CF65CB4772}_is1" = Sothink Web Video Downloader
"{8CE0B1C5-15E9-4027-92F4-F63C57FEFD87}" = Readiris Pro 11
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904668DD-4E22-481F-A3A8-0CBA18A91072}_is1" = Sothink Tree Menu
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{93699C3E-005E-4294-87CA-F5B7DE2CD687}" = SnagIt 8
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CE08BB8-C8E7-45C1-9274-BF0B1E810BEC}" = Topaz Detail
"{A0C0724A-649C-4953-BF1E-F783036969E9}" = FormatFactory
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5FF2837-59C6-425B-8652-8CD385899F3F}" = uMark Professional 1.3
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.0
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}" = Inpaint
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBB2FEDD-FC32-4D83-A6A5-5ED42149052E}" = MotionArtist 3.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D14AF3FA-AD1A-46D7-B1B8-57C2C4DB05AF}" = PhotoFrame 3.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1" = Image Comparer v3.7
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E2486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition v2.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E74BE63D-D9FB-4ABB-BCD9-6077F8AE5933}" = Duplicate File Detective 3
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 2.0.6.0
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F86B6D9F-FA9A-4164-A66A-EAFF7C067272}_is1" = Sothink Video Encoder for Adobe Flash
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCADA4FF-142C-42A8-B73C-0A54A7F83345}" = Genuine Fractals 6.0.2 Professional Edition
"1st Clock_is1" = 1st Clock 4.0 (Full)
"3724-4833-2289-8317" = Visual Thesaurus 3.0.3
"3D Text Commander" = 3D Text Commander 2.0 by Insofta Development
"ABC Amber Barca Converter" = ABC Amber Barca Converter
"Ace Pro Screensaver Creator" = Ace Pro Screensaver Creator
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AI RoboForm" = AI RoboForm (All Users)
"AllMedia Grabber4.0" = AllMedia Grabber
"AnVir Task Manager Pro" = AnVir Task Manager Pro
"Apophysis 2.0" = Apophysis 2.0
"AU9_is1" = Advanced Uninstaller PRO - Version 9
"AV Bros. Page Curl Pro 2.2" = AV Bros. Page Curl Pro 2.2 (Remove Only)
"AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
"B/W Styler_is1" = B/W Styler 1.02
"barca2_is1" = Barca 2.8 (Build 4400)
"BBrk_is1" = BrainsBreaker 4.9(307b)
"Bokeh" = Alien Skin Bokeh
"Bookmark Buddy" = Bookmark Buddy
"Bryce 6.3 6.3.0.84" = Bryce 6.3
"Bryce 6.3 Content 6.3.0.84" = Bryce 6.3 Content
"Bryce Lightning 6.3 6.3.0.84" = Bryce Lightning 6.3
"CHM Editor" = CHM Editor
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"Color Picker Pro" = Color Picker Pro 1.0
"ColorPic" = ColorPic
"ColorSchemerStudio2_is1" = ColorSchemer Studio 2
"Cookie Monster" = Cookie Monster
"Curvy 3D_is1" = Curvy 3D 1.5
"Daniusoft Media Converter Pro_is1" = Daniusoft Media Converter Pro(Build 2.4.1.0)
"do-Organizer version 3x_is1" = do-Organizer 3.1
"Driver Magician_is1" = Driver Magician 3.4
"Duplicate File Detective 3" = Duplicate File Detective 3
"Dynamic-Photo HDR_is1" = Dynamic-Photo HDR 3.44
"East-Tec Eraser 2010_is1" = East-Tec Eraser 2010 Version 9.6
"EditPad Pro 5" = JGsoft EditPad Pro 5 v.5.4.5
"Edraw Max_is1" = Edraw Max 4
"EMCO UnLock IT_is1" = EMCO UnLock IT
"Esprit" = Vue 5 Esprit
"EULAlyzer_is1" = EULAlyzer 2.0
"Extreme Picture Finder_is1" = Extreme Picture Finder 3.10
"Fast DVD Ripper_is1" = Fast DVD Ripper 1.1
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FileZilla Client" = FileZilla Client 3.3.1
"Flash Renamer_is1" = Flash Renamer 6.1
"FolderSizes 4" = FolderSizes 4
"FormatFactory" = FormatFactory 2.00
"FotoSketcher_is1" = FotoSketcher - Version 1.9
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities Pro 2.9.0.518
"Gold Wave Editor Pro_is1" = Gold Wave Editor Pro v10.2.2
"Google Updater" = Google Updater
"Gravity_is1" = Gravity Version 2.8.1
"Harry's Filters 3" = Harry's Filters 3
"Help Workshop" = Help Workshop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HTML Help Workshop" = HTML Help Workshop
"Hyper Shutdown 2.2" = Hyper Shutdown 2.2
"IconWorkshop" = Axialis IconWorkshop 6.0
"Image Doctor 2" = Alien Skin Image Doctor 2
"Image Mender" = Image Mender 1.1
"Index.dat Analyzer_is1" = Index.dat Analyzer v2.5
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"InternetRadioFan_is1" = Internet RadioFan 1.3.0
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"Karen's LAN Monitor" = Karen's LAN Monitor
"Karen's 'Net Monitor" = Karen's 'Net Monitor
"Karen's Version Browser" = Karen's Version Browser
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"LameACM" = LameACM
"Liquid Story Binder XE_is1" = Liquid Story Binder XE 3.71
"Logo Design Studio Pro3.1.0" = Logo Design Studio Pro
"Mailbag Assistant_is1" = Mailbag Assistant (Remove only)
"MailWasher Pro_is1" = MailWasher Pro
"MainType2_is1" = MainType 2.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXA Cookie Manager_is1" = MAXA Cookie Manager Pro 4.0
"MetaProducts Mass Downloader" = MetaProducts Mass Downloader
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"MoffCalc2_is1" = Moffsoft Calculator 2
"Money2007b" = Microsoft Money Essentials
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.10
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"music_is1" = The 'Jongg DVD - Additional Music
"MyConnection PC" = MyConnection PC
"NetStat Agent_is1" = NetStat Agent 3.0.2
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"odf-converter-integrator" = odf-converter-integrator
"PC Wizard 2010_is1" = PC Wizard 2010.1.92
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"Punch! Home Design - AS4000" = Punch! Home Design - AS4000
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Recover My Files_is1" = Recover My Files
"setup_is1" = The 'Jongg DVD
"ShiftN_is1" = ShiftN 3.5
"Smart Copy" = Smart Copy 3.0.5.8
"Smart Defrag_is1" = Smart Defrag 1.11
"Snap Art" = Alien Skin Snap Art
"SolSuite_is1" = SolSuite 2010 v10.0
"SpeedCrunch_is1" = SpeedCrunch 0.10
"Spyware Terminator_is1" = Spyware Terminator
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST5UNST #1" = Project Dogwaffle Professional
"Sudoku Up_is1" = Sudoku Up 2009 v3.0
"Super Flexible File Synchronizer_is1" = Super Flexible File Synchronizer v3.77
"SWF & FLV Toolbox_is1" = SWF & FLV Toolbox 3.5 (build 3.5.23.412)
"SWiSH Max2" = SWiSH Max2
"SWiSH Max3" = SWiSH Max3
"tilesets_is1" = The Jongg DVD - Additional Tilesets
"tintii" = indii.org/tintii
"Total Privacy 5" = Total Privacy 5
"TotalRecorder" = Total Recorder 8.0
"Uninstall Tool_is1" = Uninstall Tool
"USB Safely Remove_is1" = USB Safely Remove 4.2
"Vista Start Menu_is1" = Vista Start Menu 3.54
"Viveza" = Viveza
"Viveza Stand-Alone" = Viveza
"Wacom Tablet Driver" = Wacom Tablet
"Water Illusion Screensaver" = Water Illusion Screensaver
"Weather Watcher_is1" = Weather Watcher
"Winamp" = Winamp
"WinPatrol" = WinPatrol 2009
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Wire Pilot Lite_is1" = Wire Pilot Lite 3.0.4
"Wireshark" = Wireshark 1.0.7
"Wondershare Flash Gallery Factory_is1" = Wondershare Flash Gallery Factory 4.7.1
"Wondershare Photo Story Platinum_is1" = Wondershare Photo Story Platinum (2.8.0)
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 4.2.0.56)
"Works2003Setup" = Microsoft Works 2003 Setup Launcher

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1766746167-4257547100-2808806850-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FolderLock6" = Folder Lock
"Google Chrome" = Google Chrome
"Mani II Screen Saver" = Mani II Screen Saver
"Pixie" = Pixie 3.1 (remove only)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:07 PM

Posted 08 January 2010 - 06:45 AM

Hello stevek1948,

To be honest, I don't see a lot wrong here. Can you please list the programs that cause you update-problems?

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either ESET or Antivir.


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image
In your next reply, please include the following:
  • ESET online scan results

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 stevek1948

stevek1948
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 08 January 2010 - 09:03 PM

Hello Elise,

Thank you for your patience.

I checked with Eset's online website and it seems to use the same engine and virus signiture database as my Eset Smart Security. I did use Bit Defender's online checker with no results. I do run the virus scan about once a month. As per Eset tech support's instructions, I did uninstall Smart Security and try to update the problem programs( MalwareBytes, Clipmate and Maxa Cookie Manager to name a few) with the same negative results.

I'm beginning to wonder if it might be a network, corrupted windows update or tcp/ip problem.

Also, I was wondering what C:\ProgramData\sdpsenv.dat:naughtypirates was in my data stream, and if it might be a problem. I don't know where it came from, "really".

Regards

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:07 PM

Posted 09 January 2010 - 06:18 AM

Did you try to re-install those "problem" programs?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 stevek1948

stevek1948
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 09 January 2010 - 06:53 PM

Hello Elise,

I had trouble installing and registering Maxa Cookie Manager and Netstat Agent. They sent me offline license keys. I've also noticed that when I try to install a Giveawayoftheday program, it can't connect to their server to verify the date. It seems that something is either interfering with the programs connecting to their servers or, possibly something misconfigured in the os.

Regards

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:07 PM

Posted 10 January 2010 - 03:43 AM

How are you connected to the internet (wired, wireless, router, ...)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 stevek1948

stevek1948
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 10 January 2010 - 05:45 PM

Hello Elise,

I'm connected through a Surfboard cable modem and Linksys EitherFast Cable router. No other computers connected at the moment.

Regards

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:07 PM

Posted 11 January 2010 - 05:55 AM

Did you try to reset your router (you can usually find a reset button at the back of the router)?

Did you try to connect your incoming cable directly to the modem and so bypassing the router?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 stevek1948

stevek1948
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 11 January 2010 - 06:08 PM

Hello Elise,

Yes, I did try these early on.

Regards.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:07 PM

Posted 12 January 2010 - 06:24 AM

Did you check your firewall settings to see if Vista's firewall is somehow blocking these programs?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 stevek1948

stevek1948
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 12 January 2010 - 06:16 PM

Hello Elise,

Windows Firewall is turned off.


Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users