Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webpage tries to redirect ( Malware )


  • This topic is locked This topic is locked
9 replies to this topic

#1 ucmego

ucmego

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 07 March 2010 - 06:19 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/299940/rrfexe-trojandownloader/ ~ OB

Hi,

Running Windows Vista 64Bit OS
Nod32 Smart Security
Malwarebytes
SuperAntispyware
Lavasoft Ad Aware
Spybot S&D
Spyware Blaster

We have ran the above tools and posted the results in this forum and being directed to post a HJ log here.


Here is a log file & the attached log file.

Is it possiable some other malware trying to redirect our webpages or is a google thing.

DDS (Ver_09-12-01.01) - NTFSX64
Run by gb at 10:06:18.81 on Mon 08/03/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.61.1033.18.16382.13778 [GMT 11:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\Syinternals Suite\PROCEXP64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\gb\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\syswow64\blank.htm
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SkypeIEPluginBHO: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - Skype add-on for Internet Explorer
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
mRun: [NetWorx] "c:\program files (x86)\networx\networx.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\users\gb\appdata\roaming\micros~1\windows\startm~1\programs\startup\direct~1.lnk - c:\program files\gpsoftware\directory opus\dopus.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\procex~1.lnk - c:\program files (x86)\syinternals suite\PROCEXP64.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\spyder~1.lnk - c:\program files (x86)\datacolor\spyder3elite\utility\Spyder3Utility.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Search Image on TinEye - file://c:\users\gb\documents\tineye 1.0\TinEye.js
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: Directory Opus Shell Execute Hook: {ee761688-c137-4b04-8fab-3c9cdf0886f0} - c:\program files\gpsoftware\directory opus\dopuslib32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [LogMeIn GUI] "c:\program files (x86)\logmein\x64\LogMeInSystray.exe"
mRun-x64: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun-x64: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
SEH-X64: Directory Opus Shell Execute Hook: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - c:\program files\gpsoftware\directory opus\dopuslib.dll
IFEO-X64: taskmgr.exe - "c:\users\gb\downloads\syinternals suite\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\gb\appdata\roaming\mozilla\firefox\profiles\5u51rkfo.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\gb\appdata\roaming\mozilla\firefox\profiles\5u51rkfo.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files (x86)\photodex presenter\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-4 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-9-8 54480]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 136584]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-8 53312]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-11-16 44944]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\logmein\x64\rainfo.sys [2008-8-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-9 72216]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-9-11 6803560]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\pdf complete\pdfsvc.exe [2009-4-21 576024]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-1-4 1153368]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys [2007-9-18 216064]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\drivers\lvsels64.sys [2009-10-7 67992]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2009-5-19 15360]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\SASDIFSV.SYS [2009-9-15 12872]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-9-15 66632]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-9 89920]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-9-8 1038088]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-12-3 1181328]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-10-17 19912]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-10-17 13264]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-9-15 12872]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 22528]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-03-07 12:05:25 52141 ----a-w- C:\LogMeIn-0982-20100307-230524.xml
2010-03-07 12:05:24 3332576 begin_of_the_skype_highlighting              24 3332576      end_of_the_skype_highlighting ----a-w- C:\LogMeIn-0982-20100307-230524.dmp
2010-03-07 03:44:32 54746 ----a-w- C:\LogMeIn-0982-20100307-144431.xml
2010-03-07 03:44:31 3340766 ----a-w- C:\LogMeIn-0982-20100307-144431.dmp
2010-03-05 23:12:10 52645 ----a-w- C:\LogMeIn-0982-20100306-101208.xml
2010-03-05 23:12:08 3332984 ----a-w- C:\LogMeIn-0982-20100306-101208.dmp
2010-03-02 01:04:45 0 d-----w- c:\programdata\vsosdk
2010-02-28 22:40:48 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-28 09:38:04 51213 ----a-w- C:\LogMeIn-0982-20100228-203802.xml
2010-02-28 09:38:02 3365875 ----a-w- C:\LogMeIn-0982-20100228-203802.dmp
2010-02-27 22:46:04 0 d-----w- c:\windows\syswow64\RTCOM
2010-02-27 22:42:21 0 d-----w- c:\program files (x86)\Realtek
2010-02-27 22:41:52 831488 ----a-w- c:\windows\RtlExUpd.dll
2010-02-27 00:04:51 0 d-----w- c:\program files (x86)\Photodex Presenter
2010-02-27 00:04:46 0 d-----w- c:\program files (x86)\Photodex
2010-02-27 00:03:11 0 d-----w- c:\users\gb\appdata\roaming\Photodex
2010-02-27 00:03:10 0 d-----w- c:\programdata\Photodex
2010-02-26 23:52:29 0 d-----w- c:\users\gb\appdata\roaming\log
2010-02-26 23:49:30 65602 ----a-w- c:\windows\syswow64\cook3260.dll
2010-02-26 23:49:30 626688 ----a-w- c:\windows\syswow64\vp7vfw.dll
2010-02-26 23:49:30 273408 ----a-w- c:\windows\syswow64\Pncrt.dll
2010-02-26 23:49:30 217127 ----a-w- c:\windows\syswow64\drv43260.dll
2010-02-26 23:49:30 208935 ----a-w- c:\windows\syswow64\drv33260.dll
2010-02-26 23:49:30 176165 ----a-w- c:\windows\syswow64\drv23260.dll
2010-02-26 23:49:30 1184984 ----a-w- c:\windows\syswow64\wvc1dmod.dll
2010-02-26 23:49:30 102439 ----a-w- c:\windows\syswow64\sipr3260.dll
2010-02-26 23:49:27 0 d-----w- c:\program files (x86)\VSO
2010-02-26 23:43:44 0 d-----w- c:\users\gb\appdata\roaming\AVS4YOU
2010-02-26 23:42:34 0 d-----w- c:\program files (x86)\common files\AVSMedia
2010-02-26 23:42:30 974848 ----a-w- c:\windows\syswow64\mfc70.dll
2010-02-26 23:42:30 487424 ----a-w- c:\windows\syswow64\msvcp70.dll
2010-02-26 23:42:30 344064 ----a-w- c:\windows\syswow64\msvcr70.dll
2010-02-26 23:42:30 24576 ----a-w- c:\windows\syswow64\msxml3a.dll
2010-02-26 23:42:29 0 d-----w- c:\programdata\AVS4YOU
2010-02-26 23:42:29 0 d-----w- c:\program files (x86)\AVS4YOU
2010-02-26 23:31:33 0 d-----w- c:\users\gb\appdata\roaming\DVDFab
2010-02-26 23:26:29 99384 ----a-w- c:\users\gb\appdata\roaming\inst.exe
2010-02-26 23:26:29 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-26 23:26:29 82816 ----a-w- c:\users\gb\appdata\roaming\pcouffin.sys
2010-02-26 23:26:17 0 d-----w- c:\program files (x86)\DVDFab 6
2010-02-24 01:21:41 0 d-----w- c:\program files (x86)\ConvertHelper
2010-02-21 06:32:50 0 d-----w- c:\program files (x86)\D-Link
2010-02-21 06:10:39 0 d-----w- c:\program files (x86)\Kodak
2010-02-18 04:19:35 107864 ----a-w- c:\windows\syswow64\tsccvid.dll
2010-02-18 04:19:34 0 d-----w- c:\windows\syswow64\QuickTime
2010-02-18 04:19:26 0 d-----w- c:\programdata\TechSmith
2010-02-18 04:19:18 0 d-----w- c:\program files (x86)\common files\TechSmith Shared
2010-02-13 22:40:26 0 d-----w- c:\programdata\IObit
2010-02-09 06:27:34 0 d-----w- C:\MoTemp

==================== Find3M ====================

2010-03-07 21:20:17 125736 ----a-w- c:\programdata\nvModes.dat
2010-03-07 21:19:21 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-27 22:42:53 86016 ----a-w- c:\windows\inf\infpub.dat
2010-02-27 22:42:53 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-27 22:42:53 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-27 22:42:32 525792 ----a-w- c:\windows\DIFxAPI.dll
2010-02-24 01:50:45 60744 ----a-w- c:\users\gb\g2mdlhlpx.exe
2010-02-23 22:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-01-26 18:00:00 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll
2010-01-25 12:10:22 538624 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:10:03 539136 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:08:59 460288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 12:00:35 471552 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\syswow64\msdrm.dll
2010-01-25 08:29:35 413696 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:29:31 600576 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:29:31 409600 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:29:28 599552 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:20 526336 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-23 09:44:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 09:26:13 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-07 05:07:06 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 16:00:02 1927680 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:58:36 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\syswow64\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-01-06 14:03:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-01-02 07:08:29 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 07:03:21 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 07:03:21 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-02 06:38:04 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-02 06:36:10 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-01-02 06:33:34 5942784 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-02 06:33:32 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-01-02 06:33:32 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-02 06:32:51 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-01-02 06:32:33 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-01-02 06:32:33 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-01-02 06:32:32 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-01-02 06:32:32 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-01-02 06:32:32 11070464 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-02 06:32:26 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-02 05:25:39 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-02 04:57:00 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-01-02 04:56:50 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-01-02 04:56:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-12-25 09:22:28 7988 ----a-w- C:\mediamp3.dat
2009-12-21 09:39:26 19912 ----a-w- c:\windows\system32\pwdrvio.sys
2009-12-21 09:39:24 13264 ----a-w- c:\windows\system32\pwdspio.sys
2009-12-21 09:39:22 524856 ----a-w- c:\windows\system32\pwNative.exe
2009-12-17 06:14:09 153376 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-17 06:14:08 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-17 06:14:06 145184 ----a-w- c:\windows\syswow64\java.exe
2009-12-17 06:14:00 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-12-12 14:15:30 178176 ----a-w- c:\windows\syswow64\unrar.dll
2009-12-08 20:22:09 4698184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-27 22:07:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:34 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:34 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:13:18 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:13:18 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:13:18 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:13:18 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-14 07:47:11 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-14 23:51:40 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-11-14 23:51:40 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-11-14 23:51:40 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-04-21 01:11:30 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:07:06.47 ===============


Cheers,

Attached Files


Edited by Orange Blossom, 07 March 2010 - 09:19 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:12 AM

Posted 10 March 2010 - 05:14 PM

Hello, ucmego.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to create an OTL report
  1. Please download OTL
  2. Save it to your desktop.
  3. Double click on the OTL icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the Run Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


In your next reply, please include the following:
  • OTL.txt
  • Extra.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 ucmego

ucmego
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 12 March 2010 - 02:03 AM

Hi,

Thank you for your help & time in advanced. BTW this is a neat little tool.

Here a copy of the logs.

OTL logfile created on: 12/03/2010 5:54:24 PM - Run 1
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\gb\Downloads
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 86.00% Memory free
32.00 Gb Paging File | 30.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135.05 Gb Total Space | 31.36 Gb Free Space | 23.22% Space Free | Partition Type: NTFS
Drive D: | 12.04 Gb Total Space | 6.17 Gb Free Space | 51.22% Space Free | Partition Type: NTFS
Drive E: | 1.95 Gb Total Space | 1.72 Gb Free Space | 88.22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.28 Gb Total Space | 191.51 Gb Free Space | 20.56% Space Free | Partition Type: FAT32

Computer Name: HP
Current User Name: gb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/12 10:58:12 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\gb\Downloads\OTL.exe
PRC - [2010/02/27 11:04:49 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2010/02/23 22:25:50 | 002,908,672 | ---- | M] (SoftPerfect Research) -- C:\Program Files (x86)\NetWorx\networx.exe
PRC - [2010/01/08 10:22:28 | 000,354,232 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/01 21:46:56 | 006,407,854 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/15 12:49:06 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/03/12 10:58:12 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\gb\Downloads\OTL.exe
MOD - [2009/04/11 17:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/09/25 12:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/09/11 00:43:46 | 006,803,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/09/08 21:34:05 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/04/11 18:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 18:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/11 18:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008/01/21 13:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/21 13:46:16 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/01/21 13:45:48 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/02/27 11:04:49 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/02/05 09:28:18 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/02 20:49:48 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/10 10:31:21 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/09/08 21:32:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/30 15:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/11 13:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2008/05/15 12:49:06 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2006/11/03 00:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 17:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 17:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/27 10:26:29 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/01/04 22:34:43 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/12/21 20:39:26 | 000,019,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2009/12/21 20:39:24 | 000,013,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2009/12/19 11:42:39 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009/11/16 09:07:10 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/11/16 09:07:04 | 000,169,080 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfw.sys -- (epfw)
DRV:64bit: - [2009/11/16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:64bit: - [2009/10/08 12:14:11 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)
DRV:64bit: - [2009/10/07 08:48:08 | 000,067,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvsels64.sys -- (lvsels64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/02 20:49:24 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/10/01 11:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/19 08:10:40 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/06/18 03:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/06/18 03:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/18 03:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/18 03:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/18 03:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/18 03:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 16:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/11 16:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/04/11 15:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/09/08 18:26:20 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Spyder3.sys -- (Spyder3)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/21 13:48:54 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\umpass.sys -- (UMPass)
DRV:64bit: - [2008/01/21 13:45:42 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/21 13:45:11 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/09/18 07:12:22 | 000,216,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/09/15 08:57:38 | 000,087,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\basp.sys -- (Blfp)
DRV:64bit: - [2007/07/13 03:35:44 | 000,381,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2006/11/02 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV - [2010/02/19 08:17:24 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 08:17:23 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 08:17:23 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/19 11:42:39 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2009/06/22 11:48:42 | 000,058,376 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DlinkUDSMBus.sys -- (DlinkUDSMBus)
DRV - [2009/06/22 11:48:36 | 000,081,928 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DlinkUDSTcpBus.sys -- (DlinkUDSTcpBus)
DRV - [2009/04/21 12:25:19 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2006/11/02 07:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2006/09/19 08:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/19 08:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1399816726-2182366132-85070305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1399816726-2182366132-85070305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1399816726-2182366132-85070305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {04b56b3f-c4f4-48ba-9ea1-30e04fb7d829}:2.6.20091103
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {6FF4E2E4-FB2E-4f50-8F65-CFF2777413D5}:2.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:0.7.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/13 10:46:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/03 10:03:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/01 09:39:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/11/27 22:01:23 | 000,000,000 | ---D | M]

[2009/09/09 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\gb\AppData\Roaming\Mozilla\Extensions
[2010/03/12 07:49:23 | 000,000,000 | ---D | M] -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions
[2009/09/28 02:30:41 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/11/23 08:48:07 | 000,000,000 | ---D | M] (Custom Download Manager) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{04b56b3f-c4f4-48ba-9ea1-30e04fb7d829}
[2010/01/19 08:28:13 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/10/28 09:55:39 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/09/09 17:31:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/27 08:42:33 | 000,000,000 | ---D | M] (IE View) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/09/26 11:06:42 | 000,000,000 | ---D | M] (Opanda IExif) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{6FF4E2E4-FB2E-4f50-8F65-CFF2777413D5}
[2010/03/07 10:13:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/28 11:47:05 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2009/11/03 21:32:51 | 000,000,000 | ---D | M] -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\rj@reedmace.net
[2009/11/12 11:42:08 | 000,000,000 | ---D | M] -- C:\Users\gb\AppData\Roaming\Mozilla\Firefox\Profiles\5u51rkfo.default\extensions\tineye@ideeinc.com
[2010/02/27 08:15:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/27 08:15:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/09/10 02:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2009/09/14 11:03:57 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdsplay.dll
[2009/09/14 11:04:21 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwmsdrm.dll
[2010/01/22 07:16:28 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/22 07:16:28 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/22 07:16:29 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/22 07:16:29 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/01/04 22:33:33 | 000,371,742 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 12813 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - Reg Error: Value error. File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1399816726-2182366132-85070305-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NetWorx] C:\Program Files (x86)\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1399816726-2182366132-85070305-1000..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - Startup: C:\Users\gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus.lnk = C:\Program Files (x86)\GPSoftware\Directory Opus\dopus.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Search Image on TinEye - C:\Users\gb\Documents\TinEye 1.0\TinEye.js ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Search Image on TinEye - C:\Users\gb\Documents\TinEye 1.0\TinEye.js ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Value error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\image016 1200x1600.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\image016 1200x1600.jpg
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\GB\DOWNLOADS\SYINTERNALS SUITE\PROCEXP.EXE File not found
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/04/09 19:43:54 | 000,000,000 | ---D | M] - K:\autorun -- [ FAT32 ]
O33 - MountPoints2\{298f50e5-a27b-11de-890d-001cc4881243}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{426ca799-dcab-11de-8ee7-001cc4881243}\Shell - "" = AutoRun
O33 - MountPoints2\{426ca799-dcab-11de-8ee7-001cc4881243}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\K\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 07:44:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/10 07:44:32 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/10 07:44:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/10 07:44:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/08 14:12:47 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\Breaking Vegas - The Roulette Assault
[2010/03/08 10:37:58 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\HJ Log
[2010/03/05 18:29:10 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\GE
[2010/03/05 12:36:35 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\Sam
[2010/03/02 12:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010/03/01 09:40:48 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/02/28 09:46:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/02/28 09:42:29 | 001,680,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/02/28 09:42:29 | 001,201,184 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/02/28 09:42:29 | 000,611,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/02/28 09:42:29 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/02/28 09:42:29 | 000,437,280 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/02/28 09:42:29 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/02/28 09:42:29 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/02/28 09:42:29 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/02/28 09:42:29 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/02/28 09:42:29 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/02/28 09:42:29 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/02/28 09:42:29 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/02/28 09:42:29 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/02/28 09:42:29 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/02/28 09:42:29 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/02/28 09:42:29 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/02/28 09:42:29 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/02/28 09:42:29 | 000,066,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/02/28 09:42:27 | 000,321,536 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/02/28 09:42:21 | 000,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/02/28 09:42:21 | 000,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/02/28 09:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/02/28 09:41:52 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/02/27 15:33:04 | 000,000,000 | ---D | C] -- C:\Users\gb\Documents\ConvertXToDVD
[2010/02/27 11:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photodex Presenter
[2010/02/27 11:04:51 | 000,000,000 | ---D | C] -- C:\Users\gb\AppData\Roaming\Netscape
[2010/02/27 11:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photodex
[2010/02/27 11:03:11 | 000,000,000 | ---D | C] -- C:\Users\gb\AppData\Roaming\Photodex
[2010/02/27 11:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Photodex
[2010/02/27 10:52:29 | 000,000,000 | ---D | C] -- C:\Users\gb\AppData\Roaming\log
[2010/02/27 10:49:30 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc1dmod.dll
[2010/02/27 10:49:30 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2010/02/27 10:49:30 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\Pncrt.dll
[2010/02/27 10:49:30 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv43260.dll
[2010/02/27 10:49:30 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv33260.dll
[2010/02/27 10:49:30 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv23260.dll
[2010/02/27 10:49:30 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\sipr3260.dll
[2010/02/27 10:49:30 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\cook3260.dll
[2010/02/27 10:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2010/02/27 10:43:44 | 000,000,000 | ---D | C] -- C:\Users\gb\AppData\Roaming\AVS4YOU
[2010/02/27 10:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/02/27 10:42:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2010/02/27 10:42:30 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2010/02/27 10:42:30 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2010/02/27 10:42:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/02/27 10:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/02/27 10:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/02/27 10:31:33 | 000,000,000 | ---D | C] -- C:\Users\gb\AppData\Roaming\DVDFab
[2010/02/27 10:26:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/02/27 10:26:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\gb\AppData\Roaming\pcouffin.sys
[2010/02/27 10:26:29 | 000,000,000 | ---D | C] -- C:\Users\gb\AppData\Roaming\Vso
[2010/02/27 10:26:29 | 000,000,000 | ---D | C] -- C:\Users\gb\Documents\PcSetup
[2010/02/27 10:26:28 | 000,000,000 | ---D | C] -- C:\Users\gb\Documents\DVDFab
[2010/02/27 10:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 6
[2010/02/27 08:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/02/25 07:49:45 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\Melbourne Victory Semi Final Home Match 2010
[2010/02/24 17:54:04 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\Old hl Logs
[2010/02/24 12:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2010/02/24 12:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/02/24 07:46:33 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/24 07:46:33 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/24 07:46:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/24 07:46:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/24 07:46:31 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/24 07:46:31 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/24 07:46:31 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/24 07:46:31 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/24 07:46:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/24 07:46:30 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/24 07:46:30 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/24 07:46:29 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/24 07:46:29 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/24 07:46:29 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/24 07:46:29 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/24 07:46:29 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/24 07:46:29 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/24 07:46:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/24 07:46:03 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/24 07:46:02 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/24 07:46:02 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/24 07:46:01 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/24 07:46:01 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/24 07:46:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/24 07:46:00 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/24 07:46:00 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/21 17:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\D-Link
[2010/02/21 17:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2010/02/18 15:53:35 | 000,000,000 | ---D | C] -- C:\Users\gb\AppData\Local\TechSmith
[2010/02/18 15:19:45 | 000,000,000 | ---D | C] -- C:\Users\gb\Documents\Camtasia Studio
[2010/02/18 15:19:35 | 000,107,864 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010/02/18 15:19:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/02/18 15:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/02/18 15:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010/02/18 15:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/02/17 16:47:55 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\Matt Finish
[2010/02/17 14:19:48 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\Sirianni
[2010/02/17 13:50:10 | 000,000,000 | ---D | C] -- C:\Users\gb\Desktop\Gagliardi
[2010/02/14 09:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

========== Files - Modified Within 30 Days ==========

[2010/03/12 17:55:12 | 009,437,184 | -HS- | M] () -- C:\Users\gb\NTUSER.DAT
[2010/03/12 17:53:30 | 000,068,472 | ---- | M] () -- C:\Users\gb\Desktop\OTL Ran Scan Error.jpg
[2010/03/12 17:52:07 | 000,602,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/12 17:52:07 | 000,106,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/12 17:52:06 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/12 17:45:50 | 000,125,736 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/12 17:45:22 | 000,125,736 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/12 17:45:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/12 17:45:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/12 17:45:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/12 17:45:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/12 17:45:14 | 4294,279,165 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/12 17:45:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/03/12 17:42:55 | 000,524,288 | -HS- | M] () -- C:\Users\gb\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000001.regtrans-ms
[2010/03/12 17:42:55 | 000,065,536 | -HS- | M] () -- C:\Users\gb\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TM.blf
[2010/03/12 17:42:52 | 003,920,986 | -H-- | M] () -- C:\Users\gb\AppData\Local\IconCache.db
[2010/03/12 17:41:30 | 000,322,054 | ---- | M] () -- C:\Users\gb\Desktop\http___asset2.kojointeractive.com.pdf
[2010/03/12 13:48:40 | 000,087,575 | ---- | M] () -- C:\Users\gb\Desktop\123456.jpg
[2010/03/12 08:01:46 | 000,001,189 | ---- | M] () -- C:\Users\gb\AppData\Roaming\vso_ts_preview.xml
[2010/03/10 22:01:52 | 003,368,497 | ---- | M] () -- C:\LogMeIn-0982-20100310-220150.dmp
[2010/03/10 22:01:52 | 000,050,490 | ---- | M] () -- C:\LogMeIn-0982-20100310-220150.xml
[2010/03/10 18:09:01 | 001,661,603 | ---- | M] () -- C:\Users\gb\Desktop\Melbourne Victory All Cards 125dpi.pdf
[2010/03/10 18:07:31 | 004,465,484 | ---- | M] () -- C:\Users\gb\Desktop\Melbourne Victory All Cards.pdf
[2010/03/10 18:06:48 | 007,643,423 | ---- | M] () -- C:\Users\gb\Desktop\Melbourne Victory All Cards.psd
[2010/03/10 14:46:38 | 000,021,465 | ---- | M] () -- C:\Users\gb\Desktop\HP Instant Support Professi.. 10032010.pdf
[2010/03/10 14:28:23 | 002,366,528 | ---- | M] () -- C:\Users\gb\Desktop\Melbourne Victory.psd
[2010/03/07 23:05:25 | 003,332,576 | ---- | M] () -- C:\LogMeIn-0982-20100307-230524.dmp
[2010/03/07 23:05:25 | 000,052,141 | ---- | M] () -- C:\LogMeIn-0982-20100307-230524.xml
[2010/03/07 14:44:32 | 003,340,766 | ---- | M] () -- C:\LogMeIn-0982-20100307-144431.dmp
[2010/03/07 14:44:32 | 000,054,746 | ---- | M] () -- C:\LogMeIn-0982-20100307-144431.xml
[2010/03/06 10:12:10 | 003,332,984 | ---- | M] () -- C:\LogMeIn-0982-20100306-101208.dmp
[2010/03/06 10:12:10 | 000,052,645 | ---- | M] () -- C:\LogMeIn-0982-20100306-101208.xml
[2010/03/03 14:04:26 | 009,578,603 | ---- | M] () -- C:\Users\gb\Desktop\How To Use Labels, Keywords And Ratings In Photoshop CS3 Bridge (Technology & Cars).flv
[2010/03/02 17:49:28 | 000,421,603 | ---- | M] () -- C:\Users\gb\Desktop\PMP Medication Image Specifications .pdf
[2010/03/02 17:47:25 | 000,067,575 | ---- | M] () -- C:\Users\gb\Desktop\Australasian Retail Projects 2.pdf
[2010/03/02 17:46:54 | 000,067,576 | ---- | M] () -- C:\Users\gb\Desktop\Australasian Retail Projects.pdf
[2010/03/02 17:42:50 | 000,469,340 | ---- | M] () -- C:\Users\gb\Desktop\aaweb.swf
[2010/03/02 17:34:19 | 000,078,011 | ---- | M] () -- C:\Users\gb\Desktop\Healthlinks.net (photograph...pdf
[2010/03/02 17:33:44 | 000,072,103 | ---- | M] () -- C:\Users\gb\Desktop\flash_submenu.swf
[2010/03/02 16:25:05 | 001,896,769 | ---- | M] () -- C:\Users\gb\Desktop\sample-03.pdf
[2010/03/02 15:43:45 | 000,001,206 | ---- | M] () -- C:\Users\gb\Desktop\hl issues need sorting March 2010.jsx
[2010/03/02 09:20:28 | 000,033,512 | ---- | M] () -- C:\Users\gb\Desktop\Barbecued french toast with maple syrup and berries.pdf
[2010/03/02 09:15:31 | 000,035,328 | ---- | M] () -- C:\Users\gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 12:37:25 | 000,028,883 | ---- | M] () -- C:\Users\gb\Desktop\Untitled.jpg
[2010/02/28 20:38:04 | 000,051,213 | ---- | M] () -- C:\LogMeIn-0982-20100228-203802.xml
[2010/02/28 20:38:03 | 003,365,875 | ---- | M] () -- C:\LogMeIn-0982-20100228-203802.dmp
[2010/02/28 12:10:08 | 000,393,810 | ---- | M] () -- C:\Users\gb\Desktop\Whack- 'David Harradine Photography & Training.jpg
[2010/02/28 09:42:32 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/02/27 10:33:07 | 002,466,160 | ---- | M] () -- C:\Users\gb\Desktop\BEER_PARIS-hi.avi
[2010/02/27 10:32:22 | 005,740,763 | ---- | M] () -- C:\Users\gb\Desktop\BEER_PARIS-hi.flv
[2010/02/27 10:26:29 | 000,099,384 | ---- | M] () -- C:\Users\gb\AppData\Roaming\inst.exe
[2010/02/27 10:26:29 | 000,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/02/27 10:26:29 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\gb\AppData\Roaming\pcouffin.sys
[2010/02/27 10:26:29 | 000,007,859 | ---- | M] () -- C:\Users\gb\AppData\Roaming\pcouffin.cat
[2010/02/27 10:26:29 | 000,001,167 | ---- | M] () -- C:\Users\gb\AppData\Roaming\pcouffin.inf
[2010/02/25 16:34:30 | 000,039,512 | ---- | M] () -- C:\Users\gb\Desktop\Warm Potato And Capsicum Sa...pdf
[2010/02/24 12:50:45 | 000,060,744 | ---- | M] () -- C:\Users\gb\g2mdlhlpx.exe
[2010/02/24 08:18:21 | 000,116,936 | ---- | M] () -- C:\Users\gb\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 08:17:35 | 003,049,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/23 20:18:45 | 000,070,807 | ---- | M] () -- C:\Users\gb\Desktop\My Kitchen Rules Official S...pdf
[2010/02/21 15:26:44 | 001,046,615 | ---- | M] () -- C:\Users\gb\Desktop\_MG_3365.jpg
[2010/02/21 10:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/02/21 10:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/02/21 10:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/21 10:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/02/20 08:53:41 | 000,030,205 | ---- | M] () -- C:\Users\gb\Desktop\92232_2.jpg
[2010/02/17 21:17:09 | 000,204,505 | ---- | M] () -- C:\Users\gb\Desktop\3534660597_449a1eeecf.jpg
[2010/02/17 21:14:35 | 000,477,890 | ---- | M] () -- C:\Users\gb\Desktop\2i0nt2.jpg
[2010/02/16 08:36:49 | 000,106,067 | ---- | M] () -- C:\Users\gb\Desktop\WhiteRabbitFeatures_02.pdf

========== Files Created - No Company Name ==========

[2010/03/12 17:53:30 | 000,068,472 | ---- | C] () -- C:\Users\gb\Desktop\OTL Ran Scan Error.jpg
[2010/03/12 17:41:30 | 000,322,054 | ---- | C] () -- C:\Users\gb\Desktop\http___asset2.kojointeractive.com.pdf
[2010/03/12 13:48:39 | 000,087,575 | ---- | C] () -- C:\Users\gb\Desktop\123456.jpg
[2010/03/10 22:01:52 | 000,050,490 | ---- | C] () -- C:\LogMeIn-0982-20100310-220150.xml
[2010/03/10 22:01:50 | 003,368,497 | ---- | C] () -- C:\LogMeIn-0982-20100310-220150.dmp
[2010/03/10 18:08:58 | 001,661,603 | ---- | C] () -- C:\Users\gb\Desktop\Melbourne Victory All Cards 125dpi.pdf
[2010/03/10 18:07:20 | 004,465,484 | ---- | C] () -- C:\Users\gb\Desktop\Melbourne Victory All Cards.pdf
[2010/03/10 18:06:48 | 007,643,423 | ---- | C] () -- C:\Users\gb\Desktop\Melbourne Victory All Cards.psd
[2010/03/10 14:46:38 | 000,021,465 | ---- | C] () -- C:\Users\gb\Desktop\HP Instant Support Professi.. 10032010.pdf
[2010/03/10 14:28:21 | 002,366,528 | ---- | C] () -- C:\Users\gb\Desktop\Melbourne Victory.psd
[2010/03/07 23:05:25 | 000,052,141 | ---- | C] () -- C:\LogMeIn-0982-20100307-230524.xml
[2010/03/07 23:05:24 | 003,332,576 | ---- | C] () -- C:\LogMeIn-0982-20100307-230524.dmp
[2010/03/07 14:44:32 | 000,054,746 | ---- | C] () -- C:\LogMeIn-0982-20100307-144431.xml
[2010/03/07 14:44:31 | 003,340,766 | ---- | C] () -- C:\LogMeIn-0982-20100307-144431.dmp
[2010/03/06 10:12:10 | 000,052,645 | ---- | C] () -- C:\LogMeIn-0982-20100306-101208.xml
[2010/03/06 10:12:08 | 003,332,984 | ---- | C] () -- C:\LogMeIn-0982-20100306-101208.dmp
[2010/03/03 14:04:25 | 009,578,603 | ---- | C] () -- C:\Users\gb\Desktop\How To Use Labels, Keywords And Ratings In Photoshop CS3 Bridge (Technology & Cars).flv
[2010/03/02 17:49:28 | 000,421,603 | ---- | C] () -- C:\Users\gb\Desktop\PMP Medication Image Specifications .pdf
[2010/03/02 17:47:25 | 000,067,575 | ---- | C] () -- C:\Users\gb\Desktop\Australasian Retail Projects 2.pdf
[2010/03/02 17:46:54 | 000,067,576 | ---- | C] () -- C:\Users\gb\Desktop\Australasian Retail Projects.pdf
[2010/03/02 17:42:17 | 000,469,340 | ---- | C] () -- C:\Users\gb\Desktop\aaweb.swf
[2010/03/02 17:34:19 | 000,078,011 | ---- | C] () -- C:\Users\gb\Desktop\Healthlinks.net (photograph...pdf
[2010/03/02 17:33:42 | 000,072,103 | ---- | C] () -- C:\Users\gb\Desktop\flash_submenu.swf
[2010/03/02 16:25:05 | 001,896,769 | ---- | C] () -- C:\Users\gb\Desktop\sample-03.pdf
[2010/03/02 13:53:16 | 000,001,206 | ---- | C] () -- C:\Users\gb\Desktop\hl issues need sorting March 2010.jsx
[2010/03/02 09:20:28 | 000,033,512 | ---- | C] () -- C:\Users\gb\Desktop\Barbecued french toast with maple syrup and berries.pdf
[2010/03/01 12:37:25 | 000,028,883 | ---- | C] () -- C:\Users\gb\Desktop\Untitled.jpg
[2010/02/28 20:38:04 | 000,051,213 | ---- | C] () -- C:\LogMeIn-0982-20100228-203802.xml
[2010/02/28 20:38:02 | 003,365,875 | ---- | C] () -- C:\LogMeIn-0982-20100228-203802.dmp
[2010/02/28 12:10:08 | 000,393,810 | ---- | C] () -- C:\Users\gb\Desktop\Whack- 'David Harradine Photography & Training.jpg
[2010/02/27 10:49:53 | 000,001,189 | ---- | C] () -- C:\Users\gb\AppData\Roaming\vso_ts_preview.xml
[2010/02/27 10:32:52 | 002,466,160 | ---- | C] () -- C:\Users\gb\Desktop\BEER_PARIS-hi.avi
[2010/02/27 10:32:17 | 005,740,763 | ---- | C] () -- C:\Users\gb\Desktop\BEER_PARIS-hi.flv
[2010/02/27 10:27:29 | 000,000,034 | ---- | C] () -- C:\Users\gb\AppData\Roaming\pcouffin.log
[2010/02/27 10:26:29 | 000,099,384 | ---- | C] () -- C:\Users\gb\AppData\Roaming\inst.exe
[2010/02/27 10:26:29 | 000,007,859 | ---- | C] () -- C:\Users\gb\AppData\Roaming\pcouffin.cat
[2010/02/27 10:26:29 | 000,001,167 | ---- | C] () -- C:\Users\gb\AppData\Roaming\pcouffin.inf
[2010/02/25 16:34:30 | 000,039,512 | ---- | C] () -- C:\Users\gb\Desktop\Warm Potato And Capsicum Sa...pdf
[2010/02/23 20:18:45 | 000,070,807 | ---- | C] () -- C:\Users\gb\Desktop\My Kitchen Rules Official S...pdf
[2010/02/21 15:26:41 | 001,046,615 | ---- | C] () -- C:\Users\gb\Desktop\_MG_3365.jpg
[2010/02/20 08:53:39 | 000,030,205 | ---- | C] () -- C:\Users\gb\Desktop\92232_2.jpg
[2010/02/17 21:17:09 | 000,204,505 | ---- | C] () -- C:\Users\gb\Desktop\3534660597_449a1eeecf.jpg
[2010/02/17 21:14:35 | 000,477,890 | ---- | C] () -- C:\Users\gb\Desktop\2i0nt2.jpg
[2010/02/16 08:36:49 | 000,106,067 | ---- | C] () -- C:\Users\gb\Desktop\WhiteRabbitFeatures_02.pdf
[2010/01/27 19:45:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/27 19:45:05 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/01/27 19:45:05 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/01/27 19:45:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/01/27 19:45:00 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/01/26 07:59:22 | 000,000,680 | ---- | C] () -- C:\Users\gb\AppData\Local\d3d9caps.dat
[2009/11/23 10:49:42 | 000,125,736 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/23 10:49:42 | 000,125,736 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/23 10:44:34 | 000,000,732 | ---- | C] () -- C:\Users\gb\AppData\Local\d3d9caps64.dat
[2009/10/16 08:51:00 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/10/14 19:07:47 | 000,708,346 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/14 17:56:30 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\csdlocalmon.dll
[2009/09/18 12:26:32 | 000,002,676 | ---- | C] () -- C:\ProgramData\afl.log
[2009/09/14 11:14:22 | 000,035,328 | ---- | C] () -- C:\Users\gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/09 18:36:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/09 18:35:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/09 15:50:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/09 14:45:54 | 000,000,778 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009/09/09 14:44:50 | 000,000,344 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/21 13:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\SysWow64\drivers\ADFUUD.SYS
[2004/08/18 07:54:40 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\EK1400.dll
[2003/10/06 19:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >




OTL Extras logfile created on: 12/03/2010 5:54:24 PM - Run 1
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\gb\Downloads
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 86.00% Memory free
32.00 Gb Paging File | 30.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135.05 Gb Total Space | 31.36 Gb Free Space | 23.22% Space Free | Partition Type: NTFS
Drive D: | 12.04 Gb Total Space | 6.17 Gb Free Space | 51.22% Space Free | Partition Type: NTFS
Drive E: | 1.95 Gb Total Space | 1.72 Gb Free Space | 88.22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.28 Gb Total Space | 191.51 Gb Free Space | 20.56% Space Free | Partition Type: FAT32

Computer Name: HP
Current User Name: gb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1399816726-2182366132-85070305-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01 [binary data]
"VistaSp2" = 21 AA 21 5C 22 31 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F3C495-8DBC-4453-8CBE-9B1A91BE9EB1}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{08EDEE8D-2283-4E90-ADF9-C97D054140EE}" = lport=9303 | protocol=17 | dir=in | name=shareport network usb utility udp port |
"{0BF19D3F-2076-400B-908F-5500A7146386}" = lport=137 | protocol=17 | dir=in | app=system |
"{10EEF7FA-1BB3-4352-B898-AFFD1FE21A0D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{14B4357B-ED1E-46E8-91D3-5379EB8BE6B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1969C703-E398-45D8-A503-679D9647186D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{459C995E-A6F7-4398-809E-959041BC920D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50E8CB88-6497-46A1-B833-45F699A21B24}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{5FF8B7CC-7E7A-412E-9160-131687CEC911}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{69A99C2C-3BCA-4B1D-8DB2-090094EDC05E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86273912-BE9C-45F0-837B-A909A626FCF7}" = rport=138 | protocol=17 | dir=out | app=system |
"{8DEFC741-C84E-487D-8DB8-92F585324B9E}" = rport=445 | protocol=6 | dir=out | app=system |
"{91F530A8-6050-4989-AA88-7753C6C2FF3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9259D0B0-CD74-4A7F-85CA-0FA99F55940C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C083BD55-EA2F-4CF9-9908-CC54574B2A80}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C6FCE923-C9AD-4F0A-8F7B-C77904F97B4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC098824-A466-4D17-A2EC-8233E9608C66}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D65BCA68-B8B4-4CB4-879E-93F295274FCE}" = rport=139 | protocol=6 | dir=out | app=system |
"{E107AC58-10A6-4273-964C-CD5ABD54E003}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1F66724-479F-475E-B6D8-9DD4B18F0D65}" = rport=137 | protocol=17 | dir=out | app=system |
"{E3E4B87B-7BDB-454F-98CA-EEACD37F2A48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5318A3E-FCF1-495C-81D5-5EF557552723}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA4ECB1B-99C2-41E1-80E4-3E71DD383DEA}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{EE0E2B70-6E6D-4313-AD73-613FB26E08F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FED7C044-98AC-4DF4-9316-9E3DB2D50C93}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{151C7FF7-50A2-4681-B345-70EF6F1876E6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{196E229A-4045-45B4-BAF1-DF4F597A5AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{248FC4AF-01CA-4DAB-AC81-791A9DBAA08A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{4F297AB1-6DD7-4319-BE26-BAF78D6D3789}" = protocol=17 | dir=in | app=c:\program files (x86)\d-link\shareport\shareport network usb utility.exe |
"{5288A48C-A6D7-45C0-851D-6AFF20987BA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53961E88-AB25-497E-9D69-3246F7423862}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8FD3DD52-1147-4ED5-BA0D-A80336225814}" = protocol=6 | dir=in | app=c:\program files (x86)\d-link\shareport\shareport network usb utility.exe |
"{9369FF5C-77C3-4467-80E2-81C5A0C81333}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A28FFBFF-C5B1-4761-9AB8-3E13F4F69D55}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{BB6849C7-608E-43E6-B1B7-9B0B0778DCB7}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{C5024398-629F-4583-B184-B0BD4CAFABB1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CC23BFA6-9214-42F6-8BDC-751AE877D944}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CCC894C8-8BF3-4C49-858D-B63F2A802191}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D0062DAA-D6A2-451F-8B5E-D7AFDDC47983}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D631AC3A-389D-4310-A4C2-C0EA65ECA649}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D7F8DEFA-19B7-4FE4-8E47-DAF1527386F0}" = protocol=6 | dir=in | app=c:\program files (x86)\d-link\shareport\shareport.exe |
"{E0B73871-F1BB-4178-BCD2-90FB3AE60689}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F34662B9-E546-4A49-BABB-0A997B7D9530}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FD1BA9B9-4877-475A-B0F4-1F7464558B52}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FE1A9A2A-AE59-45B1-BF43-F03852133D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\d-link\shareport\shareport.exe |
"TCP Query User{4CB7ECDA-905F-4421-A54D-2DD912C7A0D6}C:\program files (x86)\networx\networx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\networx\networx.exe |
"UDP Query User{84C83703-4FE1-4249-A38C-DFE63E224752}C:\program files (x86)\networx\networx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\networx\networx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2C22EA92-CB30-4932-0050-000001000000}" = InfraRecorder 0.50 (x64 edition)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{68451E5C-0A9C-4D5C-8D06-6E296242E908}" = 64 Bit HP CIO Components Installer
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{7523EFAC-5445-4E89-BD90-84E0D0110690}" = Adobe Photoshop Lightroom 2.6 64-bit
"{813CE4B9-A995-4709-9459-8694532E408E}" = Motorola Driver Installation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A5F39441-3414-4db2-9A71-0BA8AB3CB16A}" = HP Color LaserJet CP2020 Series 2.0
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{C6B80683-42E1-44BB-AB00-01DE6B82A393}" = ESET Smart Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E86AA946-5CE2-4C21-B660-D2C186B6FDB3}" = Broadcom Management Programs
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v2.7.0
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03BFDA4C-5233-4EB6-8BD7-8D0AE3044757}" = HP Performance Tuning Framework
"{04BCB992-A9E6-427D-BC66-E92BB76BE97A}" = WD Discovery Software
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{083286D9-7F95-4CE6-B0CD-667BA492D30E}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{270F9094-DF19-40C9-9DBE-E2DD37614FDD}" = Adobe Media Encoder CS4 Importer
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C8E6416-90F8-445E-B2BF-8D4809F41C6E}" = Adobe Setup
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A11F2DD-4B32-4B46-8FE6-B6A733710A9F}" = Adobe Setup
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50457424-3627-4A74-896A-C4E66E8A5ED3}" = Adobe Soundbooth CS4 Codecs
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}" = GPSoftware Directory Opus
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E2BAA32-5832-4790-BD2A-27C8A0B81A60}" = KODAK Photo Printer Visual Calibration Utility
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84713778-D9A9-4130-A811-DF3187827B05}" = LogMeIn
"{86716F6A-8D43-A86A-35CB-7D0996C45AB2}" = Adobe Configurator
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderCP2020
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EEEC57-B4A4-4E0E-80DB-85E251452FBD}" = Adobe Setup
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9B8ACEA2-BA21-4A91-A950-144FED3ED133}" = TinEye Internet Explorer plugin 1.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3219E9A-21DA-468D-A693-38B5F3BFCD5A}" = Adobe Premiere Pro CS4 Third Party Content
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC989DD9-AF71-4F93-B4E2-32246C4B8121}" = Adobe Setup
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD93253E-9CB3-425B-A13F-12D5DF0E8FDF}" = Adobe Encore CS4 Codecs
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C71607E2-84EC-4C1F-A649-82E530920C23}" = Adobe Setup
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C8E0D4A2-A9DB-4BE9-AC02-EE4FCCFBE2DE}" = SharePort
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{de714b50-b628-4e2f-9ef2-557700a2c71c}" = Nero 9 Lite
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E4B4F6AA-0653-4418-A84B-70D437C28A66}" = Adobe Media Encoder CS4 Exporter
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5371573-B045-4A4C-9171-6D99C8FAC876}" = Adobe After Effects CS4 Third Party Content
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF22AEE0-B939-948F-320C-2875066E97D9}" = WhiteRabit
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adjustment Pattern software utility" = Adjustment Pattern software utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_15f4da9bfad48542a17f089e7c5e0ab" = Adobe After Effects CS4 Third Party Content
"Adobe_674de92534e78ca5194a049722987cc" = Adobe Media Encoder CS4 Exporter
"Adobe_9107cc52ed6a148a98fad4f22b15a79" = Adobe Media Encoder CS4 Importer
"Adobe_9b958ea8d24603f456607d2d2b80eb2" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_a6ee7809a2267098a2ba2aebaa7d7d3" = Adobe Soundbooth CS4 Codecs
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_b3449bacc3f59b3b46b353ca9840034" = Adobe Encore CS4 Codecs
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVIConverter" = AVIConverter 2.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BeyondCompare3_is1" = Beyond Compare Version 3.1.10
"ClipX" = ClipX
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.configurator.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Configurator
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"EPSON Scanner" = EPSON Scan
"ImgBurn" = ImgBurn
"iriver plus 3" = iriver plus 3 (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.10
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.8 (Full) BETA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Movie Converter" = Movie Converter (remove only)
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NetWorx_is1" = NetWorx 5.1
"Nokia PC Suite" = Nokia PC Suite
"PDF Complete" = PDF Complete
"Photodex Presenter" = Photodex Presenter
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProShow Plugin for Lightroom" = ProShow Plugin for Lightroom
"ProShow Producer" = ProShow Producer
"PSPad editor_is1" = PSPad editor
"Smart Defrag_is1" = Smart Defrag
"Spyder3Elite" = Spyder3Elite
"SpywareBlaster_is1" = SpywareBlaster 4.2
"VSO Inspector_is1" = VSO Inspector 2.0.2
"WhiteRabit.88343F46CE3BCE9FF7ECE6B54C042C5ABDD0324A.1" = WhiteRabit

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1399816726-2182366132-85070305-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"ICUII" = ICUII

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/03/2010 2:02:18 AM | Computer Name = HP | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/03/2010 4:39:40 PM | Computer Name = HP | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 5/03/2010 3:32:53 AM | Computer Name = HP | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 6/03/2010 11:03:02 PM | Computer Name = HP | Source = Windows Search Service | ID = 3024
Description =

Error - 7/03/2010 1:55:01 AM | Computer Name = HP | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 7/03/2010 11:46:31 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application ConvertXtoDvd.exe, version 4.0.9.322, time stamp
0x4b20372a, faulting module ConvertXtoDvd.exe, version 4.0.9.322, time stamp 0x4b20372a,
exception code 0xc0000005, fault offset 0x00005ae6, process id 0x137c, application
start time 0x01cabe6f3693d15b.

Error - 7/03/2010 11:46:33 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application ConvertXtoDvd.exe, version 4.0.9.322, time stamp
0x4b20372a, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
exception code 0xc0000005, fault offset 0x0005a6e2, process id 0x137c, application
start time 0x01cabe6f3693d15b.

Error - 9/03/2010 4:58:01 PM | Computer Name = HP | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 9/03/2010 8:01:15 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.4518.1014, time stamp
0x4542840f, faulting module OGL.DLL_unloaded, version 0.0.0.0, time stamp 0x454285ac,
exception code 0xc0000005, fault offset 0x6e7df06f, process id 0x1208, application
start time 0x01cabfe4c51131c9.

Error - 10/03/2010 4:41:58 PM | Computer Name = HP | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

[ OSession Events ]
Error - 19/09/2009 5:01:56 AM | Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7342
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/12/2009 6:30:33 PM | Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 351
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/03/2010 8:01:15 PM | Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/03/2010 2:44:55 AM | Computer Name = HP | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/03/2010 2:45:00 AM | Computer Name = HP | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/03/2010 2:45:00 AM | Computer Name = HP | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/03/2010 2:45:12 AM | Computer Name = HP | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/03/2010 2:45:18 AM | Computer Name = HP | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 12/03/2010 2:45:25 AM | Computer Name = HP | Source = Print | ID = 19
Description = The print spooler failed to share printer KODAK 6800 Printer with
shared resource name KODAK 6800 Printer. Error 2114. The printer cannot be used
by others on the network.

Error - 12/03/2010 2:45:25 AM | Computer Name = HP | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Color LaserJet CP2020
Series PCL 6 with shared resource name HP Color LaserJet CP2020 Series PCL 6. Error
2114. The printer cannot be used by others on the network.

Error - 12/03/2010 2:45:25 AM | Computer Name = HP | Source = Print | ID = 19
Description = The print spooler failed to share printer Adobe PDF with shared resource
name Adobe PDF. Error 2114. The printer cannot be used by others on the network.

Error - 12/03/2010 2:45:46 AM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description =

Error - 12/03/2010 2:46:22 AM | Computer Name = HP | Source = DCOM | ID = 10016
Description =


< End of report >


Cheers,

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:12 AM

Posted 12 March 2010 - 09:36 AM

Hello, ucmego.
Yes, it's a pretty neat tool smile.gif

I can't seem to see anything out of the ordinary from your logs. Could you please describe in more detail the redirects you are having? Are you having them with certain websites? Do they happen with both FF and IE?

We need to run a custom OTL fix
  1. Please run OTL on your desktop.
  2. Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not copy the word "code".
    CODE
    :Files
    C:\ProgramData\ezsidmv.dat
    C:\ProgramData\sdpsenv.dat
  3. Click the Run Fix button
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click OK
  6. A report will open. Copy and Paste that report in your next reply.

In your next reply, please include the following:
  • OTL Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 ucmego

ucmego
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 12 March 2010 - 05:52 PM

Hi,

Here is a copy of what the log produced hope we have done this right.

========== FILES ==========
C:\ProgramData\ezsidmv.dat moved successfully.
C:\ProgramData\sdpsenv.dat moved successfully.

OTL by OldTimer - Version 3.1.36.1 log created on 03132010_094521

Also check this link http://i39.tinypic.com/t020c6.j have pasted some details in the image with error & issues.

Cheers,


#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:12 AM

Posted 12 March 2010 - 06:20 PM

Hi!

About the OTL: Yes, it could be that you had a drive that had no disk in, which would cause the error. Since I'm not the author of OTL, I'm not sure on how it scans for drives.

Skypenames2.exe: This looks like it belongs to the skype toolbar. From your first DDS log:
CODE
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

So perhaps you installed this toolbar along with skype without realizing it?

If you'd like, we can scan it for malware.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
  1. Go to the Jotti website
  2. When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

    C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

  3. Please post back the results of the scan in your next post.
**Note:If Jotti is busy, try the same at Virustotal
**Note: No logs will be produced. You can either copy/paste the results into your reply, or you can state the infection found (if any) and the scanner that found it


Redirection link:
I'm assuming you get this just as you click a link from a google search? If so, that's fine. Google uses a special redirection link so that they can count how their users search through results, and how traffic moves according to results presented. They use it so that they get paid for moving traffic to ones website (hence, a 'sponsored' link). I tried searching for Nero, as in your search.

If I use the sponsored link, I'm taken to the following redirect link:
http://www.google.com/aclk?sa=l&ai=Ce-...6ResCode%3DOSEM

Let me know if you have any more questions. Otherwise, we can proceed with a cleanup.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 ucmego

ucmego
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 12 March 2010 - 10:15 PM

Hi,

The results show all clear here is a copy.
Just a question then when the SkypeNames2.exe comes up should we be allowing this or deny as per image shown in the previous post.

Scanners
[ArcaVir]
2010-03-10 Found nothing
[F-Secure Anti-Virus]
2010-03-11 Found nothing
[A-Squared]
2010-03-11 Found nothing
[G DATA]
2010-03-11 Found nothing
[Avast! antivirus]
2010-03-10 Found nothing
[Ikarus]
2010-03-11 Found nothing
[Grisoft AVG Anti-Virus]
2010-03-10 Found nothing
[Kaspersky Anti-Virus]
2010-03-11 Found nothing
[Avira AntiVir]
2010-03-10 Found nothing
[ESET NOD32]
2010-03-10 Found nothing
[Softwin BitDefender]
2010-03-11 Found nothing
[Panda Antivirus]
2010-03-10 Found nothing
[ClamAV]
2010-03-11 Found nothing
[Quick Heal]
2010-03-11 Found nothing
[CPsecure]
2010-03-11 Found nothing
[Sophos]
2010-03-11 Found nothing
[Dr.Web]
2010-03-11 Found nothing
[VirusBlokAda VBA32]
2010-03-08 Found nothing
[Frisk F-Prot Antivirus]
2010-03-10 Found nothing
[VirusBuster]
2010-03-10 Found nothing


Cheers,

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:12 AM

Posted 12 March 2010 - 10:32 PM

Hello, ucmego.
Personally, I'm not the greatest fan of toolbars so I don't have any of them installed. I did a bit of searching for what Skype Toolbar actually does and it says that it allows you to make phone calls through the toolbar. So, I don't believe that it is necessary for you to allow it to connect every time.

If you do use Skype, then I recommend that you simply uninstall the toolbar, and just install the main program in itself. That way, you won't have the toolbar constantly asking you permission to use your internet connection.

Let me know if you have any more questions, otherwise, I can close this topic. Let's clean up smile.gif
We need to clean up using OTL
  1. Please run OTL on your desktop.
  2. Click the CleanUp button




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif
Hiding Hidden Files
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
-----
Purging System Restore Points
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
  2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  3. Then go to Start > Run and type: Cleanmgr
  4. Click "OK".
  5. Click the "More Options" Tab.
  6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  4. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  5. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 ucmego

ucmego
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 12 March 2010 - 11:11 PM

Hi,

That's all from me thank you for your help & the info as well.

Cheers,

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:12 AM

Posted 12 March 2010 - 11:14 PM

No problem! My pleasure smile.gif

Since this problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please send me a PM with the address of this thread. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users