Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect / possible back door


  • This topic is locked This topic is locked
11 replies to this topic

#1 Pennycake

Pennycake

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 05 June 2010 - 10:46 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/321955/google-redirect-possible-back-door/ ~ OB

-----reposted----
System :
Windows 7 x64 bit

Current Antivirus programs :
Avast internet security/Malaware bytes



About an hour ago I was in the middle of a game when I was alerted out of it by avast. I was spammed with a series of red avast popup virus alerts, never had something like that happen before. I usually have a good track record of keeping my computer clean. My windows is always kept updated, scan from time to time and they usually come up with 3 or 4 low warning trojans.

I immediately ran malaware while I looked at the avast virus chest:

Avast internet protection chest:

--------From today
Win32:Malware-gen
Win32:Kates-BQ[trj]
Win32:Alureon-GP[Rtk]
Win32:crypt-GOE[Drp]
------old
Win32:adware-gen[adw]
AutoRun-G[wrm]


---------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/5/2010 8:44:48 PM
mbam-log-2010-06-05 (20-44-48).txt

Scan type: Quick scan
Objects scanned: 122539
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Users\Rex\AppData\Local\Temp\edigtw32.exe (Virus.Agent) -> Unloaded process successfully.
C:\Users\Rex\AppData\Local\Temp\edigtw32.exe (Virus.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Rex\AppData\Local\Temp\edigtw32.exe (Virus.Agent) -> Quarantined and deleted success

-----reposted----


Also for the google redirect issue,

When i will enter something in the google bar and do a normal serch, the end result would be something like this:
http://smg.photobucket.com/albums/v519/Lio...ent=1264684.png

normal address ( ? ): http://www.google.com/#hl=en&source=hp...4bfdb483f3d4181]http://www.google.com/#hl=en&source=hp...4bfdb483f3d4181

But since i got the alerts i've been getting a page result that looks suspicious, it lacks the images and the side menu bar from the top pic :
http://smg.photobucket.com/albums/v519/Lio...ent=1252625.png

suspicious search address: http://search.wish-search.com/index.php?cx...0101027100#1137]http://search.wish-search.com/index.php?cx...0101027100#1137

-----reposted----





DDS (Ver_10-03-17.01) - NTFSX64
Run by Rex at 22:39:37.49 on Sat 06/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4093.2392 [GMT -4:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIEMA.EXE
C:\Windows\System32\spool\drivers\x64\3\E_IATIEMA.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\ScreenGrab\ScreenGrab.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rex\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files (x86)\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files (x86)\aim toolbar\aimtb.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files (x86)\bitcomet\tools\BitCometBHO_1.4.4.13.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files (x86)\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files (x86)\aim toolbar\aimtb.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
uRun: [EPSON Artisan 800 Series] c:\windows\system32\spool\drivers\x64\3\e_iatiema.exe /fu "c:\windows\temp\E_S294D.tmp" /EF "HKCU"
uRun: [EPSON546CD9] c:\windows\system32\spool\drivers\x64\3\e_iatiema.exe /fu "c:\windows\temp\E_S5EE2.tmp" /EF "HKCU"
uRun: [AdobeBridge]
uRun: [Aim] "c:\program files (x86)\aim\aim.exe" /d locale=en-US
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [EEventManager] c:\progra~2\epsons~1\eventm~1\EEventManager.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [beqerlej] c:\windows\system32\config\systemprofile\appdata\local\vgbgsslfi\jsgwwektssd.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files (x86)\bitcomet\tools\BitCometBHO_1.4.4.13.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
mRun-x64: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun-x64: [NVRaidService] c:\windows\system32\nvraidservice.exe
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files (x86)\stardock\fences\FencesMenu64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rex\appdata\roaming\mozilla\firefox\profiles\ktf0s1cw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - component: c:\users\rex\appdata\roaming\mozilla\firefox\profiles\ktf0s1cw.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\tabletplugins\npwacom.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-2-26 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-5-31 250448]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-2-27 54480]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-5-31 124496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-5-31 424016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-26 121936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-26 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-26 63568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-5-31 119200]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
R2 SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-4-28 120832]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-5-11 6245744]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 25088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe --> c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-2-27 1038088]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
S3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\drivers\lvsels64.sys [2009-10-7 67992]
S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-5-11 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1255736]

=============== Created Last 30 ================

2010-06-06 00:42:53 0 d-----w- c:\users\rex\appdata\roaming\SUPERAntiSpyware.com
2010-06-06 00:42:53 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-06 00:42:47 0 d-----w- c:\programdata\SASCORE
2010-06-06 00:42:45 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-06 00:00:21 0 d-----w- c:\programdata\Update
2010-06-05 16:17:51 0 d-----w- c:\program files (x86)\IObit
2010-06-05 15:32:53 0 d-----w- c:\program files (x86)\common files\Corel
2010-06-05 15:32:39 0 d-----w- c:\program files (x86)\common files\Protexis
2010-06-05 15:31:40 0 d-----w- c:\program files (x86)\Corel
2010-06-04 00:42:28 53248 ----a-w- c:\users\rex\lametritonus_en.dll
2010-06-04 00:42:28 162304 ----a-w- c:\users\rex\lame_enc_en.dll
2010-06-04 00:09:37 0 d-----w- c:\program files (x86)\vanBasco's Karaoke Player
2010-05-31 12:54:06 424016 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-05-31 12:54:04 124496 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-05-31 12:53:56 250448 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-05-26 21:55:47 0 d-----w- C:\GamepotUSA
2010-05-26 05:09:53 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-26 05:09:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 03:03:52 0 d-----w- c:\program files\Ventrilo
2010-05-24 03:03:45 262 ----a-w- c:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2010-05-23 16:32:48 0 d-----w- c:\program files (x86)\LogMeIn Hamachi
2010-05-23 15:04:42 0 d-----w- c:\program files (x86)\Pixologic
2010-05-21 23:41:34 0 d---a-w- c:\programdata\TEMP
2010-05-21 23:40:59 489480 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-05-21 23:39:13 0 d-----w- c:\windows\syswow64\directx
2010-05-21 23:18:54 0 d-----w- c:\programdata\PMB Files
2010-05-21 23:18:47 0 d-----w- c:\program files (x86)\Pando Networks
2010-05-19 04:31:10 0 d-----w- c:\program files (x86)\AIM
2010-05-16 05:23:44 0 d-----w- c:\users\rex\appdata\roaming\Stardock
2010-05-16 05:23:43 0 dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-05-16 05:23:41 0 d-----w- c:\program files (x86)\Stardock
2010-05-15 21:49:03 0 d-----w- c:\users\rex\appdata\roaming\ProspectorV5
2010-05-15 21:48:39 0 d-----w- c:\program files (x86)\MoxieProxy
2010-05-15 21:48:05 0 d-----w- c:\windows\Downloaded Installations
2010-05-14 05:32:15 0 d-----w- c:\windows\system32\appmgmt
2010-05-11 22:26:13 9056624 ----a-w- c:\windows\system32\WacomTablet.cpl
2010-05-11 22:26:13 1746986 ----a-w- c:\windows\system32\WacomTablet.znc
2010-05-11 22:26:04 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-05-11 22:25:57 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-05-11 22:25:56 0 d-----w- c:\windows\system32\WTablet
2010-05-11 22:25:51 359424 ----a-w- c:\windows\system32\Wintab32.dll
2010-05-11 22:25:48 6245744 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-05-11 22:25:48 488816 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-05-11 22:25:48 415600 ----a-w- c:\windows\syswow64\Wacom_Tablet.dll
2010-05-11 22:25:48 294400 ----a-w- c:\windows\syswow64\Wintab32.dll
2010-05-11 22:25:46 0 d-----w- c:\program files (x86)\Tablet
2010-05-11 22:13:03 0 d-----w- c:\users\rex\appdata\roaming\WTablet
2010-05-11 22:12:42 18216 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2010-05-11 22:09:15 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 22:09:14 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-11 21:57:57 123 ----a-w- c:\windows\system32\WacomTabletUserDefaults.xml

==================== Find3M ====================

2010-06-05 15:34:07 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-05 15:33:21 88 --sh--r- c:\programdata\16C6289F11.sys
2010-05-22 17:58:31 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-12 15:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 20:59:57 38848 ----a-w- c:\windows\syswow64\avastSS.scr
2010-05-06 20:59:36 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-05-06 20:34:14 63568 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-29 19:39:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 11:09:05 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-04-22 11:09:05 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-22 11:09:05 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-22 11:09:05 145184 ----a-w- c:\windows\syswow64\java.exe
2010-04-03 22:42:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 22:42:00 14828648 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 22:42:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 22:42:00 1067624 ----a-w- c:\windows\system32\nvsvc64.dll
2010-03-16 06:51:59 239208 ----a-w- c:\windows\system32\nvcod1910.dll
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-26 23:09:00 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:40:19.66 ===============

Attached Files


Edited by Orange Blossom, 06 June 2010 - 12:59 PM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:29 AM

Posted 09 June 2010 - 10:55 AM

Hi Pennycake, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Pennycake

Pennycake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 14 June 2010 - 01:54 AM

OTL logfile created on: 6/14/2010 2:45:26 AM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Rex\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 329.30 Gb Free Space | 70.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIN
Current User Name: Rex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/14 02:36:08 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rex\Desktop\OTL.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/06 16:59:25 | 000,119,200 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/04/02 12:45:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2009/07/13 21:14:42 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (SafeList) ==========

MOD - [2010/06/14 02:36:08 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rex\Desktop\OTL.exe
MOD - [2009/07/13 21:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/06 16:59:25 | 000,119,200 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2010/04/28 11:23:07 | 000,120,832 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (SASCORE)
SRV:64bit: - [2010/03/08 15:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/02/27 07:07:28 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/02/26 19:23:02 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/01/07 15:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 15:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/04/16 03:06:01 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/02/27 07:05:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/06 16:41:36 | 000,124,496 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2010/05/06 16:41:23 | 000,424,016 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2010/05/06 16:40:55 | 000,250,448 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2010/05/06 16:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/05/06 16:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/05/06 16:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/05/06 16:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/06 16:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/01/24 14:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/09 16:22:06 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)
DRV:64bit: - [2009/10/07 08:48:08 | 000,067,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvsels64.sys -- (lvsels64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/21 15:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2009/07/13 20:06:57 | 000,551,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009/07/13 20:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/07/13 20:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009/07/13 20:06:52 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/02/26 18:16:19 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 8D 5D F1 19 B7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-flv"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-flv"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/22 23:09:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/30 09:04:53 | 000,000,000 | ---D | M]

[2010/04/22 23:09:41 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Mozilla\Extensions
[2010/04/23 22:39:22 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\dskp0x8r.default\extensions
[2010/04/23 22:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\dskp0x8r.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/04/23 22:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\dskp0x8r.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/06/13 12:56:44 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\extensions
[2010/04/23 22:39:23 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/06/05 11:52:01 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/06/05 11:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/04/23 22:39:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/23 22:38:19 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/23 22:39:22 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\extensions\foxmarks@kei.com
[2010/04/23 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\extensions\piclens@cooliris.com
[2010/04/23 00:12:36 | 000,002,267 | ---- | M] () -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ktf0s1cw.default\searchplugins\aim-search.xml
[2010/06/13 12:56:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/23 22:39:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/02/21 06:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/22 07:09:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/02 12:56:48 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [EPSON Artisan 800 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEMA.EXE File not found
O4 - HKCU..\Run: [EPSON546CD9] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEMA.EXE File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/26 02:34:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/14 02:36:00 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Rex\Desktop\OTL.exe
[2010/06/08 20:37:56 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/08 20:37:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/08 20:37:53 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/08 20:37:53 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/08 20:37:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/08 20:37:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/08 20:37:47 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/08 20:37:47 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/08 20:37:47 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/08 20:37:46 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/08 20:37:46 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/08 20:37:46 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/08 20:37:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/08 20:37:46 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/08 20:37:46 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/08 20:37:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/05 20:42:53 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/05 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/05 20:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SASCORE
[2010/06/05 20:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/05 20:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/06/05 12:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/06/05 11:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2010/06/05 11:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2010/06/05 11:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/06/05 11:18:13 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Epic CapsRus
[2010/06/03 20:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vanBasco's Karaoke Player
[2010/05/31 08:54:06 | 000,424,016 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/05/31 08:54:04 | 000,124,496 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2010/05/31 08:53:56 | 000,250,448 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2010/05/26 17:55:47 | 000,000,000 | ---D | C] -- C:\GamepotUSA
[2010/05/23 23:04:21 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Roaming\Ventrilo
[2010/05/23 23:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/05/23 12:33:13 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Local\LogMeIn Hamachi
[2010/05/23 12:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2010/05/23 11:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pixologic
[2010/05/23 06:55:20 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Traditional Artists
[2010/05/21 19:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/05/21 19:41:12 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/05/21 19:41:12 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/05/21 19:41:12 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/05/21 19:41:12 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/05/21 19:41:12 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/05/21 19:41:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/05/21 19:41:11 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/05/21 19:41:11 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/05/21 19:41:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/05/21 19:41:11 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/05/21 19:41:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/05/21 19:41:10 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/05/21 19:41:09 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/05/21 19:41:09 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/05/21 19:41:07 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/05/21 19:41:07 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/05/21 19:41:07 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/05/21 19:41:07 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/05/21 19:41:07 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/05/21 19:41:07 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/05/21 19:41:06 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/05/21 19:41:06 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/05/21 19:41:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/05/21 19:41:06 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/05/21 19:41:06 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/05/21 19:41:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/05/21 19:41:05 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/05/21 19:41:05 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/05/21 19:41:05 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/05/21 19:41:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/05/21 19:41:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/05/21 19:41:05 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/05/21 19:41:05 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/05/21 19:41:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/05/21 19:41:04 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/05/21 19:41:04 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/05/21 19:41:04 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/05/21 19:41:04 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/05/21 19:41:04 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/05/21 19:41:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/05/21 19:41:03 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/05/21 19:41:03 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/05/21 19:41:03 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/05/21 19:41:03 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/05/21 19:41:03 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/05/21 19:41:03 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/05/21 19:41:03 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/05/21 19:41:03 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/05/21 19:41:03 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/05/21 19:41:03 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/05/21 19:41:02 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/05/21 19:41:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/05/21 19:41:02 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/05/21 19:41:02 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/05/21 19:41:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/05/21 19:41:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/05/21 19:41:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/05/21 19:41:02 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/05/21 19:41:02 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/05/21 19:41:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/05/21 19:41:01 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/05/21 19:41:01 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/05/21 19:41:01 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/05/21 19:41:01 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/05/21 19:41:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/05/21 19:41:01 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/05/21 19:41:01 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/05/21 19:41:01 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/05/21 19:41:00 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/05/21 19:41:00 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/05/21 19:41:00 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/05/21 19:41:00 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/05/21 19:41:00 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/05/21 19:41:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/05/21 19:41:00 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/05/21 19:41:00 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/05/21 19:40:59 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/05/21 19:40:59 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/05/21 19:40:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/05/21 19:40:59 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/05/21 19:40:58 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/05/21 19:40:58 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/05/21 19:40:58 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/05/21 19:40:58 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/05/21 19:40:58 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/05/21 19:40:58 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/05/21 19:40:57 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/05/21 19:40:57 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/05/21 19:40:57 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/05/21 19:40:57 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/05/21 19:40:56 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/05/21 19:40:56 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/05/21 19:40:56 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/05/21 19:40:56 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/05/21 19:40:55 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/05/21 19:40:55 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/05/21 19:40:55 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/05/21 19:40:55 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/05/21 19:40:55 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/05/21 19:40:55 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/05/21 19:40:55 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/05/21 19:40:55 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/05/21 19:40:54 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/05/21 19:40:54 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/05/21 19:40:54 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/05/21 19:40:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/05/21 19:40:54 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/05/21 19:40:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/05/21 19:40:54 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/05/21 19:40:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/05/21 19:40:54 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/05/21 19:40:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/05/21 19:40:53 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/05/21 19:40:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/05/21 19:40:53 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/05/21 19:40:53 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/05/21 19:40:52 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/05/21 19:40:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/05/21 19:40:52 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/05/21 19:40:52 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/05/21 19:40:52 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/05/21 19:40:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/05/21 19:40:52 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/05/21 19:40:52 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/05/21 19:40:51 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/05/21 19:40:51 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/05/21 19:40:51 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/05/21 19:40:51 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/05/21 19:40:51 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/05/21 19:40:51 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/05/21 19:40:50 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/05/21 19:40:50 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/05/21 19:40:50 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/05/21 19:40:50 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/05/21 19:40:50 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/05/21 19:40:50 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/05/21 19:40:50 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/05/21 19:40:50 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/05/21 19:40:49 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/05/21 19:40:49 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/05/21 19:40:49 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/05/21 19:40:49 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/05/21 19:40:49 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/05/21 19:40:49 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/05/21 19:40:49 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/05/21 19:40:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/05/21 19:40:48 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/05/21 19:40:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/05/21 19:40:47 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/05/21 19:40:47 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/05/21 19:40:46 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/05/21 19:40:46 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/05/21 19:40:46 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/05/21 19:40:46 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/05/21 19:40:45 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/05/21 19:40:45 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/05/21 19:40:45 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/05/21 19:40:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/05/21 19:40:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/05/21 19:40:45 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/05/21 19:40:44 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/05/21 19:40:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/05/21 19:40:43 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/05/21 19:40:43 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/05/21 19:40:43 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/05/21 19:40:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/05/21 19:39:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/05/21 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Ref-Manga
[2010/05/21 19:37:46 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Ref-American Comics
[2010/05/21 19:36:12 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Ref-Anatomy
[2010/05/21 19:35:07 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Ref-Japanese Movies
[2010/05/21 19:33:31 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Ref-American Movies
[2010/05/21 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Logs
[2010/05/21 19:26:59 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Artist Friends
[2010/05/21 19:21:35 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Illustrator Files
[2010/05/21 19:18:55 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Local\PMB Files
[2010/05/21 19:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/05/21 19:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/05/21 17:29:43 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Square Enix Contest
[2010/05/20 22:43:28 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\143CANON
[2010/05/19 00:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2010/05/18 19:39:13 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Sai Files
[2010/05/18 19:34:52 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Open Canvas Files
[2010/05/16 02:43:15 | 000,000,000 | R--D | C] -- C:\Users\Rex\Desktop\EPIC Rearrenger
[2010/05/16 02:09:44 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Video
[2010/05/16 01:35:43 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Painter Files
[2010/05/16 01:35:32 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Photoshop Files
[2010/05/16 01:23:44 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Roaming\Stardock
[2010/05/16 01:23:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/05/16 01:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010/05/16 01:23:28 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Local\PackageAware
[2010/05/15 23:52:49 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Icon SETs
[2010/05/15 23:49:42 | 000,000,000 | R--D | C] -- C:\Users\Rex\Desktop\Games
[2010/05/15 23:37:39 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Tech advice- Tech how 2s
[2010/05/15 23:36:35 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\Watercolor Research
[2010/05/15 17:49:03 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Roaming\ProspectorV5
[2010/05/15 17:49:03 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Local\IsolatedStorage
[2010/05/15 17:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MoxieProxy
[2010/05/15 17:48:05 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Rex\Documents\*.tmp files -> C:\Users\Rex\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/14 02:46:21 | 004,980,736 | -HS- | M] () -- C:\Users\Rex\ntuser.dat
[2010/06/14 02:36:08 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rex\Desktop\OTL.exe
[2010/06/13 22:16:22 | 000,800,989 | ---- | M] () -- C:\Users\Rex\Desktop\badgedone.jpg
[2010/06/13 22:15:57 | 006,230,996 | ---- | M] () -- C:\Users\Rex\Desktop\completedbaby.psd
[2010/06/13 21:00:28 | 002,850,816 | ---- | M] () -- C:\Users\Rex\Desktop\completedbaby.sai
[2010/06/13 20:59:51 | 000,738,197 | ---- | M] () -- C:\Users\Rex\Desktop\completedbaby.jpg
[2010/06/13 20:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/06/13 20:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/06/13 19:50:55 | 002,264,672 | ---- | M] () -- C:\Users\Rex\Desktop\665drfgfrrr21649.psd
[2010/06/13 19:50:20 | 004,993,024 | ---- | M] () -- C:\Users\Rex\Desktop\665drrrr21649.sai
[2010/06/13 19:50:03 | 002,263,788 | ---- | M] () -- C:\Users\Rex\Desktop\665drrrr21649.psd
[2010/06/13 19:39:18 | 000,564,639 | ---- | M] () -- C:\Users\Rex\Desktop\665drrrr21649.png
[2010/06/13 16:07:20 | 000,532,797 | ---- | M] () -- C:\Users\Rex\Desktop\665d21649.png
[2010/06/13 13:09:22 | 000,427,205 | ---- | M] () -- C:\Users\Rex\Desktop\66521649.png
[2010/06/13 12:52:54 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 12:52:54 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 12:45:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/13 12:45:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/13 12:45:20 | 3219,234,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 05:45:36 | 006,937,611 | -H-- | M] () -- C:\Users\Rex\AppData\Local\IconCache.db
[2010/06/12 19:14:19 | 018,709,224 | ---- | M] () -- C:\Users\Rex\Desktop\penny.psd
[2010/06/12 14:27:56 | 001,969,366 | ---- | M] () -- C:\Users\Rex\Documents\ssa.wpe
[2010/06/12 12:03:57 | 000,146,921 | ---- | M] () -- C:\Users\Rex\Documents\lolwhat.wpe
[2010/06/09 03:18:16 | 004,677,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/08 22:08:47 | 000,001,095 | ---- | M] () -- C:\Users\Rex\Desktop\Trillian.lnk
[2010/06/05 22:11:58 | 000,000,162 | -H-- | M] () -- C:\Users\Rex\Documents\~$System.docx
[2010/06/05 22:04:01 | 000,010,449 | ---- | M] () -- C:\Users\Rex\Documents\System.docx
[2010/06/05 20:42:47 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/05 12:17:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010/06/05 11:34:07 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/05 11:33:21 | 000,000,088 | RHS- | M] () -- C:\ProgramData\16C6289F11.sys
[2010/06/05 11:27:41 | 000,019,778 | ---- | M] () -- C:\Users\Rex\Desktop\DSC09851.JPG
[2010/06/05 11:13:09 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/06/03 22:03:47 | 000,162,129 | ---- | M] () -- C:\Users\Rex\Documents\Untitled (8).wma
[2010/06/03 21:51:26 | 001,001,759 | ---- | M] () -- C:\Users\Rex\Documents\Untitled (7).wma
[2010/06/03 21:48:44 | 000,521,329 | ---- | M] () -- C:\Users\Rex\Documents\Untitled (6).wma
[2010/06/03 21:47:45 | 000,153,149 | ---- | M] () -- C:\Users\Rex\Documents\Untitled (5).wma
[2010/06/03 20:49:04 | 000,238,459 | ---- | M] () -- C:\Users\Rex\Documents\Untitled (4).wma
[2010/06/03 20:42:29 | 000,053,248 | ---- | M] () -- C:\Users\Rex\lametritonus_en.dll
[2010/06/03 20:42:28 | 000,162,304 | ---- | M] () -- C:\Users\Rex\lame_enc_en.dll
[2010/06/03 20:36:20 | 001,158,909 | ---- | M] () -- C:\Users\Rex\Documents\Untitled (3).wma
[2010/06/03 20:31:35 | 002,847,149 | ---- | M] () -- C:\Users\Rex\Documents\Untitled (2).wma
[2010/06/03 20:23:50 | 002,447,539 | ---- | M] () -- C:\Users\Rex\Documents\Untitled.wma
[2010/06/03 20:19:18 | 000,108,249 | ---- | M] () -- C:\Users\Rex\Documents\fgfdgfd.wma
[2010/06/03 20:16:11 | 001,257,689 | ---- | M] () -- C:\Users\Rex\Documents\lols!.wma
[2010/06/03 20:09:37 | 000,001,065 | ---- | M] () -- C:\Users\Rex\Desktop\vanBasco's Karaoke Player.lnk
[2010/05/31 08:53:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/05/31 08:53:35 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/05/28 20:07:51 | 000,996,837 | ---- | M] () -- C:\Users\Rex\Desktop\IMG_4436.JPG
[2010/05/27 03:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/27 02:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/27 00:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 23:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/05/26 23:34:35 | 004,718,802 | ---- | M] () -- C:\Users\Rex\Desktop\10 - Great Divide.mp3
[2010/05/26 18:21:52 | 000,447,659 | ---- | M] () -- C:\Users\Rex\Desktop\loltablet.jpg
[2010/05/26 18:12:03 | 000,904,521 | ---- | M] () -- C:\Users\Rex\Desktop\IMG_4407.JPG
[2010/05/26 17:58:53 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\Fantasy Earth Zero.lnk
[2010/05/26 17:53:57 | 000,000,000 | ---- | M] () -- C:\Users\Rex\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock
[2010/05/23 23:03:55 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/05/23 23:03:54 | 000,000,917 | ---- | M] () -- C:\Users\Rex\Desktop\Ventrilo.lnk
[2010/05/23 16:40:32 | 002,917,404 | ---- | M] () -- C:\Users\Rex\Documents\lolbeanywtf.wpe
[2010/05/23 13:58:12 | 001,305,374 | ---- | M] () -- C:\Users\Rex\Documents\babychu.wpe
[2010/05/23 12:32:49 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2010/05/23 12:22:25 | 000,350,208 | ---- | M] () -- C:\Users\Rex\Desktop\oC11b72rv1.exe
[2010/05/22 13:58:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/05/21 01:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/05/21 01:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/05/21 01:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/05/21 01:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/05/19 22:47:04 | 000,009,045 | ---- | M] () -- C:\Users\Rex\Desktop\Untitled.png
[2010/05/19 00:31:55 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/05/19 00:31:16 | 000,001,044 | -H-- | M] () -- C:\IPH.PH
[2010/05/16 07:14:50 | 000,190,478 | ---- | M] () -- C:\Users\Rex\Documents\SET of 12.docx
[2010/05/16 04:39:04 | 000,000,162 | -H-- | M] () -- C:\Users\Rex\Documents\~$know you won.docx
[2010/05/16 04:31:09 | 000,000,162 | -H-- | M] () -- C:\Users\Rex\Documents\~$T of 12.docx
[2010/05/16 01:42:27 | 000,002,334 | ---- | M] () -- C:\Users\Rex\Desktop\Prospector.lnk
[2010/05/16 01:23:45 | 000,002,030 | ---- | M] () -- C:\Users\Rex\Desktop\Customize Fences.lnk
[2010/05/15 23:30:05 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/15 23:30:05 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/15 23:30:05 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/15 22:18:31 | 007,557,283 | ---- | M] () -- C:\Users\Rex\Documents\DANIEL SMITH Extra.docx
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Rex\Documents\*.tmp files -> C:\Users\Rex\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/13 22:15:55 | 006,230,996 | ---- | C] () -- C:\Users\Rex\Desktop\completedbaby.psd
[2010/06/13 22:14:45 | 000,800,989 | ---- | C] () -- C:\Users\Rex\Desktop\badgedone.jpg
[2010/06/13 21:00:24 | 002,850,816 | ---- | C] () -- C:\Users\Rex\Desktop\completedbaby.sai
[2010/06/13 20:59:51 | 000,738,197 | ---- | C] () -- C:\Users\Rex\Desktop\completedbaby.jpg
[2010/06/13 19:50:54 | 002,264,672 | ---- | C] () -- C:\Users\Rex\Desktop\665drfgfrrr21649.psd
[2010/06/13 19:50:19 | 004,993,024 | ---- | C] () -- C:\Users\Rex\Desktop\665drrrr21649.sai
[2010/06/13 19:50:02 | 002,263,788 | ---- | C] () -- C:\Users\Rex\Desktop\665drrrr21649.psd
[2010/06/13 19:38:37 | 000,564,639 | ---- | C] () -- C:\Users\Rex\Desktop\665drrrr21649.png
[2010/06/13 14:21:58 | 000,532,797 | ---- | C] () -- C:\Users\Rex\Desktop\665d21649.png
[2010/06/13 13:09:20 | 000,427,205 | ---- | C] () -- C:\Users\Rex\Desktop\66521649.png
[2010/06/12 19:14:16 | 018,709,224 | ---- | C] () -- C:\Users\Rex\Desktop\penny.psd
[2010/06/12 14:27:56 | 001,969,366 | ---- | C] () -- C:\Users\Rex\Documents\ssa.wpe
[2010/06/12 12:03:57 | 000,146,921 | ---- | C] () -- C:\Users\Rex\Documents\lolwhat.wpe
[2010/06/08 22:08:47 | 000,001,095 | ---- | C] () -- C:\Users\Rex\Desktop\Trillian.lnk
[2010/06/08 00:55:54 | 000,996,837 | ---- | C] () -- C:\Users\Rex\Desktop\IMG_4436.JPG
[2010/06/05 22:11:58 | 000,000,162 | -H-- | C] () -- C:\Users\Rex\Documents\~$System.docx
[2010/06/05 22:04:00 | 000,010,449 | ---- | C] () -- C:\Users\Rex\Documents\System.docx
[2010/06/05 20:42:47 | 000,001,768 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/05 12:17:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010/06/05 11:35:03 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/06/05 11:30:03 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/06/05 11:27:40 | 000,019,778 | ---- | C] () -- C:\Users\Rex\Desktop\DSC09851.JPG
[2010/06/03 22:03:47 | 000,162,129 | ---- | C] () -- C:\Users\Rex\Documents\Untitled (8).wma
[2010/06/03 21:51:26 | 001,001,759 | ---- | C] () -- C:\Users\Rex\Documents\Untitled (7).wma
[2010/06/03 21:48:44 | 000,521,329 | ---- | C] () -- C:\Users\Rex\Documents\Untitled (6).wma
[2010/06/03 21:47:45 | 000,153,149 | ---- | C] () -- C:\Users\Rex\Documents\Untitled (5).wma
[2010/06/03 20:49:04 | 000,238,459 | ---- | C] () -- C:\Users\Rex\Documents\Untitled (4).wma
[2010/06/03 20:42:28 | 000,162,304 | ---- | C] () -- C:\Users\Rex\lame_enc_en.dll
[2010/06/03 20:42:28 | 000,053,248 | ---- | C] () -- C:\Users\Rex\lametritonus_en.dll
[2010/06/03 20:36:19 | 001,158,909 | ---- | C] () -- C:\Users\Rex\Documents\Untitled (3).wma
[2010/06/03 20:31:35 | 002,847,149 | ---- | C] () -- C:\Users\Rex\Documents\Untitled (2).wma
[2010/06/03 20:23:49 | 002,447,539 | ---- | C] () -- C:\Users\Rex\Documents\Untitled.wma
[2010/06/03 20:19:18 | 000,108,249 | ---- | C] () -- C:\Users\Rex\Documents\fgfdgfd.wma
[2010/06/03 20:16:11 | 001,257,689 | ---- | C] () -- C:\Users\Rex\Documents\lols!.wma
[2010/06/03 20:09:37 | 000,001,065 | ---- | C] () -- C:\Users\Rex\Desktop\vanBasco's Karaoke Player.lnk
[2010/05/31 08:53:35 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/05/27 01:52:25 | 004,718,802 | ---- | C] () -- C:\Users\Rex\Desktop\10 - Great Divide.mp3
[2010/05/26 18:21:51 | 000,447,659 | ---- | C] () -- C:\Users\Rex\Desktop\loltablet.jpg
[2010/05/26 17:58:53 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\Fantasy Earth Zero.lnk
[2010/05/23 23:03:54 | 000,000,917 | ---- | C] () -- C:\Users\Rex\Desktop\Ventrilo.lnk
[2010/05/23 23:03:45 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/05/23 16:40:32 | 002,917,404 | ---- | C] () -- C:\Users\Rex\Documents\lolbeanywtf.wpe
[2010/05/23 13:58:12 | 001,305,374 | ---- | C] () -- C:\Users\Rex\Documents\babychu.wpe
[2010/05/23 12:32:49 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2010/05/23 12:22:03 | 000,350,208 | ---- | C] () -- C:\Users\Rex\Desktop\oC11b72rv1.exe
[2010/05/21 19:18:44 | 000,000,000 | ---- | C] () -- C:\Users\Rex\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock
[2010/05/20 22:42:35 | 000,904,521 | ---- | C] () -- C:\Users\Rex\Desktop\IMG_4407.JPG
[2010/05/19 22:47:04 | 000,009,045 | ---- | C] () -- C:\Users\Rex\Desktop\Untitled.png
[2010/05/19 01:07:20 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/05/19 00:31:14 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/05/16 04:39:04 | 000,000,162 | -H-- | C] () -- C:\Users\Rex\Documents\~$know you won.docx
[2010/05/16 04:31:09 | 000,000,162 | -H-- | C] () -- C:\Users\Rex\Documents\~$T of 12.docx
[2010/05/16 01:42:27 | 000,002,334 | ---- | C] () -- C:\Users\Rex\Desktop\Prospector.lnk
[2010/05/16 01:40:42 | 000,000,945 | ---- | C] () -- C:\Users\Rex\Desktop\Zune.lnk
[2010/05/16 01:23:45 | 000,002,030 | ---- | C] () -- C:\Users\Rex\Desktop\Customize Fences.lnk
[2010/05/15 22:18:28 | 007,557,283 | ---- | C] () -- C:\Users\Rex\Documents\DANIEL SMITH Extra.docx
[2010/05/15 22:17:49 | 000,190,478 | ---- | C] () -- C:\Users\Rex\Documents\SET of 12.docx
[2010/04/22 06:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/04/02 23:08:55 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/26 02:34:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/26 02:30:56 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2010/02/26 18:14:48 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/02/26 18:14:48 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/02/26 02:34:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/13 12:45:20 | 3219,234,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 02:34:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/19 00:31:16 | 000,001,044 | -H-- | M] () -- C:\IPH.PH
[2010/05/31 08:35:59 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/02/26 02:34:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/13 12:45:21 | 4292,317,184 | -HS- | M] () -- C:\pagefile.sys
[2010/06/05 23:36:29 | 000,001,710 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_05.06.2010_23.36.29_log.txt
[2010/06/05 23:07:46 | 000,001,710 | ---- | M] () -- C:\TDSSKiller.txt
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/08 21:50:16 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BEB15613
< End of report >




(((( I did not get a second notepad , the one that says extra )))

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:29 AM

Posted 14 June 2010 - 05:07 PM

Hi Pennycake!!.. smile.gif

I've had a busy day (almost a midnight here) - I'll review your logs later and reply tomorrow... Thank you for your patience...

QUOTE(Pennycake @ Jun 14 2010, 08:54 AM) View Post
(((( I did not get a second notepad , the one that says extra )))

Run OTL.exe once again, click None on the top bar, then click Use SafeList under Extra Registry, click the Run Scan button... Extras.txt logfile should be generated - attach it to your next post... smile.gif
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:29 AM

Posted 15 June 2010 - 02:33 PM

Hi again Pennycake!!.. smile.gif

Do redirects happen in Internet Explorer only, in Firefox only or in both??..

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [EPSON Artisan 800 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEMA.EXE File not found
    O4 - HKCU..\Run: [EPSON546CD9] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEMA.EXE File not found
    [2010/06/13 20:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At2.job
    [2010/06/13 20:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At1.job
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 Pennycake

Pennycake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 20 June 2010 - 12:02 AM


Hey, sorry to get back to you so late!

The problem only appears in firefox.

I also did the ESET scan but no log for it could be found in my system.

This is a pic of the ESET scan result though
http://smg.photobucket.com/albums/v519/Lio...=27921838-1.png

Extras Log
-------------------------------------------------------
_______________________________________
-------------------------------------------------------

OTL Extras logfile created on: 6/19/2010 4:20:33 PM - Run 4
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Rex\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 330.80 Gb Free Space | 71.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIN
Current User Name: Rex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"EPSON Artisan 800 Series" = EPSON Artisan 800 Series Printer Uninstall
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{204D48C5-6231-4955-83EC-623DCB437FD9}_is1" = Emerald Viewer 1.23.5.1634
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}" = Prospector
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB8BD91F-DC90-4770-AE33-8AA6AA2E691B}" = Extensis Suitcase Fusion 2
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_d2f336b2c5feeb945c28b7a0a45170f" = Adobe Creative Suite 4 Master Collection
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"avast5" = avast! Internet Security
"BitComet" = BitComet 1.21
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoolViewer" = CoolViewer (remove only)
"EPSON Scanner" = EPSON Scan
"Fences" = Fences
"FLV Player" = FLV Player 2.0 (build 25)
"Game Booster_is1" = Game Booster
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"JTablet" = JTablet
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_US Toolbar" = Messenger_Plus_Live_US Toolbar
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PaintToolSAI" = PaintTool SAI Ver.1
"Precision" = EVGA Precision 1.9.1
"ScreenGrab_is1" = ScreenGrab 1.1
"SecondLife" = SecondLife (remove only)
"SecondLifeBetaViewer" = SecondLifeBetaViewer (remove only)
"Steam App 26800" = Braid
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Trillian" = Trillian
"VMidi" = vanBasco's Karaoke Player
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2010 6:19:56 PM | Computer Name = Sin | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/17/2010 1:50:49 AM | Computer Name = Sin | Source = Bonjour Service | ID = 100
Description = 364: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/17/2010 6:46:15 PM | Computer Name = Sin | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/17/2010 7:51:59 PM | Computer Name = Sin | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/18/2010 4:34:44 AM | Computer Name = Sin | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/18/2010 4:35:38 AM | Computer Name = Sin | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/18/2010 5:12:07 AM | Computer Name = Sin | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/19/2010 12:08:03 AM | Computer Name = Sin | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/19/2010 1:12:22 AM | Computer Name = Sin | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/19/2010 1:48:10 PM | Computer Name = Sin | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ OSession Events ]
Error - 3/2/2010 8:37:53 AM | Computer Name = Sin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 147
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/2/2010 8:38:02 AM | Computer Name = Sin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/6/2010 1:41:27 AM | Computer Name = Sin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25880
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/6/2010 1:41:40 AM | Computer Name = Sin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/15/2010 4:06:28 AM | Computer Name = Sin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2790
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/15/2010 4:06:38 AM | Computer Name = Sin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/17/2010 7:19:24 AM | Computer Name = Sin | Source = DCOM | ID = 10016
Description =

Error - 6/17/2010 6:12:56 PM | Computer Name = Sin | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Stereoscopic 3D Driver Service service failed to start
due to the following error: %%2

Error - 6/17/2010 6:13:54 PM | Computer Name = Sin | Source = DCOM | ID = 10016
Description =

Error - 6/17/2010 10:51:26 PM | Computer Name = Sin | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 6/18/2010 10:51:24 AM | Computer Name = Sin | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 6/18/2010 10:51:25 PM | Computer Name = Sin | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 6/19/2010 11:42:08 AM | Computer Name = Sin | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Stereoscopic 3D Driver Service service failed to start
due to the following error: %%2

Error - 6/19/2010 11:43:06 AM | Computer Name = Sin | Source = DCOM | ID = 10016
Description =

Error - 6/19/2010 4:15:13 PM | Computer Name = Sin | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Stereoscopic 3D Driver Service service failed to start
due to the following error: %%2

Error - 6/19/2010 4:16:11 PM | Computer Name = Sin | Source = DCOM | ID = 10016
Description =


< End of report >
------------------------------------------------------------------------------------------------------------------------------------



#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:29 AM

Posted 20 June 2010 - 05:58 PM

Hi again Pennycake!!.. smile.gif

In my previous post, I asked you to run a fix with OTL... Where is the fix log?..

QUOTE(Pennycake @ Jun 20 2010, 07:02 AM) View Post
The problem only appears in firefox.

Yep, I see the problem now:

[2010/06/02 12:56:48 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml
This is: Trojan.Win32.Clicker.hd

I wonder if a full scan with MBAM gets it... Please do the following:

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Review the MBAM' report... Did this file in bold get deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml ??.. If yes, it's ok...
If not, please upload it first for analysis:

Go to this site: Submit Malware Sample, put a link to topic where this file was requested (http://www.bleepingcomputer.com/forums/topic321969.html), browse to this file:
C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml
In the comments section write: from snemelk ... Finally, hit the Send file button and wait till the file is uploaded ...

Afterwards, please delete this file:
C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml
Reboot, and let me know if your problem persists... thumbup2.gif
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 Pennycake

Pennycake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 21 June 2010 - 06:37 AM

i'm sorry i forgot to include it ! I'll do the other steps when i get home.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Artisan 800 Series not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON546CD9 not found.
File C:\Windows\tasks\At2.job not found.
File C:\Windows\tasks\At1.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rex
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 29052516 bytes
->Java cache emptied: 7606760 bytes
->FireFox cache emptied: 90965313 bytes
->Apple Safari cache emptied: 100622929 bytes
->Flash cache emptied: 223034 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6938198 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 8019288760 bytes

Total Files Cleaned = 7,872.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rex
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06192010_162930

Files\Folders moved on Reboot...
File\Folder C:\Users\Rex\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


#9 Pennycake

Pennycake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 21 June 2010 - 06:25 PM

OK Update! 6/21/10 7:42 pm


I followed all the steps and it seems that the google problem has been fixed. Wow ..it was so simple.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4222

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/21/2010 7:16:40 PM
mbam-log-2010-06-21 (19-16-40).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 444006
Time elapsed: 1 hour(s), 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{19987cee-dee8-49dc-98ec-f21380aa9e68} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{19987cee-dee8-49dc-98ec-f21380aa9e6a} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{19987cee-dee8-49dc-98ec-f21380aa9e6b} (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\BitComet\BitComet.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\daac.ax (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Rex\Desktop\Desktop CLEAN UP\siw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\fwevpovto[1].htm (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\fwevpovto[1].htm (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Windows.old\Documents and Settings\solandy garcia\Desktop\siw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows.old\Documents and Settings\solandy garcia\Local Settings\Temporary Internet Files\Content.IE5\HILELKGY\siw[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Edited by Pennycake, 21 June 2010 - 06:41 PM.


#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:29 AM

Posted 22 June 2010 - 05:10 AM

Hi again Pennycake!!.. smile.gif

QUOTE(Pennycake @ Jun 22 2010, 01:25 AM) View Post
I followed all the steps and it seems that the google problem has been fixed. Wow ..it was so simple.

Glad to see it!!.. thumbup2.gif

If there are no remaining problems:

Firstly,
To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Secondly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Thirdly,
Please set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:
Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 Pennycake

Pennycake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 28 June 2010 - 09:05 PM

Finally got to all the steps, thank you so much for your help. You guys are great.

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:29 AM

Posted 29 June 2010 - 04:20 PM

Glad we could help. smile.gif

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users