Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot Can't delete increasing number of temporary files


  • This topic is locked This topic is locked
14 replies to this topic

#1 Cosimo12

Cosimo12

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 07 July 2010 - 07:30 AM

Hi I posted previous in the main vista forum





Here is the DDS Log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Me at 8:48:12.05 on 07/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2972.957 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Me\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Me\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\5.2.1.0\plugin\ClickClean.exe
C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
D:\Downloads\dds (1).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0209&m=aspire_5735
uInternet Settings,ProxyOverride = ;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [Google Update] "c:\users\me\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Rapportexe] "c:\program files\trusteer\rapport\bin\RapportService.exe" -start -after_boot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\sophos_detoured.dll,c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\me\appdata\roaming\mozilla\firefox\profiles\kyxnqhu5.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\me\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 CFRPD;cfrpd;c:\windows\system32\drivers\CFRPD.sys [2009-8-4 53280]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-6-28 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-26 390528]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-6-7 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-6-7 166632]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-6-3 93688]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-20 24576]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\gfi\gfibac~1\GFIHInst.exe [2010-2-13 440616]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2010-2-13 2261800]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-6-7 840936]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-5 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2009-7-10 98304]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-5 1153368]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-5-27 172032]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-26 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-6-26 212992]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-4-25 20288]

=============== Created Last 30 ================

2010-07-06 15:19:50 0 d-----w- C:\archive_db
2010-07-06 12:01:52 0 d-----w- c:\programdata\Paragon
2010-07-05 14:08:29 0 d-----w- c:\program files\Cobian Backup 8
2010-07-05 13:32:56 0 d-----w- c:\program files\Cobian Backup 10
2010-07-01 12:27:46 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-07-01 12:27:46 1351392 ----a-w- c:\windows\system32\comctl32.ocx
2010-07-01 12:27:45 167683 ----a-w- c:\windows\system32\COMCT232.OCX
2010-07-01 12:27:45 0 d-----w- c:\program files\Smarty Uninstaller Pro
2010-06-29 12:15:17 0 d-----w- c:\program files\common files\xing shared
2010-06-29 12:14:51 0 d-----w- c:\program files\common files\Real
2010-06-29 12:14:49 0 d-----w- c:\programdata\Real
2010-06-28 21:17:51 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-06-28 09:33:33 0 d-----w- c:\program files\Amazon
2010-06-28 09:29:05 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-06-28 09:28:40 0 d-----w- c:\windows\LastGood.Tmp
2010-06-28 09:26:53 0 d-----w- c:\program files\Paragon Software
2010-06-24 07:24:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-24 07:24:55 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 23:33:20 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 23:33:20 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 23:33:20 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 23:33:20 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 23:33:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-20 21:40:12 0 d-----w- c:\program files\iPod
2010-06-20 21:40:08 0 d-----w- c:\program files\iTunes
2010-06-20 21:36:08 0 d-----w- c:\program files\Bonjour
2010-06-09 07:18:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 07:18:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 07:18:04 289792 ----a-w- c:\windows\system32\atmfd.dll

==================== Find3M ====================

2010-07-06 17:22:23 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-06 17:22:23 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-28 09:28:55 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-06 07:58:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-25 07:53:14 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2010-05-25 07:45:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 09:03:36 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:49:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-27 12:45:06 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-04-26 16:08:50 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-04-26 16:08:36 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-04-26 14:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-04-26 11:03:40 28672 ---ha-w- C:\SZKGFS.dat
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-19 19:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-28 11:04:07 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-21 17:14:41 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-12-21 17:14:41 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-21 17:14:41 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-03-31 10:12:59 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-03-31 10:12:59 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-03-31 10:12:59 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-03 20:46:30 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-08 21:27:38 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-11-08 21:27:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110820091109\index.dat
2009-11-08 21:27:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat

============= FINISH: 8:50:43.28 ===============


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 10 July 2010 - 02:34 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Cosimo12

Cosimo12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 11 July 2010 - 09:13 AM

hi, thanks for replying.

Just to let you know a couple of thing sbefore I received your message.

I updated ad-aware and it found the win32 trojan - which it successfully deleted, it said. but since they I still have a rising number of temporary files in spybot.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 11 July 2010 - 04:48 PM

Can you try running Gmer

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#5 Cosimo12

Cosimo12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 11 July 2010 - 05:42 PM

Here is the GMER log. I should say when it had finished and I closed it down my laptop went to a blue screen saying software/hardware crash had occurred, and the memory was being dumped - it then restarted fine.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-11 23:35:04
Windows 6.0.6002 Service Pack 2
Running: n7yl1xls.exe; Driver: C:\Users\Me\AppData\Local\Temp\ugrdipow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8E15DE26]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8E15E704]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8E15E864]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8E162086]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8E1620B8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8E16221A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8E15E7C8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8E15DF6A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8E15E15C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8E15E28E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8E162190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8E1620FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8E16212C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8E16215E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8E15DDCC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8E15E8C4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8E16201E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8E15DD68]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x8E15DCBC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8E15DD04]

INT 0x62 ? 8C408BF8
INT 0x62 ? 8C408BF8
INT 0x62 ? 8C408BF8
INT 0x62 ? 8C408BF8
INT 0x62 ? 8C408BF8
INT 0x82 ? 8C408BF8
INT 0x92 ? 85B08BF8
INT 0x92 ? 85B08BF8
INT 0x92 ? 85B08BF8
INT 0x92 ? 85B08BF8
INT 0x92 ? 85B08BF8
INT 0xA2 ? 8C408BF8
INT 0xB2 ? 8C408BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 191 834FA8F4 4 Bytes [26, DE, 15, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D9 834FA93C 4 Bytes [04, E7, 15, 8E]
.text ntkrnlpa.exe!KeSetEvent + 2D1 834FAA34 8 Bytes CALL A3D6384E
.text ntkrnlpa.exe!KeSetEvent + 2E1 834FAA44 4 Bytes [B8, 20, 16, 8E]
.text ntkrnlpa.exe!KeSetEvent + 381 834FAAE4 4 Bytes [1A, 22, 16, 8E]
.text ...
? System32\Drivers\sppr.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8D1CD41B 5 Bytes JMP 8C4081D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1108] ntdll.dll!KiUserApcDispatcher 776B5D18 5 Bytes JMP 00414A50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1108] USER32.dll!InSendMessageEx + 3B1 7652E6B0 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1108] WS2_32.dll!getaddrinfo 764F418A 5 Bytes JMP 71640022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1108] WS2_32.dll!gethostbyname 765062D4 5 Bytes JMP 71670022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4252] ntdll.dll!KiUserApcDispatcher 776B5D18 5 Bytes JMP 00438CE0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4252] WS2_32.dll!getaddrinfo 764F418A 5 Bytes JMP 71670022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4252] WS2_32.dll!gethostbyname 765062D4 5 Bytes JMP 716E0022

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 88B121F8

AttachedDevice \FileSystem\Ntfs \Ntfs cfrpd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 85B0A1F8
Device \Driver\usbuhci \Device\USBPDO-0 8C41B1F8
Device \Driver\usbuhci \Device\USBPDO-1 8C41B1F8
Device \Driver\usbuhci \Device\USBPDO-2 8C41B1F8
Device \Driver\usbehci \Device\USBPDO-3 8C4221F8
Device \Driver\netbt \Device\NetBT_Tcpip_{A6345597-6F2A-452B-BF37-ED65E29D08DF} 937441F8
Device \Driver\usbuhci \Device\USBPDO-4 8C41B1F8

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\usbuhci \Device\USBPDO-5 8C41B1F8
Device \Driver\usbuhci \Device\USBPDO-6 8C41B1F8
Device \Driver\volmgr \Device\HarddiskVolume1 85B0A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\usbehci \Device\USBPDO-7 8C4221F8
Device \Driver\volmgr \Device\HarddiskVolume2 85B0A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\cdrom \Device\CdRom0 8C4171F8
Device \Driver\volmgr \Device\HarddiskVolume3 85B0A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 88B101F8
Device \Driver\atapi \Device\Ide\IdePort0 88B101F8
Device \Driver\atapi \Device\Ide\IdePort1 88B101F8
Device \Driver\atapi \Device\Ide\IdePort2 88B101F8
Device \Driver\atapi \Device\Ide\IdePort3 88B101F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 88B101F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 88B111F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 88B111F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 88B111F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 88B111F8
Device \Driver\netbt \Device\NetBT_Tcpip_{584B6594-98C6-4D4D-975B-51020DF3E7AD} 937441F8
Device \Driver\netbt \Device\NetBt_Wins_Export 937441F8
Device \Driver\Smb \Device\NetbiosSmb 9371C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 8C40C1F8
Device \Driver\usbuhci \Device\USBFDO-0 8C41B1F8
Device \Driver\usbuhci \Device\USBFDO-1 8C41B1F8
Device \Driver\usbuhci \Device\USBFDO-2 8C41B1F8
Device \Driver\usbehci \Device\USBFDO-3 8C4221F8
Device \Driver\usbuhci \Device\USBFDO-4 8C41B1F8
Device \Driver\usbuhci \Device\USBFDO-5 8C41B1F8
Device \Driver\usbuhci \Device\USBFDO-6 8C41B1F8
Device \Driver\usbehci \Device\USBFDO-7 8C4221F8
Device \FileSystem\cdfs \Cdfs BBCD3500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0xC1 0x03 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0xB0 0xDD 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x77 0x25 0x4E 0x25 ...
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0xC1 0x03 0x63 ...
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0xB0 0xDD 0x4E ...
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x77 0x25 0x4E 0x25 ...

---- EOF - GMER 1.0.15 ----


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 11 July 2010 - 05:44 PM

Clean of rootkits.

Can you run OTL so we can see if any temp files appear on the logs
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 Cosimo12

Cosimo12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 13 July 2010 - 09:13 AM

OTL.txt

OTL logfile created on: 13/07/2010 14:55:27 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = d:\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 40.54 Gb Free Space | 36.34% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 39.99 Gb Free Space | 35.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - d:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Me\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Windows\temp\sophos_autoupdate1.dir\ALUpdate.exe (Sophos Plc)
PRC - C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe (GFI Software Ltd.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe (GFI Software Ltd.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe (Acer Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()


========== Modules (SafeList) ==========

MOD - d:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99
FF - prefs.js..extensions.enabledItems: {5d393167-8b1c-4ce1-8593-0ba5f39f3210}:0.4
FF - prefs.js..extensions.enabledItems: takeabreak@ttt-jl.blogspot.com:1.1
FF - prefs.js..extensions.enabledItems: timetrack@usablehack.com:1.2.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/24 19:45:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/04 11:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 08:56:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/04 11:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/07/01 08:56:57 | 000,000,000 | ---D | M]

[2009/12/29 15:20:38 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Extensions
[2009/12/29 15:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/09/23 15:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/12 09:34:55 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions
[2010/07/07 13:44:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 18:58:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/01 10:58:40 | 000,000,000 | ---D | M] () -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\{5d393167-8b1c-4ce1-8593-0ba5f39f3210}
[2010/07/07 13:45:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/28 00:06:21 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2010/04/15 22:29:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/03 15:10:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/12 13:15:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/12 10:43:05 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\smarterwiki@wikiatic.com
[2010/04/07 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\takeabreak@ttt-jl.blogspot.com
[2009/12/24 23:45:00 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\timetrack@usablehack.com
[2010/05/23 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\kyxnqhu5.default\extensions\zotero@chnm.gmu.edu
[2010/05/25 08:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/28 00:18:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/23 21:37:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/20 21:57:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/25 08:45:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/28 00:18:57 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/28 00:18:57 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/05/25 08:45:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/25 17:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/06/28 00:18:57 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/27 05:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/06/19 20:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/29 13:15:44 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/04/06 18:10:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/06 18:10:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/06 18:10:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/06 18:10:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/06 18:10:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/04/06 18:10:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/04/06 18:10:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/06/29 13:16:02 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/06/29 13:15:39 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/11 23:24:57 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/11 23:24:57 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/11 23:24:57 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/11 23:24:57 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/11 23:24:57 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/11 23:24:57 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/11 23:24:57 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/11 23:24:57 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/25 09:21:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Me\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.143.192.11 158.143.40.47
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\TSpkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/10 20:47:52 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/07/09 12:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/07/09 12:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/07/09 11:20:58 | 000,000,000 | ---D | C] -- C:\Users\Me\Documents\French
[2010/07/08 20:02:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/07/08 20:00:47 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/07/08 19:24:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/07/06 16:19:50 | 000,000,000 | ---D | C] -- C:\archive_db
[2010/07/06 13:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2010/07/05 15:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2010/07/05 14:33:21 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Local\Safe mirror
[2010/07/05 14:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/01 13:27:46 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2010/07/01 13:27:46 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll
[2010/07/01 13:27:45 | 000,167,683 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCT232.OCX
[2010/07/01 13:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Smarty Uninstaller Pro
[2010/06/29 13:15:44 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/29 13:15:30 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/29 13:15:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/29 13:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/06/29 13:14:54 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/06/29 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/06/29 13:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/29 13:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/06/29 13:14:41 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Roaming\Real
[2010/06/28 22:17:51 | 000,339,968 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\RapportBuka.dll
[2010/06/28 10:34:32 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Roaming\Amazon
[2010/06/28 10:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/06/28 10:29:05 | 000,040,560 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2010/06/28 10:28:40 | 000,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp
[2010/06/28 10:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2010/06/24 08:24:55 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/24 08:24:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/24 00:33:20 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 00:33:20 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 00:33:20 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/20 22:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 22:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/20 22:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/17 18:44:40 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Local\Sunbelt Software
[2010/04/21 17:32:38 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/02/22 19:12:24 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/13 14:54:54 | 006,029,312 | -HS- | M] () -- C:\Users\Me\ntuser.dat
[2010/07/13 14:54:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 14:54:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 14:49:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/13 13:01:27 | 000,701,564 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/13 13:01:27 | 000,607,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/13 13:01:27 | 000,108,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/13 12:57:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/13 12:54:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/07/13 12:54:24 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/13 12:54:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/13 12:54:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/13 09:11:19 | 000,524,288 | -HS- | M] () -- C:\Users\Me\NTUSER.DAT{9d64062e-fef2-11de-b811-001d72f420d0}.TMContainer00000000000000000001.regtrans-ms
[2010/07/13 09:11:19 | 000,065,536 | -HS- | M] () -- C:\Users\Me\NTUSER.DAT{9d64062e-fef2-11de-b811-001d72f420d0}.TM.blf
[2010/07/12 22:04:26 | 002,420,645 | -H-- | M] () -- C:\Users\Me\AppData\Local\IconCache.db
[2010/07/12 10:24:53 | 000,001,395 | ---- | M] () -- C:\Users\Me\Desktop\DivX Movies.lnk
[2010/07/12 10:24:10 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/07/12 09:34:26 | 000,120,832 | ---- | M] () -- C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/11 23:36:19 | 504,855,284 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/10 20:33:34 | 000,001,035 | ---- | M] () -- C:\Users\Me\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/10 20:33:34 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/09 19:52:41 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/07/09 19:52:41 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/07/09 19:52:40 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/07/09 12:29:36 | 000,000,000 | -H-- | M] () -- C:\Windows\ocsetup.lock
[2010/07/09 12:23:22 | 000,001,858 | ---- | M] () -- C:\Users\Me\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/07/09 12:23:22 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/07/06 18:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/07/06 18:28:44 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/07/06 09:05:10 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/02 19:19:05 | 000,002,031 | ---- | M] () -- C:\Users\Me\Desktop\Google Chrome.lnk
[2010/07/02 19:19:05 | 000,001,993 | ---- | M] () -- C:\Users\Me\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/01 08:56:58 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/29 13:15:44 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/29 13:15:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/29 13:15:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/29 13:14:54 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/06/28 22:17:51 | 000,339,968 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\RapportBuka.dll
[2010/06/28 10:29:02 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 10.2 Free Edition.lnk
[2010/06/15 09:06:03 | 000,013,048 | ---- | M] () -- C:\Users\Me\Documents\2008.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/13 12:57:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/10 22:42:55 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/07/10 20:33:34 | 000,001,035 | ---- | C] () -- C:\Users\Me\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/10 20:33:34 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/09 12:29:36 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/07/09 12:29:36 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/07/09 12:29:36 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/07/09 12:29:36 | 000,000,000 | -H-- | C] () -- C:\Windows\ocsetup.lock
[2010/07/09 12:23:22 | 000,001,858 | ---- | C] () -- C:\Users\Me\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/07/09 12:23:22 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/07/07 13:27:06 | 504,855,284 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/28 10:29:02 | 000,002,320 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 10.2 Free Edition.lnk
[2010/06/20 22:40:42 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/15 09:06:02 | 000,013,048 | ---- | C] () -- C:\Users\Me\Documents\2008.docx
[2010/05/21 09:21:58 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/05/12 09:32:32 | 000,000,171 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/04/21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/12/24 17:43:44 | 000,000,100 | ---- | C] () -- C:\Windows\ChssBase.ini
[2009/11/29 14:53:25 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/11/04 16:55:30 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009/11/04 16:55:30 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009/11/04 16:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009/11/04 16:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2009/11/04 16:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2009/11/04 16:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2009/11/04 16:43:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009/11/04 16:43:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009/11/04 16:43:33 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009/11/04 16:37:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/11/04 16:37:36 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/10/04 22:58:50 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/24 19:43:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 19:42:42 | 000,273,920 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/09/24 12:48:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/09/24 12:40:00 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2009/07/31 02:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/02/22 19:30:04 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/02/22 19:25:07 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2009/02/22 19:22:43 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/02/22 19:10:53 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009/01/20 13:35:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/20 13:20:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/20 13:20:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/11/11 04:27:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/11/11 04:27:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/11/11 04:27:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/11/11 04:26:52 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS
[2001/12/27 01:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 08:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 01:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 07:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/01/20 13:06:30 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Acer GameZone Console
[2010/06/28 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Amazon
[2010/06/17 20:19:57 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\BitTorrent
[2010/04/01 14:02:03 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\ChessBase
[2009/10/04 23:26:24 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\DAEMON Tools Lite
[2009/12/17 16:02:41 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Easy Duplicate Finder
[2010/05/09 23:45:17 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\eSobi
[2010/03/19 21:50:20 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\PrimoPDF
[2009/12/29 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Thunderbird
[2010/01/02 10:56:05 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Trusteer
[2010/07/13 12:57:06 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/07/13 00:10:17 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


extras.txt

OTL Extras logfile created on: 13/07/2010 14:55:27 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = d:\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 40.54 Gb Free Space | 36.34% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 39.99 Gb Free Space | 35.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\Me\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B838FB-A199-4785-BEC5-C359EC66F723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{024D8505-CF68-4257-B17B-81ED1B255C2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{08FE4ABD-7EB5-42D5-BB96-661DE8080631}" = rport=139 | protocol=6 | dir=out | app=system |
"{0EBB8D21-992D-486A-9B63-9CCFF2FE45AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D107E5A-7E22-4B8A-A9BE-1013C96218BE}" = rport=138 | protocol=17 | dir=out | app=system |
"{35D6F2B5-3C87-46C9-B343-D7028531F653}" = lport=139 | protocol=6 | dir=in | app=system |
"{80410193-1C26-415F-8031-D93DF1F0C857}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{830BA19E-B011-4166-8F61-1E0B44958CBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BED043A-D7CF-4C5D-9336-08288D0D8475}" = rport=137 | protocol=17 | dir=out | app=system |
"{A50F7921-B158-4BF2-9C6C-8A2E1977CF69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BC59E946-E767-4AB6-B75A-A9684DE4A99D}" = rport=445 | protocol=6 | dir=out | app=system |
"{EA11C681-270D-4859-9995-6BD2CE202B30}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED4B4760-D779-494C-BA35-7707401EC0FD}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042D9F46-3C3F-460C-AE09-4A946E506AD9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B487F99-1511-4077-A209-46E9647C3E02}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1D78B0AA-E038-44C5-8CDE-655A7283BE84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2B4AD828-2334-459B-8996-66D3F9BC5FF9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2D157F52-5282-4416-A1FB-27F5706A789F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4460E21C-ED38-4C5E-9CE6-7F8CAE45576C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{474C83E0-DFE5-4EA1-9309-31030A5567FF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{587738F7-DA42-4C63-9585-6DDE5E5E4788}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7157F806-51E0-402E-B796-74C3AA5689C7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{71C8ED02-C396-4693-9E22-976BB5359CF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7698CAA6-411E-47D0-B5E3-CB2186B336A6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7ED3DF8A-C179-4E92-87D7-B8EDFCD67D43}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{83712757-244A-444A-A040-878E2BCB0018}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{91B2F9F5-FB88-4BC3-931D-C6C7BFBF27CC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9281144B-0371-4448-B566-20A84A472BBD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{95396F9D-FC2D-4CC9-B955-689C69CF83B9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A76A3069-0227-411B-9DE8-5886B78C88B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA2C6348-96AC-4148-B361-7507040FD421}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AE88254B-DF09-4EBB-AD6A-B90AD4315588}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5C169FA-EB5B-4B61-A053-FBA28C1DB3E2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BACB7A1A-0DFB-4843-A4E8-8ACB2B2683AE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BFE85FE1-E021-4704-BD44-535D78041C37}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D1C2B9E3-7E44-4ECC-926F-BF8A37475B48}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{ECE10452-DE48-4A06-A091-C078CD75A4EB}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{ED5BB5EF-4B39-4CA7-BF01-EFCBBC188819}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{EF02CE8C-2398-4172-949B-AE2A846C00BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F523A1C1-8AD1-432A-9ABD-C2D42337CD9A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{D4282CFC-1F39-4823-AE9B-2EF610FD30E1}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F210EFC8-1C06-4245-A866-AF17DE820A1B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{36048E8F-B98A-4AD8-B9C4-AFED85E2D42F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5BBD0935-4999-4D8F-AEBD-A89145483E01}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java™ SE Development Kit 6 Update 20
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities 1.47
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}" = Playchess
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9DB2E18E-2A1F-4D65-A258-9CB446903C3E}" = Amos 17.0
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10.2 Free Edition
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E25EB359-C7A3-4E0F-B06C-D6A539AD353E}" = COMODO System Cleaner
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Belarc Advisor" = Belarc Advisor 8.1
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CobBackup8" = Cobian Backup 8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.3.1
"EasyUp" = NSIS EasyUp
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"GFI Backup 2009 - Home Edition" = GFI Backup 2009 - Home Edition
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"ProInst" = Intel PROSet Wireless
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/07/2010 16:07:42 | Computer Name = Hal | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2010 16:30:03 | Computer Name = Hal | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2010 17:10:11 | Computer Name = Hal | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2010 17:15:30 | Computer Name = Hal | Source = GFIBckHSched | ID = 0
Description =

Error - 10/07/2010 17:17:11 | Computer Name = Hal | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2010 17:42:54 | Computer Name = Hal | Source = Windows Search Service | ID = 3084
Description =

Error - 10/07/2010 18:26:40 | Computer Name = Hal | Source = VSS | ID = 13
Description =

Error - 10/07/2010 18:26:40 | Computer Name = Hal | Source = VSS | ID = 8193
Description =

Error - 11/07/2010 04:57:18 | Computer Name = Hal | Source = WinMgmt | ID = 10
Description =

Error - 11/07/2010 04:57:46 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 29/10/2009 19:21:06 | Computer Name = Hal | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 44621
seconds with 11820 seconds of active time. This session ended with a crash.

Error - 30/10/2009 08:16:14 | Computer Name = Hal | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 367
seconds with 120 seconds of active time. This session ended with a crash.

Error - 23/05/2010 09:00:34 | Computer Name = Hal | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1332
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/07/2010 19:06:17 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 03:29:32 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 07:54:06 | Computer Name = Hal | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:10:36 on 13/07/2010 was unexpected.

Error - 13/07/2010 07:54:45 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 09:04:14 | Computer Name = Hal | Source = DCOM | ID = 10005
Description =

Error - 13/07/2010 09:04:14 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 09:38:46 | Computer Name = Hal | Source = DCOM | ID = 10005
Description =

Error - 13/07/2010 09:38:46 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 09:39:35 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 09:40:28 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 13 July 2010 - 06:11 PM

Do you have any information from Spybot about these temporary files because we haven't found any yet.


Please run MBAM and then SAS.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Now SAS

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#9 Cosimo12

Cosimo12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 14 July 2010 - 09:38 AM

Spybot reports 119 temporary files in use.

Here is MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4312

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

14/07/2010 14:22:21
mbam-log-2010-07-14 (14-22-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 276371
Time elapsed: 1 hour(s), 37 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 Cosimo12

Cosimo12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 14 July 2010 - 04:37 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/14/2010 at 10:16 PM

Application Version : 4.40.1002

Core Rules Database Version : 5197
Trace Rules Database Version: 3009

Scan type : Complete Scan
Total Scan Time : 01:23:57

Memory items scanned : 321
Memory threats detected : 0
Registry items scanned : 9369
Registry threats detected : 0
File items scanned : 47191
File threats detected : 159

Adware.Tracking Cookie
.xiti.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www3.smartadserver.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.microsoftsto.112.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
driverfinderpro.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
driverfinderpro.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
driverfinderpro.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.driverfinderpro.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.driverfinderpro.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.driverfinderpro.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.microsoftwindows.112.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.roiservice.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.estat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.microsoftwga.112.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.weborama.fr [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.usenext.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.usenext.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.msnbc.112.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.economist.122.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediamatters.org [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.himedia.individuad.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.himedia.individuad.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rff.solution.weborama.fr [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rff.solution.weborama.fr [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rff.solution.weborama.fr [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rff.solution.weborama.fr [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.timeoutcommunications.122.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.freemediatv.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trinitymirror.112.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tsleducation.112.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trvlnet.adbureau.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.premiumtv.122.2o7.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.myroitracking.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xm.xtendmedia.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
csm.rotator.hadj7.adjuggler.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
csm.rotator.hadj7.adjuggler.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
caloriecount.about.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
caloriecount.about.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.caloriecount.about.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.caloriecount.about.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.caloriecount.about.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.iad.liveperson.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracker.icerocket.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracker.icerocket.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yadro.ru [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies ]


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 14 July 2010 - 04:48 PM

Okay, they are both showing nothing.

Let's clear your temp files/cookies/cache and then see what Spybot says

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main "Select Files to Delete" choose: Select All.
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.


Then

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon. If you don't see it, go to Other options in the left panel or change to Classic View
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • Applications and applets
    • Trace and log files
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.

Finally run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Posted Image
m0le is a proud member of UNITE

#12 Cosimo12

Cosimo12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 16 July 2010 - 04:47 AM

Hi mole, Spybot isn't showing any temporary files so I think the ATS cleaner did the trick.

Assuming i don't need to do anything else - thank you very much!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 16 July 2010 - 06:37 PM

Can you complete the instructions for the Java cache clear and the ESET scan. Just to be sure.

Thanks smile.gif
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 19 July 2010 - 06:54 PM

Did you complete that?
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:00 AM

Posted 20 July 2010 - 06:54 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users