Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When i click on a google link i get redirected / Google Hijack virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 phillippslewis04

phillippslewis04

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 08 November 2010 - 09:00 AM

Hi in adavance i am very very grateful for the effort and help you are giving me if you go to my web site i have put pictures and an explination of them on there of what happens when i click on a google link and just sometimes when you click any where on a web page. Also i have had help from a moderator (boopme) here is a link so you can see what he has done to help with the problem so we hopefully dont have to dubble up on the tests to get this problem fixed thanks again in adavance. Also when i first run the dds i got a blue screen and it rebooted (sorry to quick for me to get any info off the blue screen) but when i ran DDS the second time it worked, also my printer has stoped working since doing the last lot of test shhould i just reinstall it?? Well so here are the logs that i got.


DDS (Ver_10-11-08.01) - NTFSx86
Run by Dave at 21:42:45.15 on Mon 08/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.3070.1499 [GMT 9.5:30]

SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\vVX1000.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Nero\Nero 9\InCD\InCD.exe
C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [autodetect] c:\windows\system32\supportappxl\AutoDect.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [InCD] "c:\program files\nero\nero 9\incd\InCD.exe"
mRun: [NBHGui] "c:\program files\nero\nero 9\incd\NBHGui.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxps://online.dha.gov.au/homefindweb/acgm.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-9-12 146448]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 9\incd\NBHRegInCDSrv.exe [2008-11-7 108568]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-10-6 36432]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-9-12 283152]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-8-12 21504]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-16 906240]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-8-18 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca19b6c9941d6a;Google Update Service (gupdate1ca19b6c9941d6a);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-6-13 7168]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-9-12 51792]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-10-2 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-10-2 689416]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-05 12:29:48 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-05 11:48:00 19096 ----a-w- c:\windows\system32\drivers\InCDRec.sys
2010-11-05 11:47:59 129944 ----a-w- c:\windows\system32\drivers\InCDFs.sys
2010-11-05 11:47:57 41880 ----a-w- c:\windows\system32\drivers\InCDRm.sys
2010-11-05 11:47:55 48152 ----a-w- c:\windows\system32\drivers\InCDPass.sys
2010-11-04 09:24:42 -------- d-----w- c:\users\dave\appdata\roaming\SUPERAntiSpyware.com
2010-11-04 09:24:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-03 10:56:37 -------- d-----w- c:\users\dave\appdata\roaming\Malwarebytes
2010-11-03 10:56:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 10:56:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-03 10:56:27 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-03 10:56:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 00:48:28 15256 ----a-w- c:\users\dave\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2010-11-02 13:21:18 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-02 13:07:43 98816 ----a-w- c:\windows\sed.exe
2010-11-02 13:07:43 256512 ----a-w- c:\windows\PEV.exe
2010-11-02 13:07:43 161792 ----a-w- c:\windows\SWREG.exe
2010-11-01 12:28:58 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-11-01 12:00:38 46080 ----a-w- c:\windows\system32\TSWbPrxy.exe
2010-11-01 12:00:38 44544 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2010-11-01 12:00:38 36864 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-01 12:00:38 12800 ----a-w- c:\windows\system32\wksprtPS.dll
2010-11-01 12:00:37 2689024 ----a-w- c:\windows\system32\mstscax.dll
2010-11-01 12:00:37 223232 ----a-w- c:\windows\system32\wksprt.exe
2010-11-01 12:00:37 130560 ----a-w- c:\windows\system32\aaclient.dll
2010-11-01 12:00:37 1033728 ----a-w- c:\windows\system32\mstsc.exe
2010-10-28 02:36:42 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-10-28 02:34:22 -------- d-----w- c:\windows\en
2010-10-28 02:33:54 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-28 02:28:39 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-28 02:28:39 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-28 02:28:39 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-28 02:17:48 469256 ----a-w- c:\program files\common files\windows live\.cache\4ee8f7b01cb76462b\InstallManager_WLE_WLE.exe
2010-10-28 02:17:15 15712 ----a-w- c:\program files\common files\windows live\.cache\3c9a3b001cb76461f\MeshBetaRemover.exe
2010-10-28 02:16:17 94040 ----a-w- c:\program files\common files\windows live\.cache\19b965c01cb764618\DSETUP.dll
2010-10-28 02:16:17 525656 ----a-w- c:\program files\common files\windows live\.cache\19b965c01cb764618\DXSETUP.exe
2010-10-28 02:16:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\19b965c01cb764618\dsetup32.dll
2010-10-28 02:16:15 94040 ----a-w- c:\program files\common files\windows live\.cache\172fada01cb764617\DSETUP.dll
2010-10-28 02:16:15 525656 ----a-w- c:\program files\common files\windows live\.cache\172fada01cb764617\DXSETUP.exe
2010-10-28 02:16:15 1691480 ----a-w- c:\program files\common files\windows live\.cache\172fada01cb764617\dsetup32.dll
2010-10-28 02:14:47 -------- d-----w- c:\users\dave\appdata\local\Windows Live
2010-10-28 02:12:05 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-28 02:06:59 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2010-10-28 02:06:59 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2010-10-28 02:06:59 241152 ----a-w- c:\windows\system32\winrscmd.dll
2010-10-28 02:06:59 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2010-10-28 02:06:59 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2010-10-28 02:06:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-26 20:15:37 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 20:15:36 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 20:15:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-14 20:42:42 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 20:42:42 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 20:42:42 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 20:42:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 20:42:41 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 20:42:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 20:42:19 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 12:17:31 -------- d-----w- c:\users\dave\appdata\local\Western_Digital
2010-10-13 12:11:33 -------- d-----w- c:\users\dave\appdata\roaming\Western Digital
2010-10-13 12:11:25 -------- d-----w- c:\progra~2\Western Digital
2010-10-13 12:09:42 -------- d-----w- c:\program files\Western Digital

==================== Find3M ====================

2010-09-24 12:08:10 47360 ----a-w- c:\users\dave\appdata\roaming\pcouffin.sys
2010-09-23 16:53:00 850200 ----a-w- c:\users\dave\appdata\roaming\DivXInstaller.exe
2010-09-22 15:17:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 15:02:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 01:47:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:47:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 21:43:21.84 ===============
Attached File  Attach.txt   9.65KB   1 downloads
Attached File  ARK.txt   11.67KB   1 downloads

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:06 PM

Posted 15 November 2010 - 09:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 phillippslewis04

phillippslewis04
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 16 November 2010 - 04:33 AM

The some thing is still happening as when i first posted. Here is the two reports that you requested.

OTL logfile created on: 16/11/2010 6:25:54 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dave\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 30.24 Gb Free Space | 10.15% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 145.29 Gb Free Space | 77.99% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 67.47 Gb Free Space | 28.97% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 284.63 Gb Free Space | 30.56% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 728.41 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
Drive N: | 931.51 Gb Total Space | 134.44 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive P: | 931.51 Gb Total Space | 601.13 Gb Free Space | 64.53% Space Free | Partition Type: NTFS

Computer Name: DNT-HOME | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 18:02:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2010/10/26 04:16:59 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/05 06:43:30 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/10/03 12:06:15 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/17 05:34:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/06 19:22:30 | 000,715,440 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/24 21:17:04 | 000,385,928 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/02/03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/01/26 17:10:32 | 001,020,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/12/17 11:23:54 | 000,272,896 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/11/13 11:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/11/11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/09/29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/09/12 22:09:33 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/09/12 22:09:33 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/09/12 22:09:33 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/20 12:28:26 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PRC - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 15:57:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/12/12 17:31:44 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/05 14:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/11/11 11:23:10 | 016,990,208 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2008/11/07 09:38:54 | 001,591,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe
PRC - [2008/11/07 09:38:52 | 001,486,872 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe
PRC - [2008/11/07 09:38:46 | 001,112,088 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\InCD.exe
PRC - [2008/11/07 09:38:46 | 000,108,568 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe
PRC - [2008/08/07 13:49:00 | 000,091,648 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
PRC - [2008/05/27 19:35:30 | 000,040,960 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2007/12/26 21:28:28 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/05/29 02:27:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2010/11/16 18:02:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
MOD - [2010/09/01 01:13:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/06 19:22:30 | 000,715,440 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2010/06/19 11:29:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/25 10:57:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/14 20:31:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/12 22:09:33 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/09/12 22:09:33 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/12 22:09:33 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/12/12 17:31:44 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/12/05 14:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/11/07 09:38:52 | 001,486,872 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2008/11/07 09:38:46 | 000,108,568 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/01/19 17:08:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/29 02:27:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\DlinkUDSMBus.sys -- (DlinkUDSMBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dave\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/11/05 21:59:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/06 18:56:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/07/31 02:59:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/31 02:59:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/31 02:36:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/20 03:33:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/20 03:33:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/11 04:11:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 03:55:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/30 14:06:56 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/09/12 22:09:37 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/09/12 22:09:37 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/09/12 22:09:37 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/08/05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009/06/26 17:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/06/18 02:26:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/18 02:26:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/18 02:26:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/18 02:25:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/18 02:25:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/04/11 14:12:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 14:08:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/11/07 09:38:52 | 000,129,944 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2008/11/07 09:38:50 | 000,048,152 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/11/07 09:38:50 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2008/11/07 09:38:48 | 000,041,880 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - [2008/10/27 16:28:52 | 000,906,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/12 21:08:14 | 000,016,896 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VirtualAudio.sys -- (wsvad_driver)
DRV - [2008/08/12 10:11:36 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/02 10:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2007/12/17 18:44:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/01/03 17:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2006/11/02 19:21:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:21:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:21:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:21:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:21:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:21:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:21:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:20:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:20:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:20:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:20:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:20:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:20:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:20:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:20:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:20:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:20:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:20:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:20:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:19:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:19:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:19:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:19:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 17:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 17:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 17:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 17:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 17:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 17:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:00:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 23:14:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-182699756-1398664049-2954138398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKU\S-1-5-21-182699756-1398664049-2954138398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-182699756-1398664049-2954138398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 01 21 E3 55 7A CB 01 [binary data]
IE - HKU\S-1-5-21-182699756-1398664049-2954138398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-182699756-1398664049-2954138398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/05/12 02:31:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/05/12 02:31:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/11/05 21:31:50 | 000,000,309 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-182699756-1398664049-2954138398-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [autodetect] C:\Windows\System32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 9\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-182699756-1398664049-2954138398-1000..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\S-1-5-21-182699756-1398664049-2954138398-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-182699756-1398664049-2954138398-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [TSC] C:\Program Files\Trend Micro\Internet Security\tsc.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-182699756-1398664049-2954138398-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-182699756-1398664049-2954138398-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-182699756-1398664049-2954138398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} https://online.dha.gov.au/homefindweb/acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dave\Desktop\Daves Stuff\Wedding Stuff\Wedding Photo's\2004_1120Wedding\2004_1120Wedding0056.JPG
O24 - Desktop BackupWallPaper: C:\Users\Dave\Desktop\Daves Stuff\Wedding Stuff\Wedding Photo's\2004_1120Wedding\2004_1120Wedding0056.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/10 16:01:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - Driver
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.wmv3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 18:02:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2010/11/14 18:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/14 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/14 18:21:15 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/11/14 18:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/14 18:19:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/05 21:59:48 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/11/05 21:18:00 | 000,019,096 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\InCDRec.sys
[2010/11/05 21:17:59 | 000,129,944 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\InCDFs.sys
[2010/11/05 21:17:57 | 000,041,880 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\InCDRm.sys
[2010/11/05 21:17:55 | 000,048,152 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\InCDPass.sys
[2010/11/05 16:03:36 | 006,349,680 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dave\Desktop\mbam-rules.exe
[2010/11/05 13:34:54 | 001,329,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2010/11/04 18:54:42 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/04 18:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/04 18:53:36 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Dave\Desktop\SUPERAntiSpyware.exe
[2010/11/03 20:26:37 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes
[2010/11/03 20:26:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/03 20:26:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/03 20:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/03 20:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/03 20:20:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\GooredFix Backups
[2010/11/03 19:26:33 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dave\Desktop\mbam-setup.exe
[2010/11/03 19:23:32 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Dave\Desktop\GooredFix.exe
[2010/11/02 22:51:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/02 22:51:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/02 22:37:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/02 22:37:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/02 22:37:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/02 22:37:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/02 22:32:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/02 22:24:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/01 21:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/01 21:30:38 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2010/11/01 21:30:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2010/11/01 21:30:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/11/01 21:30:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2010/11/01 21:30:37 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2010/11/01 21:30:37 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/11/01 21:01:50 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Remote Assistance Logs
[2010/10/28 12:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/28 12:04:22 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/28 12:03:54 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/10/28 11:58:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/10/28 11:58:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/10/28 11:58:39 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/10/28 11:44:47 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Windows Live
[2010/10/28 11:42:05 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2010/10/28 11:37:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/10/28 11:37:09 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/10/28 11:37:09 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/10/28 11:37:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010/10/28 11:37:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010/10/28 11:37:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010/10/28 11:37:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/10/28 11:37:07 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/10/28 11:37:07 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/10/28 11:37:07 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/10/28 11:37:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010/10/28 11:36:59 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/10/28 11:36:59 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/10/28 11:36:59 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/10/28 11:36:59 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/10/28 11:36:59 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/10/27 05:45:37 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 05:45:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 05:45:35 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/09/24 02:23:00 | 000,850,200 | ---- | C] (DivX, Inc. ) -- C:\Users\Dave\AppData\Roaming\DivXInstaller.exe
[2009/08/18 06:52:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Dave\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/16 18:21:42 | 000,015,251 | ---- | M] () -- C:\Users\Dave\Desktop\TV shows.xlsx
[2010/11/16 18:02:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2010/11/16 17:55:23 | 000,030,208 | ---- | M] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/16 17:39:51 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/16 17:33:16 | 000,004,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/16 17:33:16 | 000,004,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 21:09:25 | 000,658,372 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/14 21:09:25 | 000,126,634 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/14 18:52:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/14 18:33:49 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/14 17:59:08 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4AEB04CB-ECA9-4CCC-8387-78C240FDF963}.job
[2010/11/14 07:52:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 09:21:14 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/13 07:33:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/13 07:31:29 | 3218,300,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 21:24:54 | 447,732,956 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/08 21:12:51 | 000,000,190 | ---- | M] () -- C:\Users\Dave\defogger_reenable
[2010/11/08 21:06:02 | 000,288,107 | ---- | M] () -- C:\Users\Dave\Desktop\gmer.zip
[2010/11/08 20:59:46 | 000,630,272 | ---- | M] () -- C:\Users\Dave\Desktop\dds.scr
[2010/11/08 20:57:42 | 000,050,477 | ---- | M] () -- C:\Users\Dave\Desktop\Defogger.exe
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Dave\Desktop\gmer.exe
[2010/11/05 21:59:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/11/05 21:31:50 | 000,000,309 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/05 20:53:01 | 000,000,029 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\default.rss
[2010/11/05 20:50:11 | 000,000,250 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2010/11/05 15:53:28 | 006,349,680 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dave\Desktop\mbam-rules.exe
[2010/11/05 14:20:31 | 001,329,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2010/11/05 02:15:10 | 000,001,356 | ---- | M] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat
[2010/11/04 18:54:18 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/04 18:53:36 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Dave\Desktop\SUPERAntiSpyware.exe
[2010/11/04 18:30:14 | 000,364,032 | ---- | M] () -- C:\Users\Dave\Desktop\iExplore.exe
[2010/11/04 18:23:19 | 000,000,335 | ---- | M] () -- C:\Users\Dave\Desktop\FixExe.reg
[2010/11/03 20:26:31 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 19:26:33 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dave\Desktop\mbam-setup.exe
[2010/11/03 19:23:32 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Dave\Desktop\GooredFix.exe
[2010/11/02 23:08:16 | 000,002,474 | ---- | M] () -- C:\Users\Dave\Documents\cc_20101102_230802.reg
[2010/11/02 21:36:47 | 000,000,036 | ---- | M] () -- C:\Users\Dave\AppData\Local\housecall.guid.cache
[2010/11/02 21:27:13 | 000,001,986 | ---- | M] () -- C:\Users\Dave\Documents\cc_20101102_212707.reg
[2010/11/01 21:47:04 | 000,000,165 | ---- | M] () -- C:\Users\Dave\AppData\Local\RAExpertHistory.xml
[2010/11/01 21:41:19 | 000,000,172 | ---- | M] () -- C:\Users\Dave\AppData\Local\rahistory.xml
[2010/11/01 21:00:07 | 000,000,000 | -H-- | M] () -- C:\Users\Dave\Documents\Default.rdp
[2010/10/28 12:36:58 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/28 12:24:52 | 002,316,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/14 18:33:49 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/08 21:48:04 | 000,296,448 | ---- | C] () -- C:\Users\Dave\Desktop\gmer.exe
[2010/11/08 21:24:54 | 447,732,956 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/08 21:12:30 | 000,000,190 | ---- | C] () -- C:\Users\Dave\defogger_reenable
[2010/11/08 21:05:59 | 000,288,107 | ---- | C] () -- C:\Users\Dave\Desktop\gmer.zip
[2010/11/08 20:59:41 | 000,630,272 | ---- | C] () -- C:\Users\Dave\Desktop\dds.scr
[2010/11/08 20:57:42 | 000,050,477 | ---- | C] () -- C:\Users\Dave\Desktop\Defogger.exe
[2010/11/05 06:34:49 | 3218,300,928 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 18:54:18 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/04 18:30:11 | 000,364,032 | ---- | C] () -- C:\Users\Dave\Desktop\iExplore.exe
[2010/11/04 18:23:18 | 000,000,335 | ---- | C] () -- C:\Users\Dave\Desktop\FixExe.reg
[2010/11/03 20:26:31 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 23:08:13 | 000,002,474 | ---- | C] () -- C:\Users\Dave\Documents\cc_20101102_230802.reg
[2010/11/02 22:37:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/02 22:37:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/02 22:37:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/02 22:37:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/02 21:34:47 | 000,000,036 | ---- | C] () -- C:\Users\Dave\AppData\Local\housecall.guid.cache
[2010/11/02 21:27:11 | 000,001,986 | ---- | C] () -- C:\Users\Dave\Documents\cc_20101102_212707.reg
[2010/11/01 21:47:04 | 000,000,165 | ---- | C] () -- C:\Users\Dave\AppData\Local\RAExpertHistory.xml
[2010/11/01 21:01:50 | 000,000,172 | ---- | C] () -- C:\Users\Dave\AppData\Local\rahistory.xml
[2010/11/01 21:00:07 | 000,000,000 | -H-- | C] () -- C:\Users\Dave\Documents\Default.rdp
[2010/10/28 12:36:58 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/28 11:37:00 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/10/28 11:37:00 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/10/28 11:37:00 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/08/19 21:30:31 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2009/11/15 04:07:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/11/15 04:03:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/11/15 03:41:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/11/15 03:41:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/11/15 03:41:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/11/15 03:41:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/11/15 03:41:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/11/15 03:41:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/15 03:41:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/11/15 03:41:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/10/05 19:01:52 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI
[2009/10/05 17:08:20 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/04 17:20:02 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/13 16:50:43 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\downloads.m3u
[2009/09/05 11:15:55 | 000,000,552 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d8caps.dat
[2009/08/18 06:52:02 | 000,007,887 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\pcouffin.cat
[2009/08/18 06:52:02 | 000,001,144 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\pcouffin.inf
[2009/08/16 16:11:40 | 000,000,029 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\default.rss
[2009/08/15 21:19:57 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/12 23:47:03 | 000,000,034 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\pcouffin.log
[2009/08/12 17:43:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/12 00:54:33 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2009/08/11 18:38:44 | 000,000,699 | ---- | C] () -- C:\ProgramData\OutlookFail.20090811.log
[2009/08/10 23:02:05 | 000,030,208 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 22:41:27 | 000,000,180 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\setup.log
[2009/08/10 22:41:25 | 000,000,760 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\setup_ldm.iss
[2009/08/10 22:05:15 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/10 21:28:13 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/10 21:28:12 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/10 15:49:25 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2009/08/10 15:49:25 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/08/10 15:49:19 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/08/10 15:49:19 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/08/10 15:48:01 | 000,008,291 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/10 15:30:18 | 000,010,917 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/08/10 15:28:51 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/08/10 15:28:41 | 000,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009/08/10 15:21:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2009/08/10 15:21:06 | 000,000,153 | ---- | C] () -- C:\Windows\System32\PMDrvStr.ini
[2009/08/10 15:21:03 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/08/10 15:14:06 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS7R.DLL
[2009/08/10 15:12:04 | 000,012,288 | ---- | C] () -- C:\Windows\System32\CNCFLaNL.DLL
[2009/08/10 14:38:01 | 000,001,356 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/11 07:45:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/04/11 07:16:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2006/11/02 22:04:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/09/17 01:22:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003/09/17 01:13:31 | 000,884,736 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003/09/17 01:11:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/08/11 00:04:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/08/11 00:04:44 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/08/11 00:04:44 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/08/11 22:00:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009/08/11 22:00:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/08/11 00:04:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 19:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 17:03:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 17:03:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/19 17:03:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 17:03:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 19:15:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 15:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 15:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 15:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 19:15:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 17:03:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 15:57:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 15:58:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 20:04:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 20:04:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 20:04:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:04:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:04:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/11/05 21:59:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/09/06 23:15:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/09/06 23:15:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/09/06 23:15:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/09/06 18:56:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BBADE846

< End of report >

*************************************************************************************************************************************************************************************************************************************



OTL Extras logfile created on: 16/11/2010 6:25:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dave\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 30.24 Gb Free Space | 10.15% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 145.29 Gb Free Space | 77.99% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 67.47 Gb Free Space | 28.97% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 284.63 Gb Free Space | 30.56% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 728.41 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
Drive N: | 931.51 Gb Total Space | 134.44 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive P: | 931.51 Gb Total Space | 601.13 Gb Free Space | 64.53% Space Free | Partition Type: NTFS

Computer Name: DNT-HOME | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{144C1874-866E-4DB0-969E-60C27FC5E235}" = lport=139 | protocol=6 | dir=in | app=system |
"{4071090D-231C-4E62-9257-ABE232DDAD8B}" = rport=445 | protocol=6 | dir=out | app=system |
"{45944E89-A2CA-4E77-80AB-24665AD8C058}" = lport=6112 | protocol=6 | dir=in | name=war3 |
"{476650B5-282B-4FF8-958E-D2DEF72FF530}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6BF7232A-6AE9-4D49-BB2F-BE1C9DDF434F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{713A5F00-FEA9-47F9-99FA-946DCA712831}" = lport=3389 | protocol=6 | dir=in | app=system |
"{713CFA5D-2355-4730-A640-FAC4E3393C97}" = rport=139 | protocol=6 | dir=out | app=system |
"{758C45AB-F604-4A36-89C9-9E71B042746A}" = lport=137 | protocol=17 | dir=in | app=system |
"{784E6F54-E9E8-4703-B33A-02F8BF6B593E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{85E7DECC-A8C5-493C-9D00-C8513E816154}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{892AD632-345C-41C0-A4F0-8E5D388D4580}" = lport=9303 | protocol=17 | dir=in | name=network usb utility udp port |
"{9F2E7C06-6D69-492F-823A-674C13499EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CCEF5E57-A373-4E48-9E42-6D53914AEC1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD85C0D8-BDD1-433F-B318-D29D01BC9DE8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CDC34C76-61F7-4FDE-938F-5D3942099E10}" = lport=138 | protocol=17 | dir=in | app=system |
"{ECE2A7B3-477B-47D2-B3C6-E7DB35732704}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED354A13-3C85-4C59-85D9-D7A413C37F89}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF93C25B-3A98-444C-BF2F-750CDF9F690B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F42720D0-CBE9-4FC0-9020-6842139BD73F}" = lport=6112 | protocol=17 | dir=in | name=war3 |
"{FB0475AF-36A1-4353-BEE9-AF0DE0584A43}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07136AE8-A55F-415D-B454-A48C398800B2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{2EC0B19F-DA56-45D5-8A41-A85F3527C352}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{2F90A480-F4CC-4871-ACEB-E9943563F3C6}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{48B4236F-3FC3-4E38-B096-9D6D8437A301}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{48B54B35-25DC-40BB-B89A-A74FD6D552B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E8771F9-DB07-4C4B-BC54-0BC9F9DFEA7E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5046D5E8-A1F0-4E4A-B87C-00DB1A53FEDF}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{51E1CB5A-EAD2-44C0-ABDB-EC3A0D540BA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{548B0520-4F81-4A1C-8391-4801B9F39434}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{575D11AF-349A-47C9-B339-AFE8E91E5F39}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{59FF677A-1031-4991-ACC6-371D899699C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{69A406CF-15B8-449F-8A81-92038BCF185B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6F9825A7-93B0-4C22-AF19-12E0DF700BBA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{78776716-CACA-4A68-8B49-1B29A43EEF7A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{7A1E7321-8F9D-4960-AD70-47BCCB4B3256}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{818D05FB-3454-409D-824F-3349AC0E6A71}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82F39229-EC3E-4989-B789-9E0560287D0A}" = protocol=6 | dir=in | app=c:\program files\cyberlink\pcm4everio\everioservice.exe |
"{83B859C7-FC58-4D8D-8EBD-6003BBAEF0AB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8AB1658D-FB02-4B74-8B82-EEB0D0C70372}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{8EEB1C4C-AB9A-451B-AB51-53CD08F00908}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{9405DCCE-E21B-4E6B-8CD2-82C440EE7B3E}" = protocol=17 | dir=in | app=c:\program files\d-link\network usb utility\network usb utility.exe |
"{A8413DD4-09BB-4954-BA1A-7BD9F8183238}" = protocol=6 | dir=in | app=c:\program files\cyberlink\pcm4everio\pcm4everio.exe |
"{AA793466-09C8-4A69-94E2-ABFA206D15C5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{AC222F22-64BF-42B3-9F2C-0025AF8F32D7}" = protocol=6 | dir=in | app=c:\program files\d-link\network usb utility\network usb utility.exe |
"{ADE3A25F-9227-4280-B535-4C1B00F44FAB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AEF18ADA-856D-4CBA-B278-F8B227C0C59F}" = protocol=17 | dir=in | app=c:\program files\cyberlink\pcm4everio\everioservice.exe |
"{B296BCA8-47EF-4009-995D-2C38C62452F0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{D686B6C7-00AA-46D5-9374-823832A7C1BD}" = protocol=17 | dir=in | app=c:\program files\cyberlink\pcm4everio\pcm4everio.exe |
"{D7F90DB6-03C5-4E6D-80FE-24E43CA6F65C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAA70709-EFE5-4D3B-AA6B-AF9C9B820BF2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{FBBC4494-4265-4D13-9002-E6F742FF3320}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{79FE037A-5955-4CD7-8451-F671D8704446}C:\users\dave\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\dave\downloads\utorrent.exe |
"TCP Query User{97E9D2FD-0BA5-4660-BC27-84BF75B21AA1}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{A3607230-20E1-4071-89B4-3C2B39D8F318}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{FE1A8511-4F4E-4CB0-9927-C5DF19D2C770}C:\users\dave\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\dave\downloads\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Atheros Ethernet Utility
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 20
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3186AEAE-E104-424D-9152-1BF6A4404758}" = Nokia Software Updater
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F8A6D44-5ABC-4C5A-9BD8-D6312EA1E9F8}" = BigPond Broadband ADSL
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8553b956-519d-4b7e-8b35-a272ce9257b5}" = Nero 9
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8f163ba4-a33f-4845-b175-9fa21bb39ea1}" = Nero BackItUp 4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B27901FA-F157-4049-B1EC-BC43890A1DCC}" = Active@ File Recovery
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}" = muveeNow 2.1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{d52fe806-3105-44a5-8d42-2291dec16463}" = InCD
"{D95AA4F4-9FCF-4BD8-AC07-AB1912A202E2}_is1" = Home Plan Pro version 5.2.12.4
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EE8763-EAA8-4BC1-8594-8501F5F00414}" = Nokia NSeries One Touch Access
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"2F9195F1086644EBBC52B3DE9E30D768_is1" = Encyclopedia 2009 Demo 9.05
"3B7076EB3C51070DE9D6902E9696507D9B471345" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Aiseesoft Tod Converter_is1" = Aiseesoft Tod Converter
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Daniusoft Media Converter Pro_is1" = Daniusoft Media Converter Pro(Build 2.2.3.0)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVDFab 7_is1" = DVDFab 7.0.6.2 (20/05/2010)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ffdshow_is1" = ffdshow [rev 3092] [2009-09-27]
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Oryte_Games_1.15 Toolbar" = Oryte_Games_1.15 Toolbar
"PFPortChecker" = PFPortChecker 1.0.30
"PROHYBRIDR" = 2007 Microsoft Office system
"Registry Fix_is1" = RegistryFix v7.1
"SystemRequirementsLab" = System Requirements Lab
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VB Runtime" = VB Runtime
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WTA-2a736688-7b3e-44bc-ae28-e39d803060cc" = Diner Dash Hometown Hero

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-182699756-1398664049-2954138398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks for your help Dave.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:06 PM

Posted 16 November 2010 - 05:15 AM

Hi,

please reset your router:
Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:06 PM

Posted 27 December 2010 - 07:38 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users