Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google Redirects/ Infomash and more


  • This topic is locked This topic is locked
5 replies to this topic

#1 gretschtastic

gretschtastic

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 18 November 2010 - 08:40 PM

Hello,


I've been having google search redirects for a while now on Firefox. I am running Windows Vista. After trying about a million free anti spyware programs which are finding nothing, I can't get rid of it. I'm hoping you can help.


This is my first time posting here, so I hope I'm following the instructions correctly:



DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Dave at 19:21:46.98 on Thu 11/18/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3965.1007 [GMT -6:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ColdFusion9\solr\solr.exe
C:\ColdFusion9\jnbridge\CFDotNetsvc.exe
C:\ColdFusion9\runtime\jre\bin\java.exe
C:\ColdFusion9\runtime\bin\jrunsvc.exe
C:\ColdFusion9\jnbridge\JNBDotNetSide.exe
C:\ColdFusion9\db\slserver54\bin\swagent.exe
C:\ColdFusion9\runtime\bin\jrun.exe
C:\ColdFusion9\db\slserver54\bin\swstrtr.exe
C:\ColdFusion9\db\slserver54\bin\swsoc.exe
C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\ColdFusion9\verity\k2\_nti40\bin\k2server.exe
C:\ColdFusion9\verity\k2\_nti40\bin\k2index.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Dave\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Dave\AppData\Roaming\Mikogo\Mikogo-Host.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\ATWTUSB.EXE
C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TextAloud\TAForOELoader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\conime.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
C:\Users\Dave\Desktop\gmer.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Users\Dave\Desktop\gmer.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: TextAloud Toolbar: {f053c368-5458-45b2-9b4d-d8914bdddbff} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [googletalk] C:\Users\Dave\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Mikogo] "C:\Users\Dave\AppData\Roaming\Mikogo\Mikogo-Host.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [atwtusb] atwtusb.exe
mRun: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TAForOE Loader] "C:\Program Files (x86)\TextAloud\TAForOELoader.exe" /background
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe"
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6040/mcfscan.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\j8gmw8tr.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3Adapter.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\j8gmw8tr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Dave\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-6-5 69152]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2010-4-7 49752]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-9-14 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-9-14 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-9-14 81584]
R2 CF9Solr;ColdFusion 9 Solr Service;C:\ColdFusion9\solr\solr.exe -zglaxservice CF9Solr --> C:\ColdFusion9\solr\solr.exe -zglaxservice CF9Solr [?]
R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;C:\ColdFusion9\jnbridge\CFDotNetsvc.exe [2010-4-3 77824]
R2 ColdFusion 9 Application Server;ColdFusion 9 Application Server;C:\ColdFusion9\runtime\bin\jrunsvc.exe [2010-4-3 68096]
R2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;C:\ColdFusion9\db\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> C:\ColdFusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
R2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;C:\ColdFusion9\db\slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> C:\ColdFusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
R2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe [2010-4-3 3677616]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-2-4 1352832]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 SBAMSvc;CounterSpy Antispyware;C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe [2010-8-20 2763080]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2010-6-14 64600]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe [2010-8-20 181584]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-4-7 1153368]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-8-19 615424]
S1 aiptektp;Pen Pad;C:\Windows\System32\drivers\aiptektp.sys [2010-5-2 29184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-29 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mr97310c;CIF Dual-Mode Camera;C:\Windows\System32\drivers\mr97310c.sys [2008-3-27 143872]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\System32\drivers\vmuvc.sys [2010-4-25 198784]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\System32\drivers\vvftUVC.sys [2010-4-25 303616]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-10 93184]

=============== Created Last 30 ================

2010-11-18 04:02:17 -------- d-----w- C:\PROGRA~3\SITEguard
2010-11-18 04:00:50 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2010-11-18 04:00:48 -------- d-----w- C:\PROGRA~3\STOPzilla!
2010-11-18 02:36:15 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2010-11-18 00:53:29 -------- d-----w- C:\Users\Dave\AppData\Roaming\Sunbelt
2010-11-18 00:53:27 -------- d-----w- C:\PROGRA~3\Sunbelt
2010-11-18 00:52:55 27472 ----a-w- C:\Windows\System32\sbbd.exe
2010-11-18 00:52:33 -------- d-----w- C:\Program Files (x86)\Sunbelt Software
2010-11-16 07:42:24 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{899916FD-F3CD-457E-AC88-1BC943E6280B}\mpengine.dll
2010-11-10 05:35:30 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 05:35:30 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-11-07 06:59:47 -------- d-----w- C:\Program Files (x86)\Logitech Touch Mouse Server
2010-11-07 05:23:31 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-11-07 05:23:29 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-11-07 05:23:19 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-11-04 23:30:50 -------- d-----w- C:\PROGRA~3\Xerox
2010-10-26 21:22:22 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-26 21:22:22 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-26 21:22:21 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-26 21:22:20 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-11-02 12:36:20 81584 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-20 12:14:32 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-09-20 09:25:01 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-09-10 16:37:06 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-10 15:52:05 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-08 17:26:59 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-09-08 16:46:38 1032704 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 15:53:07 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 15:28:29 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-08 15:26:20 485376 ----a-w- C:\Windows\System32\html.iec
2010-09-08 15:00:33 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-06 16:24:40 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:23:14 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:59:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 15:59:19 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 15:57:48 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 13:44:39 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 13:44:17 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-09-06 13:44:14 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-31 15:41:42 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 15:21:34 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 13:18:42 2751488 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 16:27:46 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 16:21:44 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 16:21:44 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 16:21:43 281600 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:07:25 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 16:01:35 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- C:\Windows\apppatch\AcGenral.dll

============= FINISH: 19:23:27.61 ===============





The GMER stats came back with nothing, but so you know the options as posted in the isntructions were not available. I was only able to have it search Services, Registry and Files. "System" was not an option to select, for instance.

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 AM

Posted 28 November 2010 - 09:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.



In your reply, please post both OTL logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 gretschtastic

gretschtastic
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 02 December 2010 - 11:28 PM

Sorry for the later response! I saw this in my spam box not too long ago and just haven't had a moment to respond. The problem may have gone away after doing an online scan, but my firefox seems incredibly slow even since then, so I'm not convinced the entire problem is gone. Her eare my logs:



OTL logfile created on: 11/30/2010 3:47:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dave\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 20.00% Memory free
8.00 Gb Paging File | 3.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.64 Gb Total Space | 229.15 Gb Free Space | 50.62% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.79 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HOME-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/30 15:44:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2010/11/02 06:36:20 | 000,434,344 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2010/11/02 06:36:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/02 06:36:20 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/02 06:36:20 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/27 00:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/01 23:50:42 | 004,399,552 | ---- | M] (NextUp.com) -- C:\Program Files (x86)\TextAloud\TextAloudMP3.exe
PRC - [2010/09/10 00:44:55 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/20 09:38:44 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/03 03:15:42 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/16 03:15:36 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/17 08:51:48 | 000,499,144 | ---- | M] (NextUp.com) -- C:\Program Files (x86)\TextAloud\TAForOELoader.exe
PRC - [2010/04/03 12:56:21 | 001,073,152 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swsoc.exe
PRC - [2010/04/03 12:56:21 | 000,114,688 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swstrtr.exe
PRC - [2010/04/03 12:56:20 | 000,696,320 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swagent.exe
PRC - [2010/04/03 12:53:28 | 000,115,712 | ---- | M] (Acresso) -- C:\ColdFusion9\solr\solr.exe
PRC - [2010/02/04 13:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/01 22:37:00 | 002,748,416 | ---- | M] (Mikogo) -- C:\Users\Dave\AppData\Roaming\Mikogo\Mikogo-Host.exe
PRC - [2009/11/10 19:39:28 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/17 17:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 17:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/08/29 16:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/04/28 01:08:41 | 003,045,884 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2server.exe
PRC - [2008/04/27 23:57:32 | 001,824,388 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2index.exe
PRC - [2008/04/27 23:57:03 | 003,677,616 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe
PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/05 00:45:12 | 000,077,824 | ---- | M] () -- C:\ColdFusion9\jnbridge\CFDotNetsvc.exe
PRC - [2007/03/20 16:43:50 | 000,315,392 | ---- | M] () -- C:\Windows\SysWOW64\ATWTUSB.EXE
PRC - [2007/01/01 15:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Dave\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2002/09/16 08:38:08 | 000,659,456 | ---- | M] () -- C:\Program Files (x86)\ATTNaturalVoices\TTS1.4\Desktop\bin\nvdesktopproxy.exe


========== Modules (SafeList) ==========

MOD - [2010/11/30 15:44:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
MOD - [2010/08/31 09:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/10 20:48:30 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
SRV - [2010/11/02 06:36:20 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 06:36:20 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/03 03:15:42 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/03 12:56:21 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\db\slserver54\bin\swstrtr.exe -- (ColdFusion 9 ODBC Server)
SRV - [2010/04/03 12:56:20 | 000,696,320 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\db\slserver54\bin\swagent.exe -- (ColdFusion 9 ODBC Agent)
SRV - [2010/04/03 12:53:28 | 000,115,712 | ---- | M] (Acresso) [Auto | Running] -- C:\ColdFusion9\solr\solr.exe -- (CF9Solr)
SRV - [2010/04/02 17:17:19 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 06:17:10 | 000,068,096 | ---- | M] (Macromedia Inc.) [Auto | Running] -- C:\ColdFusion9\runtime\bin\jrunsvc.exe -- (ColdFusion 9 Application Server)
SRV - [2009/06/17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/27 23:57:03 | 003,677,616 | ---- | M] (Verity, Inc.) [Auto | Running] -- C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe -- (ColdFusion 9 Search Server)
SRV - [2007/04/05 00:45:12 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\jnbridge\CFDotNetsvc.exe -- (ColdFusion 9 .NET Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/11/22 18:47:34 | 000,083,120 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/06/14 14:54:30 | 000,064,600 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2010/06/05 03:19:41 | 000,069,152 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/22 12:11:12 | 000,049,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/15 16:47:00 | 000,303,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vvftUVC.sys -- (vvftUVC)
DRV:64bit: - [2009/07/15 16:47:00 | 000,198,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMUVC.sys -- (VMUVC)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/09 19:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/03/27 06:14:02 | 000,143,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mr97310c.sys -- (mr97310c)
DRV:64bit: - [2008/02/26 11:18:00 | 000,615,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2006/12/27 10:44:28 | 000,029,184 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\aiptektp.sys -- (aiptektp)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/09/26 03:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/03/15 16:25:44 | 000,127,574 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MR97310c.sys -- (mr97310c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:3.0.8
FF - prefs.js..extensions.enabledItems: {B0AFC992-FB82-4A45-AD6D-8DECE8662350}:1.9.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/10 00:46:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/21 12:28:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/21 12:28:29 | 000,000,000 | ---D | M]

[2009/11/10 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2010/11/30 13:20:16 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\j8gmw8tr.default\extensions
[2009/11/13 23:38:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\j8gmw8tr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/08 22:30:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\j8gmw8tr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/14 21:02:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\j8gmw8tr.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010/11/11 12:10:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\j8gmw8tr.default\extensions\firebug@software.joehewitt.com
[2010/11/21 12:28:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/11 21:44:47 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}

O1 HOSTS File: ([2010/11/17 22:04:50 | 000,416,012 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 14359 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (TextAloud Toolbar) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll (NextUp.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atwtusb] C:\Windows\SysWow64\ATWTUSB.EXE ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TAForOE Loader] C:\Program Files (x86)\TextAloud\TAForOELoader.exe (NextUp.com)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\Dave\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Mikogo] C:\Users\Dave\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6040/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.72.134 68.87.77.134
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23ee10c9-ce62-11de-a4bd-001e904d4e49}\Shell - "" = AutoRun
O33 - MountPoints2\{23ee10c9-ce62-11de-a4bd-001e904d4e49}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found



Drivers32:64bit: aux - wdmaud.drv ()
Drivers32:64bit: aux1 - wdmaud.drv ()
Drivers32:64bit: aux2 - wdmaud.drv ()
Drivers32:64bit: aux3 - wdmaud.drv ()
Drivers32:64bit: midi - wdmaud.drv ()
Drivers32:64bit: midi1 - wdmaud.drv ()
Drivers32:64bit: midi2 - wdmaud.drv ()
Drivers32:64bit: midi3 - wdmaud.drv ()
Drivers32:64bit: midimapper - midimap.dll ()
Drivers32:64bit: mixer - wdmaud.drv ()
Drivers32:64bit: mixer1 - wdmaud.drv ()
Drivers32:64bit: mixer2 - wdmaud.drv ()
Drivers32:64bit: mixer3 - wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm ()
Drivers32:64bit: msacm.msg711 - msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm ()
Drivers32:64bit: MSVideo8 - VfWWDM32.dll ()
Drivers32:64bit: vidc.i420 - iyuv_32.dll ()
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - msrle32.dll ()
Drivers32:64bit: vidc.msvc - msvidc32.dll ()
Drivers32:64bit: VIDC.UYVY - msyuv.dll ()
Drivers32:64bit: VIDC.YUY2 - msyuv.dll ()
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll ()
Drivers32:64bit: VIDC.YVYU - msyuv.dll ()
Drivers32:64bit: wave - wdmaud.drv ()
Drivers32:64bit: wave1 - wdmaud.drv ()
Drivers32:64bit: wave2 - wdmaud.drv ()
Drivers32:64bit: wave3 - wdmaud.drv ()
Drivers32:64bit: wavemapper - msacm32.drv ()
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/30 15:44:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2010/11/28 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\New Folder (4)
[2010/11/23 22:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/17 22:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/11/17 22:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2010/11/17 22:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/11/17 21:35:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/17 20:36:15 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/11/17 18:53:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Sunbelt
[2010/11/17 18:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010/11/17 18:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunbelt Software
[2010/11/12 20:51:14 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\bp-nicey
[2010/11/12 19:58:45 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\New Folder (3)
[2010/11/10 21:15:40 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\crcgood
[2010/11/10 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\crc2
[2010/11/09 21:04:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\history
[2010/11/09 02:39:38 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\crc
[2010/11/07 00:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech Touch Mouse Server
[2010/11/06 23:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/06 23:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/04 17:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[1 C:\Users\Dave\*.tmp files -> C:\Users\Dave\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/30 15:44:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2010/11/30 15:19:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/30 14:56:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/30 14:56:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/30 05:19:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/28 17:17:34 | 517,858,176 | ---- | M] () -- C:\Users\Dave\Desktop\reina del sur.mp3
[2010/11/28 12:02:37 | 002,460,655 | ---- | M] () -- C:\Users\Dave\Desktop\Arturo_Perez_Reverte_-_La_reina_del_Sur.pdf
[2010/11/28 07:33:35 | 000,709,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/28 07:33:35 | 000,609,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/28 07:33:35 | 000,104,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/23 15:01:01 | 003,598,701 | ---- | M] () -- C:\Users\Dave\Desktop\My Poker Coaches Unleashed.pdf
[2010/11/22 18:47:34 | 000,083,120 | ---- | M] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/21 23:36:26 | 000,003,632 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
[2010/11/21 23:32:19 | 000,014,913 | R--- | M] () -- C:\Users\Dave\Desktop\span204; comp2.docx
[2010/11/21 12:28:33 | 000,001,804 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/21 12:28:33 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/20 15:51:26 | 000,001,662 | ---- | M] () -- C:\Users\Dave\Desktop\Dave.jpg
[2010/11/18 18:59:19 | 000,000,000 | ---- | M] () -- C:\Users\Dave\defogger_reenable
[2010/11/18 18:46:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/18 18:40:19 | 000,288,107 | ---- | M] () -- C:\Users\Dave\Desktop\gmer.zip
[2010/11/18 18:39:27 | 000,050,477 | ---- | M] () -- C:\Users\Dave\Desktop\Defogger.exe
[2010/11/18 18:38:19 | 000,630,272 | ---- | M] () -- C:\Users\Dave\Desktop\dds.scr
[2010/11/18 15:06:37 | 000,408,544 | ---- | M] () -- C:\Users\Dave\Desktop\monsiavias_mexican.pdf
[2010/11/18 14:21:22 | 002,590,426 | ---- | M] () -- C:\Users\Dave\Desktop\Canclini_culturas.pdf
[2010/11/18 05:58:01 | 000,012,208 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/11/17 20:15:41 | 000,000,036 | ---- | M] () -- C:\Users\Dave\AppData\Local\housecall.guid.cache
[2010/11/17 18:52:55 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\CounterSpy.lnk
[2010/11/17 11:39:18 | 000,045,568 | ---- | M] () -- C:\Users\Dave\Desktop\Cristianos.doc
[2010/11/17 00:49:37 | 004,561,993 | ---- | M] () -- C:\Users\Dave\Desktop\mothers.pdf
[2010/11/16 12:08:36 | 191,157,744 | ---- | M] () -- C:\Users\Dave\Desktop\Manana.mp3
[2010/11/15 21:10:33 | 000,004,043 | ---- | M] () -- C:\Users\Dave\Desktop\Ad2.swf
[2010/11/14 12:45:26 | 375,073,416 | ---- | M] () -- C:\Users\Dave\Desktop\Default Title.mp3
[2010/11/14 03:11:59 | 000,011,288 | ---- | M] () -- C:\Users\Dave\Documents\employmet history .odt
[2010/11/13 23:28:12 | 000,018,252 | ---- | M] () -- C:\Users\Dave\Desktop\al.jpg
[2010/11/13 23:27:55 | 001,228,854 | ---- | M] () -- C:\Users\Dave\Desktop\al.BMP
[2010/11/13 19:02:16 | 000,000,600 | ---- | M] () -- C:\Users\Dave\AppData\Local\PUTTY.RND
[2010/11/13 18:05:59 | 000,049,944 | ---- | M] () -- C:\Users\Dave\Desktop\IMG_1026.BTH
[2010/11/13 18:05:01 | 000,011,064 | ---- | M] () -- C:\Users\Dave\Desktop\IMG_1026.THM
[2010/11/13 15:57:46 | 000,031,496 | ---- | M] () -- C:\Users\Dave\Desktop\welcome.mp3
[2010/11/13 00:57:44 | 000,002,735 | ---- | M] () -- C:\Users\Dave\Desktop\blog.php
[2010/11/12 22:35:14 | 000,000,518 | ---- | M] () -- C:\Users\Dave\Desktop\.htaccess
[2010/11/10 20:59:09 | 000,686,913 | ---- | M] () -- C:\Users\Dave\Desktop\JabberCam_h.swf
[2010/11/10 20:58:59 | 000,445,453 | ---- | M] () -- C:\Users\Dave\Desktop\milinguachat.swf
[2010/11/10 01:19:44 | 000,008,349 | ---- | M] () -- C:\Users\Dave\Desktop\AC_OETags.js
[2010/11/10 01:19:44 | 000,004,296 | ---- | M] () -- C:\Users\Dave\Desktop\milinguachat2.html
[2010/11/10 01:19:44 | 000,000,657 | ---- | M] () -- C:\Users\Dave\Desktop\playerProductInstall.swf
[2010/11/10 01:19:41 | 000,514,598 | ---- | M] () -- C:\Users\Dave\Desktop\milinguachat2.swf
[2010/11/10 01:19:37 | 000,004,283 | ---- | M] () -- C:\Users\Dave\Desktop\milinguachat.html
[2010/11/09 21:04:30 | 000,501,251 | ---- | M] () -- C:\Users\Dave\Desktop\spark_4.0.0.14159.swf
[2010/11/09 21:04:30 | 000,069,805 | ---- | M] () -- C:\Users\Dave\Desktop\sparkskins_4.0.0.14159.swf
[2010/11/09 21:04:29 | 001,037,109 | ---- | M] () -- C:\Users\Dave\Desktop\framework_4.0.0.14159.swf
[2010/11/09 21:04:29 | 000,262,226 | ---- | M] () -- C:\Users\Dave\Desktop\textLayout_1.0.0.595.swf
[2010/11/09 21:04:29 | 000,207,540 | ---- | M] () -- C:\Users\Dave\Desktop\rpc_4.0.0.14159.swf
[2010/11/09 21:04:29 | 000,150,731 | ---- | M] () -- C:\Users\Dave\Desktop\osmf_flex.4.0.0.13495.swf
[2010/11/09 10:55:02 | 000,016,384 | ---- | M] () -- C:\Users\Dave\Desktop\reyes-critica.doc
[2010/11/09 00:46:16 | 000,011,017 | ---- | M] () -- C:\Users\Dave\Desktop\reyes-critica.odt
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Dave\Desktop\gmer.exe
[2010/11/07 16:36:18 | 000,023,040 | ---- | M] () -- C:\Users\Dave\Desktop\NewestLiebermanabstract.doc
[2010/11/07 16:01:47 | 000,022,528 | ---- | M] () -- C:\Users\Dave\Desktop\NewestLieberman_abstract_Dave1.doc
[2010/11/07 16:01:26 | 000,022,528 | ---- | M] () -- C:\Users\Dave\Desktop\NewestLieberman_abstract.doc
[2010/11/07 00:59:56 | 000,001,040 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
[2010/11/06 23:54:20 | 608,360,672 | ---- | M] () -- C:\Users\Dave\Desktop\iPod4,1_4.1_8B117_Restore.ipsw
[2010/11/06 23:23:31 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/06 23:23:30 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/05 04:19:55 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/04 13:02:11 | 000,041,984 | ---- | M] () -- C:\Users\Dave\Desktop\presentation_final.doc
[2010/11/04 12:40:12 | 000,041,472 | ---- | M] () -- C:\Users\Dave\Desktop\presentation.2.doc
[2010/11/04 02:57:18 | 000,028,672 | ---- | M] () -- C:\Users\Dave\Desktop\presentation.1.doc
[2010/11/03 21:49:14 | 000,016,384 | ---- | M] () -- C:\Users\Dave\Desktop\presentation.doc
[2010/11/03 21:48:34 | 000,016,384 | ---- | M] () -- C:\Users\Dave\Documents\presentation.doc
[2010/11/01 21:31:24 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/11/01 00:56:27 | 000,039,862 | ---- | M] () -- C:\Users\Dave\Desktop\73850_449803025705_539575705_5914201_1276419_n.jpg
[2010/10/31 20:42:49 | 000,006,673 | ---- | M] () -- C:\Users\Dave\Desktop\73850_449803025705_539575705_5914201_1276419_s.jpg
[2010/10/31 20:42:40 | 000,007,106 | ---- | M] () -- C:\Users\Dave\Desktop\69805_448458130705_539575705_5887819_4936039_s.jpg
[1 C:\Users\Dave\*.tmp files -> C:\Users\Dave\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 16:16:53 | 517,858,176 | ---- | C] () -- C:\Users\Dave\Desktop\reina del sur.mp3
[2010/11/28 12:02:32 | 002,460,655 | ---- | C] () -- C:\Users\Dave\Desktop\Arturo_Perez_Reverte_-_La_reina_del_Sur.pdf
[2010/11/23 15:00:34 | 003,598,701 | ---- | C] () -- C:\Users\Dave\Desktop\My Poker Coaches Unleashed.pdf
[2010/11/21 23:32:20 | 000,014,913 | R--- | C] () -- C:\Users\Dave\Desktop\span204; comp2.docx
[2010/11/21 12:28:33 | 000,001,804 | ---- | C] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/21 12:28:33 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/20 15:51:10 | 000,001,662 | ---- | C] () -- C:\Users\Dave\Desktop\Dave.jpg
[2010/11/18 18:59:19 | 000,000,000 | ---- | C] () -- C:\Users\Dave\defogger_reenable
[2010/11/18 18:40:39 | 000,296,448 | ---- | C] () -- C:\Users\Dave\Desktop\gmer.exe
[2010/11/18 18:40:10 | 000,288,107 | ---- | C] () -- C:\Users\Dave\Desktop\gmer.zip
[2010/11/18 18:39:27 | 000,050,477 | ---- | C] () -- C:\Users\Dave\Desktop\Defogger.exe
[2010/11/18 18:38:16 | 000,630,272 | ---- | C] () -- C:\Users\Dave\Desktop\dds.scr
[2010/11/18 15:06:37 | 000,408,544 | ---- | C] () -- C:\Users\Dave\Desktop\monsiavias_mexican.pdf
[2010/11/18 14:20:56 | 002,590,426 | ---- | C] () -- C:\Users\Dave\Desktop\Canclini_culturas.pdf
[2010/11/17 23:16:19 | 000,012,208 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/11/17 20:15:41 | 000,000,036 | ---- | C] () -- C:\Users\Dave\AppData\Local\housecall.guid.cache
[2010/11/17 18:52:55 | 000,027,472 | ---- | C] () -- C:\Windows\SysNative\sbbd.exe
[2010/11/17 18:52:55 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\CounterSpy.lnk
[2010/11/17 00:49:37 | 004,561,993 | ---- | C] () -- C:\Users\Dave\Desktop\mothers.pdf
[2010/11/16 23:52:38 | 000,045,568 | ---- | C] () -- C:\Users\Dave\Desktop\Cristianos.doc
[2010/11/16 11:48:23 | 191,157,744 | ---- | C] () -- C:\Users\Dave\Desktop\Manana.mp3
[2010/11/15 21:10:32 | 000,004,043 | ---- | C] () -- C:\Users\Dave\Desktop\Ad2.swf
[2010/11/14 12:10:05 | 375,073,416 | ---- | C] () -- C:\Users\Dave\Desktop\Default Title.mp3
[2010/11/14 02:29:59 | 000,011,288 | ---- | C] () -- C:\Users\Dave\Documents\employmet history .odt
[2010/11/13 23:28:11 | 000,018,252 | ---- | C] () -- C:\Users\Dave\Desktop\al.jpg
[2010/11/13 23:27:55 | 001,228,854 | ---- | C] () -- C:\Users\Dave\Desktop\al.BMP
[2010/11/13 18:05:58 | 000,049,944 | ---- | C] () -- C:\Users\Dave\Desktop\IMG_1026.BTH
[2010/11/13 18:05:01 | 000,011,064 | ---- | C] () -- C:\Users\Dave\Desktop\IMG_1026.THM
[2010/11/13 15:31:16 | 000,031,496 | ---- | C] () -- C:\Users\Dave\Desktop\welcome.mp3
[2010/11/13 00:57:44 | 000,002,735 | ---- | C] () -- C:\Users\Dave\Desktop\blog.php
[2010/11/10 01:33:56 | 000,686,913 | ---- | C] () -- C:\Users\Dave\Desktop\JabberCam_h.swf
[2010/11/10 00:31:13 | 000,008,349 | ---- | C] () -- C:\Users\Dave\Desktop\AC_OETags.js
[2010/11/10 00:31:13 | 000,004,296 | ---- | C] () -- C:\Users\Dave\Desktop\milinguachat2.html
[2010/11/10 00:31:10 | 000,514,598 | ---- | C] () -- C:\Users\Dave\Desktop\milinguachat2.swf
[2010/11/09 21:04:30 | 000,501,251 | ---- | C] () -- C:\Users\Dave\Desktop\spark_4.0.0.14159.swf
[2010/11/09 21:04:30 | 000,069,805 | ---- | C] () -- C:\Users\Dave\Desktop\sparkskins_4.0.0.14159.swf
[2010/11/09 21:04:29 | 001,037,109 | ---- | C] () -- C:\Users\Dave\Desktop\framework_4.0.0.14159.swf
[2010/11/09 21:04:29 | 000,262,226 | ---- | C] () -- C:\Users\Dave\Desktop\textLayout_1.0.0.595.swf
[2010/11/09 21:04:29 | 000,207,540 | ---- | C] () -- C:\Users\Dave\Desktop\rpc_4.0.0.14159.swf
[2010/11/09 21:04:29 | 000,150,731 | ---- | C] () -- C:\Users\Dave\Desktop\osmf_flex.4.0.0.13495.swf
[2010/11/09 21:04:29 | 000,004,283 | ---- | C] () -- C:\Users\Dave\Desktop\milinguachat.html
[2010/11/09 21:04:29 | 000,000,657 | ---- | C] () -- C:\Users\Dave\Desktop\playerProductInstall.swf
[2010/11/09 21:04:27 | 000,445,453 | ---- | C] () -- C:\Users\Dave\Desktop\milinguachat.swf
[2010/11/09 01:13:05 | 000,016,384 | ---- | C] () -- C:\Users\Dave\Desktop\reyes-critica.doc
[2010/11/09 00:46:13 | 000,011,017 | ---- | C] () -- C:\Users\Dave\Desktop\reyes-critica.odt
[2010/11/07 17:15:24 | 000,000,600 | ---- | C] () -- C:\Users\Dave\AppData\Local\PUTTY.RND
[2010/11/07 16:35:38 | 000,023,040 | ---- | C] () -- C:\Users\Dave\Desktop\NewestLiebermanabstract.doc
[2010/11/07 16:01:44 | 000,022,528 | ---- | C] () -- C:\Users\Dave\Desktop\NewestLieberman_abstract_Dave1.doc
[2010/11/07 15:36:05 | 000,022,528 | ---- | C] () -- C:\Users\Dave\Desktop\NewestLieberman_abstract.doc
[2010/11/07 00:59:56 | 000,001,040 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
[2010/11/06 23:40:53 | 608,360,672 | ---- | C] () -- C:\Users\Dave\Desktop\iPod4,1_4.1_8B117_Restore.ipsw
[2010/11/06 23:23:31 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/06 23:23:30 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/04 12:47:04 | 000,041,984 | ---- | C] () -- C:\Users\Dave\Desktop\presentation_final.doc
[2010/11/04 11:11:01 | 000,041,472 | ---- | C] () -- C:\Users\Dave\Desktop\presentation.2.doc
[2010/11/04 02:57:17 | 000,028,672 | ---- | C] () -- C:\Users\Dave\Desktop\presentation.1.doc
[2010/11/03 21:49:12 | 000,016,384 | ---- | C] () -- C:\Users\Dave\Desktop\presentation.doc
[2010/11/03 16:37:39 | 000,016,384 | ---- | C] () -- C:\Users\Dave\Documents\presentation.doc
[2010/11/01 00:56:27 | 000,039,862 | ---- | C] () -- C:\Users\Dave\Desktop\73850_449803025705_539575705_5914201_1276419_n.jpg
[2010/10/31 20:42:49 | 000,006,673 | ---- | C] () -- C:\Users\Dave\Desktop\73850_449803025705_539575705_5914201_1276419_s.jpg
[2010/10/31 20:42:34 | 000,007,106 | ---- | C] () -- C:\Users\Dave\Desktop\69805_448458130705_539575705_5887819_4936039_s.jpg
[2010/09/14 00:25:35 | 000,408,100 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistMSI5C22.txt
[2010/09/14 00:25:25 | 000,067,630 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistUI5C22.txt
[2010/07/14 20:08:31 | 000,000,050 | ---- | C] () -- C:\Windows\OSA.INI
[2010/07/06 20:15:41 | 000,004,945 | ---- | C] () -- C:\ProgramData\kmytnfun.aqy
[2010/05/24 12:59:04 | 000,000,132 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/05/24 10:36:12 | 000,001,456 | ---- | C] () -- C:\Users\Dave\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/04/25 16:23:07 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\mr310exv.dll
[2010/04/25 16:23:07 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\mr310exd.dll
[2010/04/25 16:23:07 | 000,015,164 | ---- | C] () -- C:\Windows\mr310twc.ini
[2010/04/24 00:42:07 | 000,005,511 | ---- | C] () -- C:\Windows\aiptbl.ini
[2010/04/20 16:23:50 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/04/20 16:21:42 | 000,000,045 | ---- | C] () -- C:\Users\Dave\AppData\Local\machpro.dat
[2010/04/07 01:50:49 | 000,000,087 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/07 00:49:21 | 000,010,212 | -HS- | C] () -- C:\ProgramData\86K35bLqF
[2010/03/21 20:34:24 | 000,000,120 | ---- | C] () -- C:\Users\Dave\AppData\Local\Bwexevixipabu.dat
[2010/03/21 20:34:24 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Local\Bcujukeqoda.bin
[2010/03/21 20:30:42 | 000,000,016 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\jasltw.dat
[2010/02/20 14:11:33 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\OCRSDK.dll
[2010/02/20 14:11:33 | 000,007,193 | ---- | C] () -- C:\Windows\SysWow64\OCRSDK.ini
[2010/02/12 20:47:30 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010/02/11 19:40:30 | 000,416,490 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistMSI3182.txt
[2010/02/11 19:40:22 | 000,251,542 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistUI3182.txt
[2010/01/04 15:45:28 | 000,000,400 | ---- | C] () -- C:\Windows\g_kenkpm399.ini
[2009/12/31 16:26:54 | 000,017,408 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/26 23:49:22 | 000,000,680 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat
[2009/12/16 18:27:26 | 000,003,632 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
[2009/11/14 14:35:29 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/11/10 20:44:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/19 02:16:33 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/08/19 02:16:33 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/11 23:01:42 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acapela Group
[2010/07/30 02:22:55 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\BitTorrent
[2010/04/03 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/28 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2010/04/07 02:38:18 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mikogo
[2009/11/10 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OpenOffice.org
[2009/11/10 19:02:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PictureMover
[2010/02/10 17:52:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PokerAcademyPro2
[2010/04/05 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\postgresql
[2010/05/23 18:54:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/03/07 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Template
[2010/01/16 16:33:46 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\UB
[2009/11/11 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WinBatch
[2010/11/01 21:31:24 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/11/17 23:12:46 | 000,028,354 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 20:49:43 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2008/01/20 20:49:43 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2010/04/03 13:23:09 | 000,000,021 | -H-- | M] () -- C:\.tolb3755.bin
[2010/11/18 18:46:26 | 000,008,105 | ---- | M] () -- C:\aaw7boot.log
[2008/01/20 20:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/08/19 02:36:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/11/18 18:46:26 | 177,680,383 | -HS- | M] () -- C:\pagefile.sys
[2010/04/02 17:03:30 | 000,000,021 | -H-- | M] () -- C:\qpmd8380.bin
[2010/11/18 13:27:32 | 000,056,712 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_18.11.2010_13.25.59_log.txt
[2009/08/19 02:49:37 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Dave\Dave2.avi:TOC.WMV
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C5F7BBCF

< End of report >
































Extras.txt:







OTL Extras logfile created on: 11/30/2010 3:47:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dave\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 20.00% Memory free
8.00 Gb Paging File | 3.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.64 Gb Total Space | 229.15 Gb Free Space | 50.62% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.79 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HOME-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004CA065-718E-45AA-B87D-9CE50AEB04AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{1171C7BC-8F33-4AC6-9BB1-6D42ABDF4CEF}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A5BEB63-3FFC-4EAF-B516-1692A464A738}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{32DCE721-C12B-4F82-B62E-7BD4CF8BF74C}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{5C21A7B3-6C73-466E-9B50-3DBEF748D18F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6330B6A5-BC05-4EA4-B959-A667B3506856}" = lport=445 | protocol=6 | dir=in | app=system |
"{63EB4AB3-11D1-40E4-A317-16112AF7750D}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C616F72-C0EB-4180-B36D-E1CF329132EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{81C43286-9FCC-4972-B4F0-EA57088FE9FE}" = lport=49801 | protocol=6 | dir=in | name=akamai netsession interface |
"{9E362226-3B08-4099-BDF2-79BF18E49D6D}" = rport=2178 | protocol=6 | dir=out | app=system |
"{9E4907D0-C926-4BDE-85E8-A46CB1C34F6F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B49203AF-0B04-4E1D-8538-F08A9048BAE7}" = lport=2178 | protocol=6 | dir=in | app=system |
"{BA8C018C-AFA1-463A-AF52-650E0E4D14D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{C76973FC-0B16-4842-AA5D-A7B64A3AE298}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{C7C7B09C-C099-456C-9636-A625402BBE5A}" = rport=445 | protocol=6 | dir=out | app=system |
"{F09E8C14-3A2F-4726-B8D7-8C762A2293B7}" = rport=137 | protocol=17 | dir=out | app=system |
"{F452D68E-FACE-4DFD-B66D-9ED3283E17A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7445F2D-CB29-400A-9202-A7345D9C49AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0137C286-4584-48E4-B758-6C15D4E5F780}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{047859AC-5F70-4F9A-A1FA-E89C60236282}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{07D120D6-97CB-4DD3-B54A-4C06444BE05B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{27D98D3A-45AC-4547-AD1F-9A8D5F3AB2CC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{37AE47D3-0E67-49AE-870C-09A7F8A209D8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49DAB76F-CC8C-40D5-8DBB-0FE13BB9A939}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{4FED3DFF-D331-4017-8B27-7BC889B52678}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{54A466A0-B42E-4CA6-AD5B-E8C835E674A6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{6D702B94-FF83-4DC4-8EC5-B6B413D70D97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7DB49A4B-F904-4FB0-A62A-E374534CAD2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{875D3759-38AE-4559-AB67-2ACB96DC0CFA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{8B8DE959-0965-4F79-8BBA-4CC114505D65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9FE8A54B-7368-4758-BCFB-DF4511971464}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A0E34C0B-4418-4A30-833B-6C9C35F1A687}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{A84625AE-2AF5-472E-91B7-021D4AA7415D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE80D822-24B6-4797-845D-F9D7DE4539AB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{AED83C5C-9A01-40FA-9D37-D466F2C6A79D}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{CADC666F-710D-4BA1-AE8F-B63A4C1332AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D1D87CB6-9044-4443-B803-46809EA23D2B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{E5CF5F5E-EFEC-4ACB-A148-C871713AE084}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{EDF51329-56B6-40A8-BD96-917B721D3D08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FF6CF9F3-5B95-4740-B886-635B22CB4D74}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java™ 6 Update 18 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java™ SE Development Kit 6 Update 18 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe ColdFusion 9" = Adobe ColdFusion 9
"Adobe ColdFusion 9 .NET Integration Services" = Adobe ColdFusion 9 .NET Integration Services
"Adobe ColdFusion 9 Solr Service" = Adobe ColdFusion 9 Solr Service
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086F3617-D5AC-4892-A1C0-FF4834E3C4C9}" = NextUp-Acapela Peter22 UK English Voice
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{177E1CA1-14CC-4398-AB15-A5746EFE8F22}" = Adobe Flash Builder 4
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4C6AAD92-9BA7-4F2E-BD79-D645B8A24964}" = NextUp-Acapela Salma22 Arabic Voice
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{71A51A91-E7D3-11DB-A386-005056C00008}" = MiniCam Pro
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85135177-3D68-45CB-89A1-519C51113D8C}" = AUM Language Resource
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{944E0AD7-61FA-436D-85B5-EF6F7D3BB24B}" = AUM Core
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A1DEA53-94B4-4780-8F95-F422949A5A35}" = CounterSpy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9EA080BC-DDC5-4D17-A60E-56E4E67E6B41}" = Adobe Setup
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C7FCB05A-6AC8-4434-BA1E-157FEA0EED5A}" = Flopzilla
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D27B7EA6-FF0E-4A74-B44C-594911D4A2F4}" = TableNinjaFT
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E65DB47B-A11A-4963-8642-AD8A44635B76}" = Adobe Anchor Service
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDDBB14A-4226-26BE-C385-C00FAE6A35BD}" = Davis's Drug Guide for Nurses, 12e
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_9002797fb59cafdc5cd19d059881017" = Adobe Anchor Service
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Akamai" = Akamai NetSession Interface
"AT&T Natural Voice Rosa_is1" = AT&T Natural Voices Rosa v. 1.4
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.example.dashboard.0B098AEF699B0982E5F3583FA58B39D3490BCE90.1" = Davis's Drug Guide for Nurses, 12e
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.4.1
"GameSpy Arcade" = GameSpy Arcade
"GMAT POWERPREP" = GMAT POWERPREP
"Google Chrome" = Google Chrome
"HoldemManager" = Holdem Manager
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PokerAcademyPro2" = Poker Academy Pro 2
"PokerTracker3" = PokerTracker 3 (remove only)
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"RiseOfNations Trial 1.0" = Microsoft Rise Of Nations Trial
"RmTablet" = USB Tablet Manager
"TextAloud3_is1" = TextAloud 3.0
"Uninstall Adobe ColdFusion Builder" = Adobe ColdFusion Builder
"VLC media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"UB" = UB
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 AM

Posted 03 December 2010 - 07:30 PM

Hello, gretschtastic.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.
Online Poker Warning
Your logs show that you have online poker programs installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps:

You can remove this via Add/Remove programs.













Step 1

please attach C:\TDSSKiller.2.4.8.0_18.11.2010_13.25.59_log.txt to your reply.






Step 2

Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 AM

Posted 09 December 2010 - 06:55 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 AM

Posted 12 December 2010 - 09:23 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users