Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Occasional redirect to dummy sites after a Google Search in Firefox


  • This topic is locked This topic is locked
12 replies to this topic

#1 methomas

methomas

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 08 December 2010 - 01:31 AM

I am having a strange problem where occasionally after a Google search the site I click on will redirect to a dummy search site. If I go back to my search results (back button) and reload the page, the link to the site I'm trying to get to will work. The problem does not seem to be very repeatable (many searches will work, then another redirect will occur). The redirect link does show up in the status bar of Firefox when I hover over a link that will be redirected. The link usually always begins with the URL like:
http://googleads.g.doubleclick.net/...

I ran GMER, but many of the selections that were supposed to be enabled were grayed out. Only "Services", "Registry", "Files", "C:\", and "ADS" were checked - all the others I could not enable. GMER reported:
---------------------------
GMER
---------------------------
GMER hasn't found any system modification.
---------------------------
OK
---------------------------

Thank you for any help!

Here is the DDS log:

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Matt at 22:27:35.56 on Tue 12/07/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.4962 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\Program Files (x86)\National Instruments\MAX\nimxs.exe
E:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
E:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\The Bat!\thebat.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\Pass\KeePass.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\D4\D4.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VMware\VMware Converter\vmware-ufad.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Windows\SysWOW64\nipxism.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Office\Office\1033\msohelp.exe
C:\Windows\splwow64.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matt\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [thebat_startup] C:\Program Files (x86)\The Bat!\thebat.exe
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [NIRegistrationWizard] E:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [Dimension4] "C:\Program Files (x86)\D4\D4.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Google Updater] "C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [NI Background Service] E:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KeePass.lnk - F:\Pass\KeePass.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: netflix.com
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} - hxxp://216.167.159.236:60002/admin/TSBnwCam.CAB
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://216.167.159.236:60000/admin/TSBnwCam.CAB
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\
FF - prefs.js: browser.startup.homepage - hxxp://antwrp.gsfc.nasa.gov/apod/astropix.html
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {06996C17-E445-47FC-B956-75740FB76464} - C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions\LogMeInClient@logmein.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: XULRunner: {06996C17-E445-47FC-B956-75740FB76464} - C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}

============= SERVICES / DRIVERS ===============

R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2010-3-24 16984]
R0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2010-6-21 82568]
R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2010-6-21 54424]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-29 233488]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-29 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-7-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2008-9-23 72216]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-6-23 131776]
R2 nimDNSResponder;National Instruments mDNS Responder Service;E:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-7-30 194224]
R2 nipxirmk;nipxirmk;C:\Windows\System32\drivers\nipxirmkl.sys [2010-6-14 11928]
R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\System32\drivers\NiViPxiKl.sys [2010-6-23 11944]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-11-29 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-11-29 1142224]
R2 ufad-p2v;VMware Converter Service;C:\Program Files (x86)\VMware\VMware Converter\vmware-ufad.exe [2007-11-1 176128]
R2 vmci;VMware vmci;C:\Windows\System32\drivers\vmci.sys [2009-1-1 64560]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;C:\Program Files (x86)\VMware\VMware Converter\vstor2-p2v30.sys [2007-11-1 26160]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-4-27 57856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NiViPciK;NI-VISA PCI Driver;C:\Windows\System32\drivers\NiViPciKl.sys [2010-6-23 11944]
R3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2007-2-13 15360]
S1 ShldDrv;Panda File Shield Driver;C:\Windows\System32\drivers\ShlDrv51.sys [2007-5-12 31104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c98ecf63f0cdf0;Google Update Service (gupdate1c98ecf63f0cdf0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-14 133104]
S2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2010-11-5 3977072]
S2 PavProc;Panda Process Protection Driver;C:\Windows\System32\drivers\PavProc.sys [2007-5-12 170800]
S3 %S_ServiceName%;%S_ServiceName%;C:\Windows\System32\drivers\sbigu64.sys [2009-1-13 48128]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;C:\Windows\System32\drivers\ftdibus.sys [2009-2-17 69192]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-21 27648]
S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\System32\drivers\ni1006k.sys [2010-6-21 30800]
S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\System32\drivers\ni1045kl.sys [2010-6-21 11856]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\System32\drivers\ni1065k.sys [2010-6-21 26704]
S3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2010-6-11 11944]
S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2010-6-2 12992]
S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2010-6-2 12992]
S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\System32\drivers\nipxigpk.sys [2010-6-14 22680]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-3-21 19968]
S3 sbigu64;sbigu64;C:\Windows\System32\drivers\sbigu64.sys [2009-1-13 48128]
S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;C:\Windows\System32\drivers\9kdUSB64.sys [2007-7-3 30720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 Usbtmc;ausbtmc;C:\Windows\System32\drivers\ausbtmc.sys [2010-7-28 22528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-27 89920]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]
S4 PavPrSrv;Panda Process Protection Service;"C:\Program Files (x86)\Common Files\Panda Software\PavShld\pavprsrv.exe" --> C:\Program Files (x86)\Common Files\Panda Software\PavShld\pavprsrv.exe [?]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-06 19:33:48 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{C9D3CBE5-5B0C-467C-8893-24021395BAD5}\mpengine.dll
2010-12-05 19:29:25 -------- d-----w- C:\Users\Matt\AppData\Local\National Instruments
2010-12-05 19:12:13 -------- d-----w- C:\Windows\SysWow64\Common Files
2010-12-05 19:10:40 -------- d-----w- C:\Windows\System32\cvirte
2010-12-05 19:10:40 -------- d-----w- C:\Program Files\National Instruments
2010-12-05 19:10:31 -------- d-----w- C:\Windows\SysWow64\cvirte
2010-12-05 19:10:20 -------- d-----w- C:\Program Files\IVI Foundation
2010-12-05 19:10:20 -------- d-----w- C:\Program Files (x86)\IVI Foundation
2010-12-05 19:10:20 -------- d-----w- C:\PROGRA~3\IVI Foundation
2010-12-05 19:07:22 -------- d-----w- C:\PROGRA~3\National Instruments
2010-11-30 05:30:50 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2010-11-30 05:30:50 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-11-30 05:30:45 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2010-11-30 05:30:38 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2010-11-30 05:30:06 -------- d-----w- C:\Users\Matt\AppData\Roaming\PC Tools
2010-11-30 05:30:06 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2010-11-30 05:30:06 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-11-30 05:30:06 -------- d-----w- C:\PROGRA~3\PC Tools
2010-11-30 05:23:01 388096 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-30 05:23:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-27 20:21:54 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2010-11-27 20:21:52 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-27 20:21:52 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-27 20:21:52 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-27 20:21:52 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-27 20:21:52 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-27 20:21:52 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-27 20:21:52 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-27 20:21:47 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2010-11-27 07:41:52 0 ----a-w- C:\Users\Matt\AppData\Local\Itakomobun.bin
2010-11-27 07:41:51 -------- d-----w- C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}
2010-11-27 07:40:08 177 ----a-w- C:\Users\Matt\AppData\Roaming\sdhkryu.bat
2010-11-26 17:57:22 -------- d-----w- C:\Program Files (x86)\Oregon Scientific
2010-11-25 03:58:11 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-25 03:58:11 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-17 19:58:11 -------- d-----w- C:\Program Files (x86)\Common FilesffdshowEx
2010-11-14 14:41:18 -------- d-----w- C:\Program Files\iPod
2010-11-14 14:41:17 -------- d-----w- C:\Program Files\iTunes
2010-11-10 06:41:25 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 06:41:25 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

==================== Find3M ====================

2010-11-14 16:27:47 64000 ----a-w- C:\Windows\SysWow64\RICHTX32.oca
2010-11-14 16:27:47 43008 ----a-w- C:\Windows\SysWow64\tabctl32.oca
2010-11-14 16:27:47 35840 ----a-w- C:\Windows\SysWow64\comdlg32.oca
2010-11-14 16:27:47 265728 ----a-w- C:\Windows\SysWow64\mscomctl.oca
2010-11-14 16:27:47 25600 ----a-w- C:\Windows\SysWow64\mscomm32.oca
2010-11-14 16:27:47 166400 ----a-w- C:\Windows\SysWow64\mschrt20.oca
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-29 14:48:23 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-09-29 14:48:22 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-09-29 14:48:22 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-06-24 19:17:22 120168 ----a-w- C:\Program Files (x86)\IRASApp.dll

============= FINISH: 22:28:09.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:29 AM

Posted 15 December 2010 - 09:55 AM

Hi methomas, and welcome to Bleeping Computer.

Your log reveals a malicious Add-on for Firefox installed...

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 methomas

methomas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 15 December 2010 - 10:33 AM

Thank you for the reply! I've run OTL and here are the logs:

OTL.Txt:
OTL logfile created on: 12/15/2010 7:16:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matt\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 69.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): e:\pagefile.sys 0 0f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.25 Gb Total Space | 13.59 Gb Free Space | 19.63% Space Free | Partition Type: NTFS
Drive D: | 69.25 Gb Total Space | 55.71 Gb Free Space | 80.44% Space Free | Partition Type: NTFS
Drive E: | 69.25 Gb Total Space | 27.75 Gb Free Space | 40.08% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 283.69 Gb Free Space | 60.91% Space Free | Partition Type: NTFS
Drive H: | 99.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 279.48 Gb Total Space | 7.89 Gb Free Space | 2.82% Space Free | Partition Type: NTFS
Drive L: | 55.67 Gb Total Space | 19.41 Gb Free Space | 34.86% Space Free | Partition Type: FAT32
Drive N: | 965.59 Mb Total Space | 965.58 Mb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: DESKTOP64 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/15 07:15:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2010/12/13 18:55:49 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/12/13 18:15:54 | 000,049,152 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\PlayOn.exe
PRC - [2010/12/13 18:15:53 | 003,981,168 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2010/11/29 18:26:10 | 000,077,656 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Quicken\bagent.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/16 12:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/30 15:28:08 | 000,194,224 | ---- | M] (National Instruments Corporation) -- E:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2010/06/23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2010/06/22 17:03:52 | 000,047,768 | ---- | M] (National Instruments Corporation) -- E:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2010/06/18 21:58:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- E:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2010/06/15 06:25:08 | 004,398,016 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/06/14 13:39:48 | 000,018,584 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipxism.exe
PRC - [2010/03/10 10:17:10 | 000,358,448 | ---- | M] (National Instruments Corporation) -- E:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2010/03/10 10:17:04 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2010/03/10 10:17:02 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010/01/11 14:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2009/06/16 06:20:23 | 000,769,024 | ---- | M] (Dominik Reichl) -- F:\Pass\KeePass.exe
PRC - [2008/12/08 06:40:00 | 000,115,992 | ---- | M] (EMC Corporation) -- C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe
PRC - [2008/10/28 23:08:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2008/10/28 23:07:58 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008/10/28 23:07:56 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/10/28 23:07:20 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2007/11/01 16:20:30 | 000,176,128 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Converter\vmware-ufad.exe
PRC - [2006/12/18 05:34:44 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2006/12/05 16:30:06 | 000,450,560 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/05/16 09:58:18 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/02/04 00:26:42 | 000,200,704 | ---- | M] (Thinking Man Software) -- C:\Program Files (x86)\D4\D4.exe


========== Modules (SafeList) ==========

MOD - [2010/12/15 07:15:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/02/04 10:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - [2008/01/19 00:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 00:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 08:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2005/09/23 02:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2010/12/13 18:55:49 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/12/13 18:15:53 | 003,981,168 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/29 06:48:35 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/23 15:45:06 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/07/30 15:28:08 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2010/06/23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2010/06/22 17:03:52 | 000,047,768 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2010/06/18 21:58:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2010/06/14 13:39:48 | 000,018,584 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipxism.exe -- (nipxirmu)
SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/10 10:17:10 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2010/03/10 10:17:04 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2010/03/10 10:17:02 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/29 12:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2009/04/10 22:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 06:40:00 | 000,128,280 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Retrospect\Retrospect 7.6\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2008/12/08 06:40:00 | 000,115,992 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe -- (RetroLauncher)
SRV - [2008/10/28 23:08:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/10/28 23:07:56 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/10/28 23:07:20 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2008/10/02 18:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/07/24 17:46:08 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2007/11/01 16:20:30 | 000,176,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Converter\vmware-ufad.exe -- (ufad-p2v)
SRV - [2003/10/13 15:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\sbigudrv.sys -- (sbigudrv)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\maximio.sys -- (MaxImIO)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\apogeeio.sys -- (ApogeeIO)
DRV:64bit: - [2010/12/13 18:55:48 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/09/29 06:48:23 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/07/28 13:41:24 | 000,022,528 | ---- | M] (IVI Foundation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ausbtmc.sys -- (Usbtmc)
DRV:64bit: - [2010/06/23 10:05:30 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2010/06/23 10:04:04 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2010/06/21 15:31:30 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2010/06/21 15:31:26 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2010/06/21 15:31:18 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2010/06/21 15:31:10 | 000,054,424 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipxibrc.sys -- (nipxibrc)
DRV:64bit: - [2010/06/21 15:31:04 | 000,082,568 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipxibaf.sys -- (nipxibaf)
DRV:64bit: - [2010/06/18 12:22:10 | 000,011,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2010/06/14 14:30:30 | 000,022,680 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2010/06/14 13:57:42 | 000,011,928 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2010/06/11 14:32:32 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2010/06/11 14:16:58 | 000,011,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1)
DRV:64bit: - [2010/06/09 12:41:13 | 000,123,840 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/06/02 18:46:32 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2010/06/02 18:46:12 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2010/06/02 18:44:50 | 000,892,056 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2010/04/29 12:40:54 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/03/24 12:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2010/01/01 09:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/30 16:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/21 02:27:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2009/08/21 02:27:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2009/08/21 02:27:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/06/14 15:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2009/04/27 00:55:54 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009/02/17 11:18:48 | 000,069,192 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/02/17 11:18:48 | 000,069,192 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (AlteraUSBBlaster)
DRV:64bit: - [2009/02/17 11:17:16 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/01/13 08:11:50 | 000,048,128 | ---- | M] (Santa Barbara Instrument Group (SBIG)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sbigu64.sys -- (sbigu64)
DRV:64bit: - [2009/01/13 08:11:50 | 000,048,128 | ---- | M] (Santa Barbara Instrument Group (SBIG)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sbigu64.sys -- (%S_ServiceName%)
DRV:64bit: - [2008/10/28 23:09:22 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2008/10/28 23:09:18 | 000,064,560 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2008/10/28 23:09:18 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2008/10/28 23:09:16 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2008/10/28 23:09:08 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2008/10/28 23:09:04 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2008/10/28 17:03:28 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2008/10/28 17:03:26 | 000,038,960 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2008/10/28 17:03:26 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2008/07/24 17:46:08 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/07/24 17:45:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/01/18 23:09:56 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/07/31 18:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2007/07/03 11:20:14 | 000,030,720 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\9kdUSB64.sys -- (SNL320XP)
DRV:64bit: - [2007/03/12 07:27:50 | 000,031,104 | ---- | M] (Panda Software International) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\ShlDrv51.sys -- (ShldDrv)
DRV:64bit: - [2007/02/19 04:21:50 | 000,170,800 | ---- | M] (Panda Software International) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PavProc.sys -- (PavProc)
DRV:64bit: - [2007/01/17 13:32:00 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Spyder2.sys -- (Spyder2)
DRV:64bit: - [2007/01/15 19:36:20 | 000,411,648 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2006/10/31 07:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 13:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/06/09 12:41:13 | 000,123,840 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/01/13 08:11:48 | 000,048,128 | ---- | M] (Santa Barbara Instrument Group (SBIG)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sbigu64.sys -- (sbigu64)
DRV - [2009/01/13 08:11:48 | 000,048,128 | ---- | M] (Santa Barbara Instrument Group (SBIG)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sbigu64.sys -- (%S_ServiceName%)
DRV - [2008/10/02 18:24:54 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/07/24 17:46:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2007/11/01 16:18:36 | 000,026,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Converter\vstor2-p2v30.sys -- (vstor2-p2v30)
DRV - [2007/06/22 17:01:16 | 000,007,610 | R--- | M] (Diffraction Limited) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\maximio.sys -- (MaxImIO)
DRV - [2002/08/23 12:29:40 | 000,012,800 | ---- | M] (Santa Barbara Instrument Group) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\sbigudrv.sys -- (sbigudrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msdn.microsoft.com/en-us/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://antwrp.gsfc.nasa.gov/apod/astropix.html"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {06996C17-E445-47FC-B956-75740FB76464}:1.9.1
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{06996C17-E445-47FC-B956-75740FB76464}: C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464} [2010/11/26 23:41:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 15:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/11 15:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/12/13 18:24:18 | 000,000,000 | ---D | M]

[2008/06/19 10:45:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2010/12/14 21:26:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions
[2010/07/02 12:19:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/16 07:57:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\k32cn3zi.default\extensions\LogMeInClient@logmein.com
[2010/12/14 21:26:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/13 18:24:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/12/13 18:24:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/05/25 12:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmozax.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2010/02/20 11:13:41 | 000,000,763 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dimension4] C:\Program Files (x86)\D4\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Updater] C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [NI Background Service] E:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe (National Instruments)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [NIRegistrationWizard] E:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKCU..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
O4 - HKCU..\Run: [thebat_startup] C:\Program Files (x86)\The Bat!\thebat.exe (Ritlabs S.R.L.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KeePass.lnk = F:\Pass\KeePass.exe (Dominik Reichl)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
O8:64bit: - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab (IEAnimBehaviorFactory Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} http://216.167.159.236:60002/admin/TSBnwCam.CAB (TSBnwCam Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} http://216.167.159.236:60000/admin/TSBnwCam.CAB (TSBnwCam Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/23 11:26:42 | 000,000,033 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/09/01 12:50:14 | 000,000,283 | R--- | M] () - H:\autorun.ini -- [ CDFS ]
O33 - MountPoints2\{1b0cbb48-ffd7-11db-826e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1b0cbb48-ffd7-11db-826e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Bin\Assetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/15 07:15:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/12/14 17:36:17 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/14 17:36:17 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/14 17:36:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/14 17:36:17 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/12/14 17:36:17 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/14 17:36:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/12/14 17:36:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/14 17:36:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/14 17:36:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/14 17:36:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/14 17:36:16 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/12/14 17:36:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/12/14 17:36:16 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/14 17:36:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/14 17:36:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/12/14 17:36:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/14 17:36:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/14 17:36:16 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/12/14 17:36:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/12/14 17:36:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/12/14 17:36:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/12/14 17:36:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/12/14 17:36:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/12/14 17:36:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/12/14 17:36:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/12/14 17:36:16 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/14 17:36:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/12/14 17:36:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/14 17:36:03 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/14 17:36:03 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/14 17:36:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/12/14 17:36:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/12/14 17:36:03 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/14 17:36:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/14 17:36:01 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/14 17:32:06 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/14 17:32:06 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/14 17:32:06 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/14 17:32:06 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/14 17:32:06 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/14 17:32:06 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/13 18:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/12/13 18:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/12/13 18:23:58 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/12/13 18:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/12/13 17:53:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Sierra's Homework
[2010/12/07 22:11:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\gmer
[2010/12/05 11:29:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\National Instruments
[2010/12/05 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\National Instruments
[2010/12/05 11:12:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Common Files
[2010/12/05 11:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio .NET 2003
[2010/12/05 11:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2010/12/05 11:10:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cvirte
[2010/12/05 11:10:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cvirte
[2010/12/05 11:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IVI Foundation
[2010/12/05 11:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\IVI Foundation
[2010/12/05 11:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVI Foundation
[2010/12/05 11:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments
[2010/11/29 21:30:50 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/11/29 21:30:50 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/11/29 21:30:45 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/11/29 21:30:38 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/11/29 21:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/11/29 21:30:06 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\PC Tools
[2010/11/29 21:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/29 21:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/11/29 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/11/29 21:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/11/29 21:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/11/27 12:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2010/11/27 12:21:47 | 004,199,768 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2010/11/26 23:41:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}
[2010/11/26 09:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oregon Scientific
[2010/11/17 11:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common FilesffdshowEx
[2010/06/24 11:17:22 | 000,120,168 | ---- | C] (Software Bisque, Inc.) -- C:\Program Files (x86)\IRASApp.dll

========== Files - Modified Within 30 Days ==========

[2010/12/15 07:15:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/12/15 07:02:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/15 05:43:06 | 000,003,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/15 05:43:06 | 000,003,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 19:50:20 | 000,913,832 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/14 19:50:20 | 000,752,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/14 19:50:20 | 000,160,526 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/14 19:48:10 | 000,178,990 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/14 19:48:02 | 000,178,990 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/14 19:47:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/14 19:47:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/12/14 19:43:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/14 19:42:58 | 000,266,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/14 16:09:59 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Matt.job
[2010/12/14 07:12:08 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/12/13 18:55:48 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/12/13 18:55:31 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/12/13 18:55:31 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/12/13 18:03:43 | 000,013,824 | ---- | M] () -- C:\Users\Matt\Documents\Funeral.xls
[2010/12/09 21:20:33 | 000,234,547 | ---- | M] () -- C:\Users\Matt\Desktop\Educational Toys, Specialty....pdf
[2010/12/07 22:11:01 | 000,288,107 | ---- | M] () -- C:\Users\Matt\Desktop\gmer.zip
[2010/12/07 22:06:24 | 000,624,128 | ---- | M] () -- C:\Users\Matt\Desktop\dds.scr
[2010/12/07 22:05:52 | 000,000,000 | ---- | M] () -- C:\Users\Matt\defogger_reenable
[2010/12/05 11:16:21 | 000,005,807 | ---- | M] () -- C:\Windows\SysWow64\niorbmap
[2010/12/05 11:15:18 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2010/11/29 21:25:10 | 000,002,557 | ---- | M] () -- C:\Users\Matt\Desktop\HiJackThis.lnk
[2010/11/28 20:14:16 | 000,000,120 | ---- | M] () -- C:\Users\Matt\AppData\Local\Egexunosesoxik.dat
[2010/11/28 20:14:16 | 000,000,000 | ---- | M] () -- C:\Users\Matt\AppData\Local\Itakomobun.bin
[2010/11/27 12:21:47 | 000,001,648 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Home & Business 2011.lnk
[2010/11/27 12:21:43 | 000,000,171 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/11/26 23:40:08 | 000,000,177 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\sdhkryu.bat
[2010/11/26 09:57:23 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\SmartGlobe™ Deluxe Edition.lnk
[2010/11/18 07:05:53 | 000,000,075 | ---- | M] () -- C:\Users\Matt\Desktop\MaxImTest.vbs

========== Files Created - No Company Name ==========

[2010/12/13 18:24:48 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/12/13 18:24:48 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/12/09 21:20:31 | 000,234,547 | ---- | C] () -- C:\Users\Matt\Desktop\Educational Toys, Specialty....pdf
[2010/12/07 22:11:00 | 000,288,107 | ---- | C] () -- C:\Users\Matt\Desktop\gmer.zip
[2010/12/07 22:06:18 | 000,624,128 | ---- | C] () -- C:\Users\Matt\Desktop\dds.scr
[2010/12/07 22:05:52 | 000,000,000 | ---- | C] () -- C:\Users\Matt\defogger_reenable
[2010/12/05 19:51:16 | 000,013,824 | ---- | C] () -- C:\Users\Matt\Documents\Funeral.xls
[2010/12/05 11:15:18 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2010/12/05 11:14:04 | 000,005,807 | ---- | C] () -- C:\Windows\SysWow64\niorbmap
[2010/11/29 21:30:50 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/11/29 21:30:45 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/11/29 21:30:38 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/11/29 21:30:09 | 000,431,692 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_vcredistMSI3213.txt
[2010/11/29 21:30:09 | 000,012,758 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_vcredistUI3213.txt
[2010/11/29 21:30:09 | 000,011,850 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_vcredistUI3214.txt
[2010/11/29 21:23:01 | 000,002,557 | ---- | C] () -- C:\Users\Matt\Desktop\HiJackThis.lnk
[2010/11/29 21:21:06 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/27 12:21:47 | 000,001,648 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Home & Business 2011.lnk
[2010/11/26 23:41:52 | 000,000,120 | ---- | C] () -- C:\Users\Matt\AppData\Local\Egexunosesoxik.dat
[2010/11/26 23:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\Itakomobun.bin
[2010/11/26 23:40:08 | 000,000,177 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\sdhkryu.bat
[2010/11/26 09:57:23 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\SmartGlobe™ Deluxe Edition.lnk
[2010/11/18 07:04:33 | 000,000,075 | ---- | C] () -- C:\Users\Matt\Desktop\MaxImTest.vbs
[2010/10/16 13:37:19 | 000,006,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\GPIB900A.sys
[2010/10/16 13:37:19 | 000,005,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\GPIO650A.sys
[2010/10/16 13:37:19 | 000,005,556 | ---- | C] () -- C:\Windows\SysWow64\drivers\GPIO600A.sys
[2010/09/12 19:44:08 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/06/10 14:46:20 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2010/05/04 20:53:12 | 000,000,046 | ---- | C] () -- C:\Windows\SBIGMO~1.INI
[2010/02/16 16:46:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010/02/16 16:46:34 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/08/30 16:18:40 | 000,178,990 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/26 06:56:42 | 000,178,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/29 06:24:11 | 000,229,960 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_ATL90SP1_KB973924MSI0BC4.txt
[2009/07/29 06:24:10 | 000,012,592 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_ATL90SP1_KB973924UI0BC4.txt
[2009/05/27 06:33:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/27 06:33:02 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/06 13:00:36 | 000,585,296 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_vbpowerpacksMSI17FC.txt
[2009/05/06 13:00:34 | 000,016,238 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_vbpowerpacksUI17FC.txt
[2008/12/24 18:57:40 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/10/16 19:31:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/09 07:06:23 | 000,282,020 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_WinSDK_RefInt_x64_MSI02E3.txt
[2008/06/09 07:06:12 | 000,548,136 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI02BF.txt
[2008/06/09 07:06:01 | 000,438,550 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI029B.txt
[2008/06/09 07:05:25 | 005,357,698 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_WinSDK_Build_x64_MSI0225.txt
[2008/06/09 07:05:09 | 000,652,492 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_WinSDK_Tools_x64_MSI01F1.txt
[2008/06/09 07:04:57 | 001,240,526 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_RDBG_AMD64_MSI01CA.txt
[2008/06/09 06:46:20 | 052,516,852 | ---- | C] () -- C:\Users\Matt\AppData\Local\VSMsiLog738A.txt
[2008/06/09 06:46:15 | 000,828,628 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_VC_MinRed_MSI737A.txt
[2008/06/09 06:44:31 | 000,185,787 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2008/06/09 06:44:09 | 000,427,030 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_install_vs_procore_90.txt
[2008/06/09 06:44:09 | 000,004,758 | ---- | C] () -- C:\Users\Matt\AppData\Local\uxeventlog.txt
[2008/06/09 06:44:09 | 000,000,002 | ---- | C] () -- C:\Users\Matt\AppData\Local\dd_error_vs_procore_90.txt
[2008/04/15 20:55:02 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008/04/02 14:48:25 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\gmsblist.dll
[2008/03/21 16:10:48 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/03/01 08:34:10 | 000,147,968 | ---- | C] () -- C:\Windows\SysWow64\DeBayerTransform.dll
[2007/11/28 18:05:01 | 000,009,270 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\ex_log.txt
[2007/10/13 18:52:35 | 000,006,989 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2007/10/13 18:52:33 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2007/10/13 18:52:33 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2007/10/13 18:52:33 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2007/10/13 18:52:33 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2007/10/13 18:52:33 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
[2007/10/13 18:52:33 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2007/10/13 18:52:33 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2007/10/13 18:52:33 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2007/10/13 18:52:33 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2007/10/13 18:52:33 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2007/10/13 18:52:33 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2007/10/13 18:52:33 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2007/10/13 18:52:33 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2007/10/13 18:52:33 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2007/10/13 18:52:33 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2007/10/13 18:52:33 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2007/09/19 14:07:46 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2007/08/29 15:08:43 | 000,000,732 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps64.dat
[2007/05/22 19:25:36 | 000,000,000 | ---- | C] () -- C:\Windows\SPYXX.INI
[2007/05/15 10:32:57 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007/05/15 10:32:17 | 000,000,234 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2007/05/15 10:32:17 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2007/05/15 10:31:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2007/05/15 10:31:26 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2007/05/15 10:31:26 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2007/05/15 10:31:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2007/05/12 19:50:56 | 000,918,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007/05/12 13:39:50 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL
[2007/05/12 13:39:49 | 000,339,456 | ---- | C] () -- C:\Windows\SysWow64\ACCUGNT5.DLL
[2007/05/12 13:10:03 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/05/12 09:32:56 | 000,011,264 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/12 09:10:09 | 000,001,308 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/12 09:10:09 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/05/11 08:27:37 | 000,012,505 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007/05/11 08:27:30 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2000/04/01 23:00:00 | 000,060,367 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/01/01 11:03:43 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/30 08:16:55 | 000,000,970 | ---- | M] () -- C:\LoadLogTextFormat.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:B7B0C1E564528415
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extras.txt:
OTL Extras logfile created on: 12/15/2010 7:16:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matt\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 69.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): e:\pagefile.sys 0 0f:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.25 Gb Total Space | 13.59 Gb Free Space | 19.63% Space Free | Partition Type: NTFS
Drive D: | 69.25 Gb Total Space | 55.71 Gb Free Space | 80.44% Space Free | Partition Type: NTFS
Drive E: | 69.25 Gb Total Space | 27.75 Gb Free Space | 40.08% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 283.69 Gb Free Space | 60.91% Space Free | Partition Type: NTFS
Drive H: | 99.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 279.48 Gb Total Space | 7.89 Gb Free Space | 2.82% Space Free | Partition Type: NTFS
Drive L: | 55.67 Gb Total Space | 19.41 Gb Free Space | 34.86% Space Free | Partition Type: FAT32
Drive N: | 965.59 Mb Total Space | 965.58 Mb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: DESKTOP64 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 07 BE A2 1D BE 8B C8 01 [binary data]
"VistaSp2" = 25 96 F6 CA 29 DF C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3537239275-3913680810-1344207696-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2249BCD1-F335-4C8A-BB85-406DFF5C5313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13798C3A-81FE-4167-B898-19A953E31720}" = protocol=6 | dir=in | app=c:\program files (x86)\retrospect\retrospect 7.6\retrospect.exe |
"{202CE353-8C29-45E9-A0A2-3F7B21018D72}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2006\32bit\updatemgr.exe |
"{24DE411F-6EB3-4C9E-8B36-9BF3A989D3E8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{304EB4C7-09C2-498D-8F65-D45AAE70F706}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\home & business 2007\32bit\ttax.exe |
"{3508822F-6144-49B2-98E4-5BCBCD811CBE}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{4DF769A6-0A67-4FB7-94D7-5E6DA3F12490}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\temp\7zsd223.tmp\symnrt.exe |
"{5528FBE2-371D-4894-A28B-AFAC0B686ECB}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{60E5055F-E5ED-4EFF-9096-4C74E0AE78D4}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2006\32bit\ttax.exe |
"{688D1850-8392-441F-A1E6-4B2215A79FC5}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\temp\7zsd223.tmp\symnrt.exe |
"{6F89098F-E826-4E39-8A65-CDDCF31446A8}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\home & business 2007\32bit\ttax.exe |
"{74C8D737-B971-4199-8843-B0DBAD0F9295}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{79A9BF35-60E6-4F97-B788-F7358619A5D1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{917EA321-85C4-42B0-A00E-B97CCB1C9B08}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\home & business 2007\32bit\updatemgr.exe |
"{98939EB4-8B5C-4A87-908C-EAE03008C6FB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9DF232F8-0A44-4784-9A02-D7635EEDFC89}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C04C34A5-F0DD-4B55-BCF8-7D3B54BF39C0}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{C1109B89-A9C5-4213-8068-EBBDD8D5CAB2}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2006\32bit\updatemgr.exe |
"{C424CBA7-94B2-4A5C-A45B-AD359E750E12}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2006\32bit\ttax.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=e:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{DC9F8EF0-BD73-4E2D-927D-2F0FCB43290D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{E42E6D05-5F34-4DBF-AC63-C01C88ADEA05}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=e:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{EBF9FFA4-5B80-4B75-A6F5-97C8754CB546}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{ED9ACB37-6014-4B8B-AE4C-6077C7D3DF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{EF2320A8-21F0-49F2-BE45-2E01CDD32C63}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\home & business 2007\32bit\updatemgr.exe |
"{F5FCEFBA-7762-45B7-B1B2-D264D57C3706}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FF7BA407-8386-485C-B60D-F506300CECA6}" = protocol=17 | dir=in | app=c:\program files (x86)\retrospect\retrospect 7.6\retrospect.exe |
"TCP Query User{2A8CD480-288F-4F20-9F9B-169A72A99841}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe |
"TCP Query User{2FEA8A6A-E5BF-4D6D-AB04-F1B749F5DBC4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45910379-1B68-4528-B02F-98D8866EB7BD}E:\program files (x86)\national instruments\shared\registrationwizard\bin\registrationwizard.exe" = protocol=6 | dir=in | app=e:\program files (x86)\national instruments\shared\registrationwizard\bin\registrationwizard.exe |
"TCP Query User{5258F8E6-391A-4D39-9CB7-FBCD13B4AB15}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{564ABD7A-9319-4C87-8600-ED0E7C07B839}E:\program files (x86)\national instruments\max\nimax.exe" = protocol=6 | dir=in | app=e:\program files (x86)\national instruments\max\nimax.exe |
"TCP Query User{646275AA-DEC5-405E-A845-229D1F918041}C:\altera\70\quartus\bin\jtagserver.exe" = protocol=6 | dir=in | app=c:\altera\70\quartus\bin\jtagserver.exe |
"TCP Query User{7521B405-D7DE-4B10-A01B-C80272BB0FA8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{882EC072-CF00-4CFA-8C0F-2643FB910C97}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{97C27AED-3B5D-4508-ABCB-6833CBB70651}C:\program files (x86)\mediamall\settingsmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe |
"TCP Query User{9C50613F-526C-4DB2-A1FA-659731C8B2DB}C:\program files (x86)\outlook messenger\outlookmessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\outlook messenger\outlookmessenger.exe |
"TCP Query User{B9471F10-4F11-4144-8306-A4C9E579F0E4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{C9748C51-5120-4D3D-8BE3-90FDECDEF2ED}C:\kav\kis\setup.exe" = protocol=6 | dir=in | app=c:\kav\kis\setup.exe |
"TCP Query User{DB28D1DE-D4C0-4313-AE12-4F52A98BDC44}C:\program files (x86)\d4\d4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\d4\d4.exe |
"TCP Query User{F110126D-1F0B-4B7A-8D68-C8019EF13114}C:\program files (x86)\d4\d4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\d4\d4.exe |
"UDP Query User{1525ECAA-3BA2-4FE3-B746-924A5F542CF0}C:\program files (x86)\mediamall\settingsmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe |
"UDP Query User{21479461-33C4-4614-97BF-882E058BC6F8}C:\altera\70\quartus\bin\jtagserver.exe" = protocol=17 | dir=in | app=c:\altera\70\quartus\bin\jtagserver.exe |
"UDP Query User{4CCB441F-1FC4-47E0-8A77-D1E2A232DEE9}C:\program files (x86)\d4\d4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\d4\d4.exe |
"UDP Query User{6025CE91-4AE3-42E7-AC2D-D6356D4D0EE7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{67590B2B-D1EF-4F0A-A9E9-2FEEB8E3B990}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{8B5692CE-2F84-426D-BD50-76A656AD3DD5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{8DF71393-8199-46AA-8F11-51CF4E8414B2}C:\program files (x86)\outlook messenger\outlookmessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\outlook messenger\outlookmessenger.exe |
"UDP Query User{9A8728E8-2C2D-4E31-8FC8-1A12D89297ED}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{AFD04EF2-4C64-4CB5-A6AE-4B177225064F}C:\kav\kis\setup.exe" = protocol=17 | dir=in | app=c:\kav\kis\setup.exe |
"UDP Query User{BF3492B1-C361-457B-9D30-34067CD16079}C:\program files (x86)\d4\d4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\d4\d4.exe |
"UDP Query User{BF567DF4-8C95-43A0-A11E-EE5AFC013E1C}E:\program files (x86)\national instruments\shared\registrationwizard\bin\registrationwizard.exe" = protocol=17 | dir=in | app=e:\program files (x86)\national instruments\shared\registrationwizard\bin\registrationwizard.exe |
"UDP Query User{D050AF8D-8CFB-4F46-9D5F-1B0D36E26114}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe |
"UDP Query User{D52733B3-DCFC-43B1-9B9F-022B1D7BD1F7}E:\program files (x86)\national instruments\max\nimax.exe" = protocol=17 | dir=in | app=e:\program files (x86)\national instruments\max\nimax.exe |
"UDP Query User{EACCF399-94CF-400C-9609-F67FB375FE4C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{032A9FD2-114E-4DB7-9CE3-4179D40B71C3}" = NI PXI Platform Framework 1.3.0 64-bit
"{05FAF2C4-075D-4C25-A6E7-C69DCCB4A4E3}" = NI Spy Windows 64 Support 2.7.2
"{0B7AFE8D-1265-4025-AD23-3624CEAD4F3C}" = NI Xalan Delay Load 1.10.1 64-bit
"{0DFAFEAE-B42B-493B-8B9E-AA6E147C70C0}" = NI PXI SystemAPI Expert 64-bit 2.5.6
"{1C4F2A17-1B60-4575-8CB1-1555CF0D5206}" = NI-RPC 4.2.0f0 for 64 Bit Windows
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{29D1842C-8761-4B62-BD63-8F8037EED45C}" = NI TDMS (64-bit)
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{3268C8FE-AEA7-48A0-ACA5-776CF8A9852F}" = NI-MDBG 1.10.0f0 for 64 Bit Windows
"{37489ACA-49FA-4D80-BD62-DCF172DCFA1F}" = NI PXI Hardware 64-bit Support 2.5.6
"{382C8A75-9A2B-444D-A649-F28C3E331B3A}" = NI Portable Configuration for 64 Bit Windows 4.7.0
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D59804B-BF69-4088-9793-A2F9775DB5A5}" = NI System Web Server Base 1.0 (64-bit)
"{3DD68F17-2C5D-49AC-9280-13C90FE19B71}" = NI Logos64 5.1.3
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{468431F1-D17E-45B3-9033-E4A48C974FD9}" = NI MAX Support for 64 Bit Windows
"{4B1D7007-5EB1-47D3-A71D-1417A5A33692}" = NI-PAL 2.5.4f0 for 64 Bit Windows
"{4C1A3B65-E284-4F04-822F-3774E0CEEF67}" = Sentinel Protection Installer 7.1.0
"{4E07E126-991F-4BA4-A0B9-35A54DAB3B33}" = NI-ORB 1.9.3f0 for 64 Bit Windows
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{535CDE4E-70A7-4A40-9F9B-27058C21F7D0}" = NI MXS 4.7.0 for 64 Bit Windows
"{591362D4-590B-457E-9BA3-F4D9508B88BA}" = MobileMe Control Panel
"{59AEDF7C-0D51-48A1-8829-3B4343319B68}" = NI-MXDF 1.11.5f1 for 64 Bit Windows
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{6468B1B9-6E4F-4083-9C70-989830D5B7A6}" = NI MAX Remote Configuration 64-bit Installer 4.7.2
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6F11F8FE-35DE-4CAE-9D73-2C394DCFD889}" = NI Authentication 1.0 (64-bit)
"{75F299F3-8234-47CD-BB40-2994C1B1105E}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{895C2A25-8CB1-4DFE-9816-030841464F74}" = NI-DIM 1.11.0f0 for 64 Bit Windows
"{8C089519-64BD-48F5-AFDB-CACB1FF51FC4}" = NI-APAL 2.0 64-Bit Error Files
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{945CF655-4A32-4667-B085-70A9D53C5A86}" = NI VC2008MSMs x64
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9E3B041A-3151-4C51-9ABC-25D9DEAFB421}" = NI Trace Engine (64-bit)
"{9E9FCE1A-3A71-44F6-B19D-F44B103D003E}" = NI-VISA .. Provider 64-bit Support
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AB33D723-6E62-4D9B-8364-87A3161A3335}" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"{ACDF9326-11F8-4E8B-8EA5-58257574E0EB}" = NI-VISA .. 64-bit Support
"{AFA1743D-9773-459A-A0B1-7473C56BCE62}" = NI mDNS Responder 1.4 for Windows 64-bit
"{B092C4EE-F80B-48DD-B57D-C42B66543BE0}" = NI VC2005MSMs x64
"{B45EAADF-545B-40B5-9F9F-78981FCD0DF1}" = NI SSL Support (64-bit)
"{B553F272-5096-4472-9AF9-141D2843E2DD}" = NI-VISA x64 support ..
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{C0F23A48-E0CF-4A14-B3FF-E70D1E936DBF}" = NI System Configuration 1.1.2 for Windows 64-bit
"{C313658B-D4F6-4DD3-8F55-C46E53FFA0BB}" = NI Xerces Delay Load 2.7.2 64-bit
"{C342A5D7-9D75-4D37-879A-BAA68D168670}" = NI Logos64 XT Support
"{C3DB242C-6634-4DA5-A2FA-50580922389B}" = NI Measurement Studio Common .NET Assemblies (x64) for .NET 3.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{DD9D1FE4-43FC-4FE2-940A-33A95F2AB348}" = NI LabWindows/CVI 2009 Run-Time Engine (64-bit)
"{EBA3CDAA-7AB7-4023-B4ED-13BF5A6E27E5}" = NI System API Windows 64-bit 1.1.2
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F71335BF-CF6B-4ACC-ABCE-BA9DF2031DB8}" = VISA Shared Components 64-Bit
"ASCOM.Platform.NET.Components_is1" = ASCOM Platform 5.5.1 Update (5.5.23.18)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B6E651-686D-4BCD-8A93-C07B01761745}" = NI Logos 5.1.3
"{032620E3-C922-4F29-8A2D-87A27000235A}" = CacheStats
"{0607F297-8670-483C-8947-61A572473DEF}" = NI Xerces Delay Load 2.7.2
"{07D00E73-7F67-4008-A33C-80C7D53F1857}" = Radmin Viewer 3.0
"{0AAB121C-8EA7-49F5-B37C-DF117FB46771}" = NI LabVIEW Run-Time Engine 2009 SP1
"{0D3F2D86-F2F2-4B05-BB46-83C15DC88CD1}" = NI LabVIEW 2010 Real-Time Error Dialog
"{0F49F0AC-B14D-40B7-9848-EBA6B3A5C123}" = NI LabWindows/CVI 2009 Run-Time Engine
"{0FCE0BA9-8AD4-4622-9ADF-EFF0355EEAE7}" = NI LabVIEW Run-Time Engine Interop 2009
"{1052C0CF-35BC-4B3D-BCB2-D0CE96CA81E9}" = NI PXI Platform Services 2.5.6
"{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14B3706A-EFED-4945-AD7C-DEA92D8BA665}" = TheSky6
"{14C10725-0018-4534-AE5E-547C08B737B7}" = ASCOM Platform 5.0b
"{14C9AE19-4254-4280-ACD3-E159231DC2CD}" = Garmin Communicator Plugin
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1794C35F-836A-4E0D-8FDB-6DE0D143088E}_is1" = SBIG Driver Checker
"{1A5F6816-ABDF-4015-A1C5-6E519711707C}" = NI Update Service Full
"{1AF02632-214F-47ED-9178-DD915325F133}" = NI-VISA Runtime 5.0.2
"{1CC6055C-CF22-4FF3-A92E-2B8F7B505173}" = NI-MDBG 1.10.0f0
"{1D9DDE3F-6920-4881-AE76-42EAFFC501B6}" = Clarity
"{1E5C217C-FEE5-4A54-8A07-F6308D112CB3}" = NI MXS 4.7.0
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{2254CBFE-56BB-47BD-9958-5103AA58C5F7}" = NI System Web Server Base 1.0
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{285F2194-1DFC-4792-9D7C-C2A28A1B3FED}" = NI Measurement Studio MAX Configuration Support for VS2003
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A5B53AD-B965-43FE-9E0F-C667F882111E}" = NI Update Service
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2C751795-11E7-41B4-8E42-DC361717DBCB}" = NI Software Provider for MAX 4.7.0
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38C8C31F-4915-455F-AD98-0B953FC0C517}" = NI-1588 Configuration 1.0
"{38D88165-9EE7-49D0-B459-52518CA9D4BD}" = NI Measurement Studio MAX Configuration Support for VS2008
"{3A434C14-615B-4C03-95C8-DDFB8FA42DE4}" = Clarity II
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3AC465DB-700E-4A68-9AC9-33F61A2E7ABA}" = NI Trace Engine
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3DFE5A8C-DD90-442A-8C94-6C49A965004C}" = TransEra HTBasic 9.5 Demo
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40144127-DA90-4C4A-B278-4D860859A723}" = TheBat! Home v4.0.28
"{4058873D-3915-449A-9879-17149E06EA2F}" = NI SSL Support
"{41A0986C-CED7-4C93-AFF2-DC8566253B7B}" = NI MetaSuite Installer
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4837A574-F095-45A1-AF87-958DBC336DD5}" = NI mDNS Responder 1.4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BEF4B40-BC20-4CCB-BF07-3DA9C7CA248B}" = NI Measurement & Automation Explorer 4.7.2
"{4C6F8199-E1B2-4F60-9099-A9298D8EA4D6}" = NI-MXDF 1.11.5f1
"{4D45E975-51A4-4074-A406-78346F5D7E6E}" = MaxIm DL 4
"{4EBDDD97-BC33-4F4C-8DF3-4FA4D83DF84E}" = Retrospect 7.6
"{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55AF38A4-B9BB-4052-86D8-F6C3A2D5DB78}" = NI Portable Configuration 4.7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A8FF4DD-7442-4C3C-85FC-48FAF783CB9F}" = CCD Commander
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5CBD32AC-4778-4305-8DAC-A43699A44914}_is1" = CCDOps5
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.0.3
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{63E19B33-DD24-4EAB-9E77-6735C2171CE4}" = NI VC2005MSMs x86
"{647522DC-873A-4668-97BB-501A87D64911}" = NI-VISA 5.0.0 MAX Provider
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B54DB6D-6F00-4353-AB03-27374FC91F2F}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 1.1
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{7942E3B8-7754-4B11-8138-793DD215A5A2}" = NI Measurement Studio VISA Support for VS2005
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F5571D1-1FFD-4961-99D5-97A621D69506}" = NI Uninstaller
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{846D9AAD-EA7D-4126-9177-F874FD389BE4}" = Microsoft FxCop 1.35
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{86CD8FBB-39DA-4E20-B258-EC34D6437D88}" = NI-APAL 2.0 Error Files
"{86E28177-12AE-4E2B-8CC2-DCA19E7C8922}" = PlayOn
"{8925AD1C-13DE-4709-9E88-6A0C320D0D43}" = ICC Color Profiles
"{89EE9292-7C93-4BBF-937A-F64A8611B9BF}" = CCDSoft
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89FC36E5-5C62-499B-8207-9014C484F65C}" = NI-RPC 4.2.0f0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C9DCE36-A270-4740-8084-A27B48C2F83E}" = MX-850 Editor
"{8EEBEFD7-6EA0-4934-AE82-2F174F05B37D}" = FocusMax
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901E5EE7-EFAD-4286-B19C-AFC5C1301B66}" = NI Measurement Studio Common .NET Assemblies for .NET 3.5
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0
"{97BE24AF-8B75-49D8-A051-CE922CB04974}" = CCDStack
"{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9CF52CBF-7F12-4194-B80B-8B73C2C03C1D}" = NI-PAL 2.5.4f0
"{A0C05F54-8BC9-48BB-8E19-3BD85681A358}" = The Bat! International Pack v4.0.18
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3474A79-B574-417A-A31A-B2651C2BBA8E}" = MaxIm DL V5
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A5B57591-4E0C-4EF0-8954-11781BC5CCA1}" = NI Remote PXI Provider for MAX 4.7.0
"{A6DE114F-A674-4349-8C50-854F4732DA72}" = TheSkyX Professional Edition
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1CFB647-2185-4AB9-BF38-FDD5D9B5F53B}" = NI TDMS
"{B378AD16-8A9F-47B2-8225-3CB339465FAF}" = NI PXI Platform Framework 1.3.0
"{B4D09BE5-59C1-434C-85D9-DBF135A44CB6}" = NI Authentication 1.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF903074-1312-47E4-8845-267BCA9586C2}" = NI MDF Support
"{C1C910A7-0B89-4260-8845-FE221D9285E8}_is1" = PC Chrono 1.1.0.6
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
"{C9594136-B08E-4C0E-A4B5-36C887900582}" = Clarity
"{CAE1E75A-00F5-4876-A3D7-196F201D570E}" = NI PXI SystemAPI Expert 2.5.6
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA3175C-4978-4F78-B444-8AA0734B38A7}" = NI Measurement Studio MAX Configuration Support for VS2005
"{CCE4D322-0CBA-4C3D-8930-07A018C175D3}" = NI PXI Platform Services 2.5.6 Configuration Support
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CEDF90C4-A415-4903-94D6-9099F7AE41B5}_is1" = Conform 2.1.1.0
"{CF07A1C9-098F-47DD-99E0-B6558C33871B}" = Garmin MapSource
"{CFF55EAB-5A2F-4A95-99D4-EF3E585F03FD}" = NI Logos XT Support
"{D0409C8F-7F01-41A0-B7B2-1031D766CE53}" = NI System Configuration 1.1.2
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D50BA9B6-7FFE-4525-A9F2-720923086D6F}" = NI-VISA Server 5.0.0
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCA3D701-664B-4C87-9C31-2DBD47BACC2F}" = NI EULA Depot
"{E07DFE00-428C-4505-9E0E-BB1D6BE2BF6E}" = NI Measurement Studio Common .NET Assemblies for .NET 2.0
"{E256842C-AD14-4BDC-87B2-B3A4A7037837}" = LogMeIn
"{E68746CD-ADB2-4435-9FAB-4855F13E7AB5}" = KellermanFTP
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E891D269-06FD-41E1-9627-D06C017635C8}" = NI Measurement Studio VISA Support for VS2008
"{E9A1C394-7F4D-4548-920C-6665C5E5EF5F}" = NI System Web Server 1.0
"{EA7C218C-1F5E-47AF-9FC7-4B4255B8CB43}" = NI System API Windows 32-bit 1.1.2
"{EA89F4DC-E6CA-4D8F-83BD-FD907EE95B12}" = NI MAX Remote Configuration Installer 4.7.2
"{EACADC7F-39A9-40DC-8CC0-8E204F54C618}" = NI-VISA 5.0.2
"{EBBDA379-B0B0-46DE-BF05-1EF2B171C120}" = NI Spy 2.7.2
"{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE85BF19-2389-4BFD-9DDF-486BCAF2C1E2}" = NI System API Web-Servce 32-bit 1.1.0
"{EF8B6B5D-A38C-431A-81FF-2C8E3215C6A2}" = VMware Converter
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2378987-F7DD-4745-A1C5-2B1C407F47E8}" = NI Remote Provider for MAX 4.7.2
"{F2F19848-D5EB-4ad5-B33B-A9BA35CF62AE}_is1" = SBIG 64 Bit Driver Checker
"{F8CED12B-85BE-4A2F-AC84-0201D692A5F4}" = TheSky6
"{F9BF9C5E-A926-4DFD-9E95-46D5FFE5955E}" = NI Measurement Studio VISA .NET Languages Interface
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEC4FA99-C469-4449-98E2-6AC68D8DFDAD}" = NI PXI Platform Services 2.5.6 Expert
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC Amber CHM Converter" = ABC Amber CHM Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AnyDVD" = AnyDVD
"AudibleDownloadManager" = Audible Download Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EasyBCD" = EasyBCD 1.6
"Gemini Driver_is1" = Gemini Driver V4.2.22
"Google Updater" = Google Updater
"HandBrake" = Handbrake 0.9.4
"InstallShield_{4D45E975-51A4-4074-A406-78346F5D7E6E}" = MaxIm DL 4
"InstallShield_{A3474A79-B574-417A-A31A-B2651C2BBA8E}" = MaxIm DL V5
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"KellermanFTP" = KellermanFTP
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Moleskinsoft Directory Size 2.3_is1" = Moleskinsoft Directory Size 2.3
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSDN Library - January 1999" = MSDN Library - January 1999
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"MsJavaVM" = Microsoft VM for Java
"NI Uninstaller" = National Instruments Software
"NSS" = Norton Security Scan
"Opanda IExif_is1" = Opanda IExif 2.3
"Oregon Scientific SmartGlobe™ Deluxe Edition_is1" = SmartGlobe™ Deluxe Edition, V1.01.327090
"PSpice Student" = PSpice Student 9.1
"Quicken WillMaker Plus 2010" = Quicken WillMaker Plus 2010
"RegiStar" = RegiStar
"Risk®" = Risk®
"Spyder2PRO" = Spyder2PRO
"Spyware Doctor" = Spyware Doctor 7.0
"Starry Night Pro 6" = Starry Night Pro 6
"Tunnelier" = Bitvise Tunnelier 4.35 (remove only)
"UltimateZip 2007_is1" = UltimateZip 2007
"UltimateZip_is1" = UltimateZip
"uTorrent" = µTorrent
"VISASharedComponents" = VISA Shared Components 64-Bit
"VISPROR" = Microsoft Office Visio Professional 2007
"Visual Studio 6.0 Professional Edition" = Microsoft Visual Studio 6.0 Professional Edition
"Visual Studio Installer" = Microsoft Visual Studio Installer
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.3
"WebPost" = Microsoft Web Publishing Wizard 1.53

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:29 AM

Posted 15 December 2010 - 11:05 AM

Hi again methomas!!.. :)

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..extensions.enabledItems: {06996C17-E445-47FC-B956-75740FB76464}:1.9.1
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - HKLM\software\mozilla\Firefox\Extensions\\{06996C17-E445-47FC-B956-75740FB76464}: C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464} [2010/11/26 23:41:51 | 000,000,000 | ---D | M]
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    [2010/11/26 23:41:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}
    [2010/11/28 20:14:16 | 000,000,120 | ---- | M] () -- C:\Users\Matt\AppData\Local\Egexunosesoxik.dat
    [2010/11/28 20:14:16 | 000,000,000 | ---- | M] () -- C:\Users\Matt\AppData\Local\Itakomobun.bin
    [2010/11/26 23:40:08 | 000,000,177 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\sdhkryu.bat
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 methomas

methomas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 15 December 2010 - 03:30 PM

OTL Fix Log:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {06996C17-E445-47FC-B956-75740FB76464}:1.9.1 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{06996C17-E445-47FC-B956-75740FB76464} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06996C17-E445-47FC-B956-75740FB76464}\ not found.
C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}\chrome\content folder moved successfully.
C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}\chrome folder moved successfully.
C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Folder C:\Users\Matt\AppData\Local\{06996C17-E445-47FC-B956-75740FB76464}\ not found.
C:\Users\Matt\AppData\Local\Egexunosesoxik.dat moved successfully.
C:\Users\Matt\AppData\Local\Itakomobun.bin moved successfully.
C:\Users\Matt\AppData\Roaming\sdhkryu.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 149453493 bytes
->Temporary Internet Files folder emptied: 166244203 bytes
->Java cache emptied: 12850096 bytes
->FireFox cache emptied: 126301910 bytes
->Apple Safari cache emptied: 3192832 bytes
->Flash cache emptied: 2465832 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24033074 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6234991 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 468.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Matt
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12152010_113424

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-temp\vmware-converter-8.log moved successfully.
File\Folder C:\Windows\temp\kls6276.tmp not found!

Registry entries deleted on Reboot...

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:29 AM

Posted 15 December 2010 - 05:46 PM

Hi again methomas!!.. :)

That looks better!!.. The redirects in Firefox should have ceased now... Could you confirm??..

After posting the results of the ESET online scan, please do the following:

Firstly,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities...
Run Adobe Reader --> Help --> Check for updates - let it update to the newest version - 9.4.1

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
Java™ 6 Update 18


Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 6 Update 23".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe that you downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Secondly,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 methomas

methomas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 15 December 2010 - 08:29 PM

Here is the ESET log - sorry, it took some time to run and I just left it alone all afternoon:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=5a8ebbbe05f64a4da1e797b0e73107c0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-15 10:30:01
# local_time=2010-12-15 02:30:01 (-0800, Pacific Standard Time)
# country="United States"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 433152 433152 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 56 0 129044533 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=310954
# found=0
# cleaned=0
# scan_time=6468

#8 methomas

methomas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 15 December 2010 - 08:50 PM

Problem appears to be solved - although it was infrequent enough that I am not 100% certain. However, thank you very much for all the help!

I've done all the updates as you've requested. Here is the TDSSKiller log:
2010/12/15 17:48:02.0115 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/15 17:48:02.0115 ================================================================================
2010/12/15 17:48:02.0115 SystemInfo:
2010/12/15 17:48:02.0115
2010/12/15 17:48:02.0115 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/15 17:48:02.0115 Product type: Workstation
2010/12/15 17:48:02.0115 ComputerName: DESKTOP64
2010/12/15 17:48:02.0115 UserName: Matt
2010/12/15 17:48:02.0115 Windows directory: C:\Windows
2010/12/15 17:48:02.0115 System windows directory: C:\Windows
2010/12/15 17:48:02.0115 Running under WOW64
2010/12/15 17:48:02.0115 Processor architecture: Intel x64
2010/12/15 17:48:02.0116 Number of processors: 2
2010/12/15 17:48:02.0116 Page size: 0x1000
2010/12/15 17:48:02.0116 Boot type: Normal boot
2010/12/15 17:48:02.0116 ================================================================================
2010/12/15 17:48:02.0116 Utility is running under WOW64
2010/12/15 17:48:04.0986 Initialize success
2010/12/15 17:48:15.0969 ================================================================================
2010/12/15 17:48:15.0969 Scan started
2010/12/15 17:48:15.0969 Mode: Manual;
2010/12/15 17:48:15.0969 ================================================================================
2010/12/15 17:48:16.0726 %S_ServiceName% (185b522c41689c975926e9e970275698) C:\Windows\system32\Drivers\sbigu64.sys
2010/12/15 17:48:16.0801 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/12/15 17:48:16.0884 ADIHdAudAddService (0aecfcd0d5c67070fed350d871564c50) C:\Windows\system32\drivers\ADIHdAud.sys
2010/12/15 17:48:16.0953 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
2010/12/15 17:48:16.0998 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
2010/12/15 17:48:17.0025 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
2010/12/15 17:48:17.0057 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
2010/12/15 17:48:17.0114 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/12/15 17:48:17.0163 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
2010/12/15 17:48:17.0187 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/12/15 17:48:17.0214 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/12/15 17:48:17.0255 AlteraUSBBlaster (82d4bd620f7e27ea268ea0e2f701a7ae) C:\Windows\system32\drivers\ftdibus.sys
2010/12/15 17:48:17.0278 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/12/15 17:48:17.0303 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
2010/12/15 17:48:17.0353 AnyDVD (ace1f390f0398e7b3fe36c98fba67575) C:\Windows\system32\Drivers\AnyDVD.sys
2010/12/15 17:48:17.0456 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
2010/12/15 17:48:17.0495 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
2010/12/15 17:48:17.0560 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/15 17:48:17.0599 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/12/15 17:48:17.0642 AtcL001 (8f36253373195831ba144002397ee3c5) C:\Windows\system32\DRIVERS\l160x64.sys
2010/12/15 17:48:17.0743 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/15 17:48:17.0770 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/15 17:48:17.0795 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/12/15 17:48:17.0862 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/12/15 17:48:17.0908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/12/15 17:48:17.0935 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/15 17:48:17.0970 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/12/15 17:48:17.0991 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/12/15 17:48:18.0027 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/15 17:48:18.0097 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/15 17:48:18.0128 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
2010/12/15 17:48:18.0161 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/12/15 17:48:18.0217 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/12/15 17:48:18.0238 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
2010/12/15 17:48:18.0266 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
2010/12/15 17:48:18.0320 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
2010/12/15 17:48:18.0365 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/12/15 17:48:18.0417 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/12/15 17:48:18.0474 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/12/15 17:48:18.0521 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/15 17:48:18.0570 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/12/15 17:48:18.0614 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/12/15 17:48:18.0678 ElbyCDIO (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/15 17:48:18.0716 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
2010/12/15 17:48:18.0801 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/12/15 17:48:18.0845 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/12/15 17:48:18.0895 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/15 17:48:18.0939 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/12/15 17:48:18.0970 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/12/15 17:48:19.0008 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/15 17:48:19.0034 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/12/15 17:48:19.0086 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/15 17:48:19.0139 FTDIBUS (82d4bd620f7e27ea268ea0e2f701a7ae) C:\Windows\system32\drivers\ftdibus.sys
2010/12/15 17:48:19.0172 FTSER2K (1fa21ff2d7b50b528d8b73db34ad06bc) C:\Windows\system32\drivers\ftser2k.sys
2010/12/15 17:48:19.0209 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/15 17:48:19.0236 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/15 17:48:19.0312 hcmon (8895d459bf7a26445acd8512cbae1679) C:\Windows\system32\drivers\hcmon.sys
2010/12/15 17:48:19.0347 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/12/15 17:48:19.0391 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/15 17:48:19.0477 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/12/15 17:48:19.0500 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/12/15 17:48:19.0536 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/15 17:48:19.0573 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
2010/12/15 17:48:19.0612 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/12/15 17:48:19.0642 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
2010/12/15 17:48:19.0684 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/15 17:48:19.0711 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
2010/12/15 17:48:19.0758 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/12/15 17:48:19.0824 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/12/15 17:48:19.0859 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/15 17:48:19.0907 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/15 17:48:19.0992 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/15 17:48:20.0019 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/15 17:48:20.0048 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/12/15 17:48:20.0083 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
2010/12/15 17:48:20.0117 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/15 17:48:20.0144 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/12/15 17:48:20.0160 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/12/15 17:48:20.0183 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/15 17:48:20.0204 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/15 17:48:20.0318 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/15 17:48:20.0363 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/12/15 17:48:20.0417 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/15 17:48:20.0489 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
2010/12/15 17:48:20.0534 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
2010/12/15 17:48:20.0598 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
2010/12/15 17:48:20.0633 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/15 17:48:20.0661 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/15 17:48:20.0687 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/15 17:48:20.0720 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/12/15 17:48:20.0787 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
2010/12/15 17:48:20.0820 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/12/15 17:48:20.0852 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/15 17:48:20.0893 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/15 17:48:20.0915 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/15 17:48:20.0944 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/12/15 17:48:20.0980 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
2010/12/15 17:48:21.0024 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/15 17:48:21.0054 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/15 17:48:21.0094 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/15 17:48:21.0127 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/15 17:48:21.0175 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/15 17:48:21.0216 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/15 17:48:21.0244 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
2010/12/15 17:48:21.0277 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
2010/12/15 17:48:21.0326 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/12/15 17:48:21.0373 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/12/15 17:48:21.0419 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/15 17:48:21.0452 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/15 17:48:21.0476 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/12/15 17:48:21.0520 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/12/15 17:48:21.0554 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/15 17:48:21.0602 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/12/15 17:48:21.0640 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
2010/12/15 17:48:21.0697 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/12/15 17:48:21.0717 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/12/15 17:48:21.0768 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/15 17:48:21.0836 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/12/15 17:48:21.0901 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/15 17:48:21.0935 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/15 17:48:21.0959 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/15 17:48:21.0991 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/12/15 17:48:22.0034 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/15 17:48:22.0067 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/15 17:48:22.0115 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/12/15 17:48:22.0141 ni1006k (51845465fa15703ca34ea48e3d288809) C:\Windows\system32\drivers\ni1006k.sys
2010/12/15 17:48:22.0165 ni1045k (672b25e5c3db5dd356749a0386747155) C:\Windows\system32\drivers\ni1045kl.sys
2010/12/15 17:48:22.0183 ni1065k (a7a0621af90d1bff14f46e1e1e378097) C:\Windows\system32\drivers\ni1065k.sys
2010/12/15 17:48:22.0211 nidimk (eb88a94d8e5ba11a04195056f7436a91) C:\Windows\system32\drivers\nidimkl.sys
2010/12/15 17:48:22.0262 nimdbgk (151f31d3f186fc505266ae5f2fa5dee0) C:\Windows\system32\drivers\nimdbgkl.sys
2010/12/15 17:48:22.0298 nimxdfk (0faa9900c4970cadb873a4a0ca489dc1) C:\Windows\system32\drivers\nimxdfkl.sys
2010/12/15 17:48:22.0320 niorbk (ca6882d4a8fbd313d2b4694154f1182b) C:\Windows\system32\drivers\niorbkl.sys
2010/12/15 17:48:22.0367 nipalfwedl (0b8fc496fbf85e45472da68108dca042) C:\Windows\system32\drivers\nipalfwedl.sys
2010/12/15 17:48:22.0403 NIPALK (56d1038b47287b787fcb00a465f087f7) C:\Windows\system32\drivers\nipalk.sys
2010/12/15 17:48:22.0437 nipalusbedl (0364cd30c6ab0c6d5817358db2851a60) C:\Windows\system32\drivers\nipalusbedl.sys
2010/12/15 17:48:22.0457 nipbcfk (0aef3d16a49ab7dba0c2d96588980f69) C:\Windows\system32\drivers\nipbcfk.sys
2010/12/15 17:48:22.0478 nipxibaf (0946c576ebf9d74aad2ce518d116aafc) C:\Windows\system32\drivers\nipxibaf.sys
2010/12/15 17:48:22.0498 nipxibrc (67b261b37118f61ee4aedfa8ab540cd3) C:\Windows\system32\drivers\nipxibrc.sys
2010/12/15 17:48:22.0524 nipxigpk (5b71b0f43358b2da03eb9856e0ffad93) C:\Windows\system32\drivers\nipxigpk.sys
2010/12/15 17:48:22.0542 nipxirmk (0af058d666a30a69140c751f8f4bd21a) C:\Windows\system32\drivers\nipxirmkl.sys
2010/12/15 17:48:22.0583 NiViPciK (d68240f076486d89b2e9c7b1cbe7dbc2) C:\Windows\system32\drivers\NiViPciKl.sys
2010/12/15 17:48:22.0609 NiViPxiK (e91f504fbb6570a62806cd8dadb94cc9) C:\Windows\system32\drivers\NiViPxiKl.sys
2010/12/15 17:48:22.0648 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/12/15 17:48:22.0685 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/15 17:48:22.0750 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/12/15 17:48:22.0815 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/12/15 17:48:23.0065 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/15 17:48:23.0285 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
2010/12/15 17:48:23.0311 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
2010/12/15 17:48:23.0350 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
2010/12/15 17:48:23.0426 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/15 17:48:23.0485 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
2010/12/15 17:48:23.0516 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/12/15 17:48:23.0562 PavProc (c6ae0f80a5b85056e46c3d7ae142eb7a) C:\Windows\system32\DRIVERS\PavProc.sys
2010/12/15 17:48:23.0595 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/12/15 17:48:23.0622 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2010/12/15 17:48:23.0654 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/12/15 17:48:23.0692 PCTCore (60f19af0a9a26851ad9bc2d981afbac6) C:\Windows\system32\drivers\PCTCore64.sys
2010/12/15 17:48:23.0739 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/12/15 17:48:23.0811 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/15 17:48:23.0831 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
2010/12/15 17:48:23.0891 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/15 17:48:23.0942 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
2010/12/15 17:48:23.0977 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/12/15 17:48:24.0022 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/15 17:48:24.0062 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/15 17:48:24.0092 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/15 17:48:24.0126 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/15 17:48:24.0158 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/15 17:48:24.0193 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/15 17:48:24.0225 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/15 17:48:24.0267 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/12/15 17:48:24.0293 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/15 17:48:24.0324 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/12/15 17:48:24.0379 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/15 17:48:24.0427 sbigu64 (185b522c41689c975926e9e970275698) C:\Windows\system32\Drivers\sbigu64.sys
2010/12/15 17:48:24.0517 sbp2port (8c8862dc7417d89b375492c981c491f7) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/15 17:48:24.0596 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/15 17:48:24.0647 Ser2pl (749502a6c51116a6229cf7536181907f) C:\Windows\system32\DRIVERS\ser2pl64.sys
2010/12/15 17:48:24.0683 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/15 17:48:24.0723 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2010/12/15 17:48:24.0776 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/12/15 17:48:24.0862 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
2010/12/15 17:48:24.0891 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/15 17:48:24.0910 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/15 17:48:24.0933 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/12/15 17:48:24.0969 ShldDrv (7eda30cf742e926910481cd36f03cd03) C:\Windows\system32\DRIVERS\ShlDrv51.sys
2010/12/15 17:48:24.0998 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
2010/12/15 17:48:25.0020 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
2010/12/15 17:48:25.0054 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/12/15 17:48:25.0108 SNL320XP (83db3f47ba0c49cdf4c8d1f182d8cd21) C:\Windows\system32\DRIVERS\9kdUSB64.sys
2010/12/15 17:48:25.0145 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/12/15 17:48:25.0197 Spyder2 (b9413b99dbb704e0f5824775a1118cc7) C:\Windows\system32\DRIVERS\Spyder2.sys
2010/12/15 17:48:25.0282 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2010/12/15 17:48:25.0319 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/15 17:48:25.0345 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/15 17:48:25.0379 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
2010/12/15 17:48:25.0427 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
2010/12/15 17:48:25.0454 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/15 17:48:25.0482 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/12/15 17:48:25.0505 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/12/15 17:48:25.0527 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/12/15 17:48:25.0616 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/12/15 17:48:25.0682 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/15 17:48:25.0719 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/15 17:48:25.0752 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/12/15 17:48:25.0775 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/12/15 17:48:25.0807 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/15 17:48:25.0843 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/15 17:48:25.0893 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/15 17:48:25.0923 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/15 17:48:25.0973 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/15 17:48:25.0998 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
2010/12/15 17:48:26.0033 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/15 17:48:26.0097 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/15 17:48:26.0128 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
2010/12/15 17:48:26.0159 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/12/15 17:48:26.0191 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/12/15 17:48:26.0233 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/15 17:48:26.0303 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2010/12/15 17:48:26.0346 usbbus (f8527deddf07bf36157d5a2c864effa8) C:\Windows\system32\DRIVERS\lgx64bus.sys
2010/12/15 17:48:26.0400 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/15 17:48:26.0422 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/12/15 17:48:26.0451 UsbDiag (c02b007c2174c4c5f3d6b476c65bc346) C:\Windows\system32\DRIVERS\lgx64diag.sys
2010/12/15 17:48:26.0484 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/15 17:48:26.0525 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/15 17:48:26.0557 USBModem (f0a128b233d7edd16e67cb1172d7d7b7) C:\Windows\system32\DRIVERS\lgx64modem.sys
2010/12/15 17:48:26.0579 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/12/15 17:48:26.0619 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/15 17:48:26.0649 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/15 17:48:26.0688 Usbtmc (85d7e031d8671155b14abeaed326b068) C:\Windows\system32\Drivers\ausbtmc.sys
2010/12/15 17:48:26.0727 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/15 17:48:26.0763 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/15 17:48:26.0789 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/12/15 17:48:26.0812 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/12/15 17:48:26.0845 vmci (8df03c05fe2456c8ec1a026d74543a63) C:\Windows\system32\drivers\vmci.sys
2010/12/15 17:48:26.0882 vmkbd (a3ca226c5a3e026649102ad6e7bd3784) C:\Windows\system32\drivers\VMkbd.sys
2010/12/15 17:48:26.0928 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/12/15 17:48:26.0950 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/12/15 17:48:26.0974 VMnetuserif (ed4444485be1da3cb769041c624f500b) C:\Windows\system32\drivers\vmnetuserif.sys
2010/12/15 17:48:27.0008 VMparport (4559964caa0709f28305c1bcbdd66984) C:\Windows\system32\drivers\VMparport.sys
2010/12/15 17:48:27.0062 vmusb (5d5c96c4ad3cfcffb8d5691dd749322a) C:\Windows\system32\Drivers\vmusb.sys
2010/12/15 17:48:27.0122 vmx86 (8ff09da54eb03dba277a550055f1356c) C:\Windows\system32\drivers\vmx86.sys
2010/12/15 17:48:27.0161 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/12/15 17:48:27.0201 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/12/15 17:48:27.0240 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/12/15 17:48:27.0271 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
2010/12/15 17:48:27.0411 vstor2-p2v30 (eba6219ef0994aea255c1f3e4f858a55) C:\Program Files (x86)\VMware\VMware Converter\vstor2-p2v30.sys
2010/12/15 17:48:27.0457 vstor2-ws60 (bb0cebbcb75f1a2d790f9235edfe5052) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
2010/12/15 17:48:27.0511 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/12/15 17:48:27.0553 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/15 17:48:27.0571 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/15 17:48:27.0613 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
2010/12/15 17:48:27.0703 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/15 17:48:27.0790 WmiAcpi (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/15 17:48:27.0842 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/15 17:48:27.0886 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/15 17:48:27.0946 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/15 17:48:28.0396 ================================================================================
2010/12/15 17:48:28.0396 Scan finished
2010/12/15 17:48:28.0396 ================================================================================
2010/12/15 17:48:33.0998 Deinitialize success

Thanks again!!!!!

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:29 AM

Posted 16 December 2010 - 12:28 PM

Hi again methomas!!.. :)

Problem appears to be solved - although it was infrequent enough that I am not 100% certain. However, thank you very much for all the help!

Glad to see it!!.. :thumbup2: Logs look clean, and that malicious Add-on for Firefox was removed - so, everything should be ok now!..

Some final steps to perform:

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 methomas

methomas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 18 December 2010 - 11:23 PM

Thank you very much for the help. I appreciate it very much.

Can I send you a thank you gift?

#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:29 AM

Posted 19 December 2010 - 04:44 AM

Hi again!!.. :)

Thank you very much for the help. I appreciate it very much.

You're welcome!!.. :thumbup2:

Can I send you a thank you gift?

What do you mean?.. :) As far as I'm concerned, your "thank you" is enough for me - it really means much... Currently, I do not accept any donations or gifts, unless you think about a some kind of an e-card as a "gift"... :)
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 methomas

methomas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 19 December 2010 - 11:39 AM

Well then, thank you again! :thumbsup:

#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:29 AM

Posted 19 December 2010 - 06:22 PM

You're welcome!!.. ...and: Merry Christmas!!.. :)

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users