Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Police Shut Down Anon-IB, an Infamous Revenge Porn Forum

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

Browser redirect removal

Started by dzobrist , Apr 02 2011 07:53 AM

  • This topic is locked This topic is locked
8 replies to this topic

#1 dzobrist

dzobrist

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:10:47 AM

Posted 02 April 2011 - 07:53 AM

Hello,

My computer became infected with Antimalware Doctor as well as several browser redirect viruses. I have gone through a series of fixes including Superantispyware and antimalwarebytes. The last program I ran was Kaspersky's TDSSKiller. It found and removed a number of issue however it found 1 suspicious file it could not remove. The report told me that d:\Windows\system32\drivers\safeboot.sys is a suspicious file and suggested I skip removal.

Here are the requested logs:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by dzobrist at 1:37:51.37 on Sat 04/02/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2042.1037 [GMT -4:00]
.
.
============== Running Processes ===============
.
D:\WINDOWS\System32\svchost.exe -k Cognizance
D:\Program Files\Fingerprint Sensor\AtService.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
D:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nero\Update\NASvc.exe
C:\QUALCOMM\QDLService\QDLService.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\tbh\monitor\bin\tbhMonitor.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
D:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
D:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Documents and Settings\Dzobrist\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
D:\Documents and Settings\Dzobrist\Application Data\Dropbox\bin\Dropbox.exe
D:\Documents and Settings\Dzobrist\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Documents and Settings\Dzobrist\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Dzobrist\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Dzobrist\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
D:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\Dzobrist\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - d:\program files\ask.com\GenericAskToolbar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - d:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - d:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - d:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - d:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - d:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
TB: @d:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - d:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
uRun: [Google Update] "d:\documents and settings\dzobrist\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [QlbCtrl.exe] d:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] d:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Connection Manager.exe] "d:\program files\hewlett-packard\hp connection manager\HP Connection Manager.exe"
mRun: [NBAgent] "d:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [AppleSyncNotifier] d:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Bing Bar] "d:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "d:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
StartupFolder: d:\docume~1\dzobrist\startm~1\programs\startup\dropbox.lnk - d:\documents and settings\dzobrist\application data\dropbox\bin\Dropbox.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - d:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - d:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - d:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - d:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - d:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - d:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - d:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Download with Xilisoft Download YouTube Video - d:\program files\xilisoft\download youtube video\upod_link.HTM
IE: Download with Xilisoft YouTube Video Converter - d:\program files\xilisoft\youtube video converter\upod_link.HTM
IE: Open with Nuance PDF Converter 6.0 - d:\program files\nuance\pdf professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - d:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6A6F4B83-45C5-4CA9-BDD9-0D81C12295E4} - hxxps://exch.greenbrieroutfitters.com/Remote/msrdp.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256921200812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: ackpbsc - d:\windows\system32\ackpbsc.dll
Notify: acunlock - d:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OneCard - d:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: d:\windows\system32\APSHook.dll APSHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "d:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - d:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\docume~1\dzobrist\applic~1\mozilla\firefox\profiles\gwe66ykb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - plugin: d:\documents and settings\dzobrist\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: d:\program files\nuance\pdf professional 6\bin\nppdf.dll
FF - plugin: d:\program files\nuance\pdf professional 6\bin\nppdf.dll
FF - plugin: d:\program files\skyhook wireless\loki browser plugin\versions\3.1.0.05\nploki.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} - %profile%\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 SafeBoot;SafeBoot;d:\windows\system32\drivers\SafeBoot.sys [2008-7-11 109184]
R0 SbAlg;SbAlg;d:\windows\system32\drivers\SbAlg.sys [2008-7-11 51376]
R0 SbFsLock;SbFsLock;d:\windows\system32\drivers\SbFsLock.sys [2008-7-11 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;d:\windows\system32\drivers\sfaudio.sys [2009-9-8 24064]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);d:\windows\system32\drivers\tdrpm251.sys [2009-10-26 902432]
R1 RCFOX;SonicWALL IPsec Driver;d:\windows\system32\drivers\RCFOX.SYS [2010-9-19 91136]
R1 RsvLock;RsvLock;d:\windows\system32\drivers\rsvlock.sys [2008-7-11 12496]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ASChannel;Local Communication Channel;d:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 ATService;AuthenTec Fingerprint Service;d:\program files\fingerprint sensor\AtService.exe [2008-6-12 1164536]
R2 HP ProtectTools Service;HP ProtectTools Service;d:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-7-8 19968]
R2 HpFkCryptService;Drive Encryption Service;d:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-7-11 256512]
R2 NAUpdate;@d:\program files\nero\update\nasvc.exe,-200;d:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-6-9 345336]
R2 SMManager;HP Connection Manager Service;d:\program files\hewlett-packard\hp connection manager\SMManager.exe [2010-3-12 82760]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;d:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;d:\windows\system32\drivers\ATSwpWDF.sys [2008-6-12 477696]
R3 Com4QLBEx;Com4QLBEx;d:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-8 193840]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;d:\windows\system32\drivers\e1y5132.sys [2009-9-8 244368]
R3 QCFilterhp;HP USB Composite Device Filter Driver;d:\windows\system32\drivers\qcfilterhp.sys [2009-9-8 5248]
R3 qcusbnethp;HP USB-NDIS miniport;d:\windows\system32\drivers\qcusbnethp.sys [2009-9-8 112640]
R3 qcusbserhp;HP USB Device for Legacy Serial Communication;d:\windows\system32\drivers\qcusbserhp.sys [2009-9-8 103680]
R3 rcvpn;SonicWALL VPN Adapter;d:\windows\system32\drivers\rcvpn.sys [2010-9-19 23180]
R3 rismc32;RICOH Smart Card Reader;d:\windows\system32\drivers\rismc32.sys [2009-9-8 47616]
R3 RRNetCapMP;RRNetCapMP;d:\windows\system32\drivers\rrnetcap.sys [2010-4-19 31848]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 afcdp;afcdp;d:\windows\system32\drivers\afcdp.sys [2009-10-26 159168]
S3 RoxMediaDB10;RoxMediaDB10;d:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 RRNetCap;RRNetCap Service;d:\windows\system32\drivers\rrnetcap.sys [2010-4-19 31848]
S4 accoca;ActivClient Middleware Service;d:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
S4 afcdpsrv;Acronis Nonstop Backup service;d:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-10-26 2326920]
S4 ASBroker;Logon Session Broker;d:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
S4 PDFProFiltSrv;PDFProFiltSrv;d:\program files\nuance\pdf professional 6\PDFProFiltSrv.exe [2009-6-30 134944]
.
=============== Created Last 30 ================
.
2011-04-01 04:58:50 0 ----a-w- d:\windows\Rrusoyul.bin
2011-04-01 04:44:59 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-04-01 04:44:59 472808 ----a-w- d:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-15 16:49:22 -------- d-----w- d:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2011-03-15 14:41:33 -------- d-----w- d:\documents and settings\dzobrist\.netbeans
2011-03-15 14:41:28 -------- d-----w- d:\docume~1\dzobrist\applic~1\.maltego
2011-03-15 14:40:12 -------- d-----w- d:\program files\Paterva
2011-03-15 13:21:01 -------- d-----w- d:\program files\iPod
2011-03-15 13:20:58 -------- d-----w- d:\program files\iTunes
2011-03-11 17:24:58 143360 ----a-r- d:\windows\apptune1020.exe
2011-03-11 17:24:54 86016 ----a-r- d:\windows\system32\ZSPOOL.DLL
2011-03-11 17:24:54 28672 ----a-r- d:\windows\system32\zlm.dll
2011-03-11 17:24:54 28672 ----a-r- d:\windows\system32\IMF32.DLL
2011-03-11 17:24:54 24576 ----a-r- d:\windows\system32\ZTAG32.DLL
2011-03-11 17:24:54 102400 ----a-r- d:\windows\system32\ZLhp1020.dll
2011-03-11 17:24:53 49152 ----a-r- d:\windows\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
2011-03-11 17:24:53 442368 ----a-r- d:\windows\system32\zshp1020.exe
2011-03-11 17:24:53 106496 ----a-r- d:\windows\system32\vshp1020.dll
2011-03-11 17:24:52 -------- d--h--w- d:\program files\Zenographics
2011-03-11 17:21:14 -------- d-----w- d:\documents and settings\dzobrist\lj1020
2011-03-10 14:56:47 -------- d-----w- d:\documents and settings\dzobrist\ljdriver
2011-03-09 15:02:20 74752 ----a-w- d:\windows\system32\jst.dll
2011-03-09 15:02:20 40960 ----a-w- d:\windows\system32\d4channel.dll
2011-03-09 15:02:20 36864 ----a-w- d:\windows\system32\hpbmmjno.dll
2011-03-09 15:02:20 131072 ----a-w- d:\windows\system32\PMLJNI.dll
2011-03-09 15:01:51 -------- d--h--w- d:\program files\Zero G Registry
2011-03-09 14:57:35 -------- d-----w- d:\program files\common files\SWF Studio
2011-03-09 14:56:38 -------- d-----w- d:\documents and settings\dzobrist\lj4250
2011-03-09 14:47:08 12928 -c--a-w- d:\windows\system32\dllcache\dot4prt.sys
2011-03-09 14:47:08 12928 ----a-w- d:\windows\system32\drivers\Dot4Prt.sys
2011-03-09 14:47:01 23808 -c--a-w- d:\windows\system32\dllcache\dot4usb.sys
2011-03-09 14:47:01 23808 ----a-w- d:\windows\system32\drivers\Dot4usb.sys
2011-03-09 14:47:00 206976 -c--a-w- d:\windows\system32\dllcache\dot4.sys
2011-03-09 14:47:00 206976 ----a-w- d:\windows\system32\drivers\Dot4.sys
2011-03-04 17:53:27 719832 ----a-w- d:\program files\mozilla firefox\mozcpp19.dll
2011-03-04 17:53:27 16856 ----a-w- d:\program files\mozilla firefox\plugin-container.exe
.
==================== Find3M ====================
.
2011-02-02 23:19:39 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-01-21 14:44:37 439296 ----a-w- d:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- d:\windows\system32\atmfd.dll
.
============= FINISH: 1:39:03.84 ===============

Also, here is my TDSS Killer log:

2011/04/02 01:22:24.0734 5448 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/02 01:22:25.0000 5448 ================================================================================
2011/04/02 01:22:25.0000 5448 SystemInfo:
2011/04/02 01:22:25.0000 5448
2011/04/02 01:22:25.0000 5448 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/02 01:22:25.0000 5448 Product type: Workstation
2011/04/02 01:22:25.0000 5448 ComputerName: GBO-9957B789BAC
2011/04/02 01:22:25.0000 5448 UserName: dzobrist
2011/04/02 01:22:25.0000 5448 Windows directory: D:\WINDOWS
2011/04/02 01:22:25.0000 5448 System windows directory: D:\WINDOWS
2011/04/02 01:22:25.0000 5448 Processor architecture: Intel x86
2011/04/02 01:22:25.0000 5448 Number of processors: 2
2011/04/02 01:22:25.0000 5448 Page size: 0x1000
2011/04/02 01:22:25.0000 5448 Boot type: Normal boot
2011/04/02 01:22:25.0000 5448 ================================================================================
2011/04/02 01:22:25.0265 5448 Initialize success
2011/04/02 01:22:28.0484 3460 ================================================================================
2011/04/02 01:22:28.0484 3460 Scan started
2011/04/02 01:22:28.0484 3460 Mode: Manual;
2011/04/02 01:22:28.0484 3460 ================================================================================
2011/04/02 01:22:29.0390 3460 Accelerometer (a0baabb7d3549460e3f8c5ad6f778683) D:\WINDOWS\system32\DRIVERS\Accelerometer.sys
2011/04/02 01:22:29.0453 3460 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/02 01:22:29.0500 3460 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/02 01:22:29.0593 3460 ADIHdAudAddService (f0e3dd5015f5aeb3db76b0e95f67ed1c) D:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/04/02 01:22:29.0703 3460 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) D:\WINDOWS\system32\drivers\AEAudio.sys
2011/04/02 01:22:29.0750 3460 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
2011/04/02 01:22:29.0828 3460 afcdp (f132d0bfde7c5ea1ab42325c5694a969) D:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/04/02 01:22:29.0906 3460 AFD (7e775010ef291da96ad17ca4b17137d7) D:\WINDOWS\System32\drivers\afd.sys
2011/04/02 01:22:29.0984 3460 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) D:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/04/02 01:22:30.0375 3460 Arp1394 (b5b8a80875c1dededa8b02765642c32f) D:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/02 01:22:30.0578 3460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/02 01:22:30.0656 3460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\drivers\atapi.sys
2011/04/02 01:22:30.0875 3460 ati2mtag (7e57c60cc3e819c5031020ded9cd92e0) D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/02 01:22:30.0968 3460 AtiHdmiService (41c8f0eda10da14378d304c20ba6e558) D:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/04/02 01:22:31.0078 3460 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/02 01:22:31.0140 3460 ATSwpWDF (c74e3d37625166c8a81fc07f796bc1ac) D:\WINDOWS\system32\Drivers\ATSwpWDF.sys
2011/04/02 01:22:31.0250 3460 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/02 01:22:31.0296 3460 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/04/02 01:22:31.0437 3460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/02 01:22:31.0531 3460 CCDECODE (0be5aef125be881c4f854c554f2b025c) D:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/02 01:22:31.0609 3460 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/02 01:22:31.0687 3460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/02 01:22:31.0718 3460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/02 01:22:31.0796 3460 CmBatt (0f6c187d38d98f8df904589a5f94d411) D:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/02 01:22:31.0890 3460 Compbatt (6e4c9f21f0fae8940661144f41b13203) D:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/02 01:22:32.0078 3460 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/02 01:22:32.0187 3460 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
2011/04/02 01:22:32.0312 3460 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
2011/04/02 01:22:32.0359 3460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/04/02 01:22:32.0406 3460 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
2011/04/02 01:22:32.0484 3460 DNE (ded00b959d94612c22f53538a9f0fc89) D:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/04/02 01:22:32.0562 3460 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) D:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/04/02 01:22:32.0656 3460 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) D:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/04/02 01:22:32.0703 3460 dot4ufd (2ebac67dad0da30bccd0e838bc98db5b) D:\WINDOWS\system32\DRIVERS\hppaufd0.sys
2011/04/02 01:22:32.0750 3460 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) D:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/04/02 01:22:32.0843 3460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/02 01:22:32.0906 3460 e1yexpress (96967facc0307093b9098f817a4409e6) D:\WINDOWS\system32\DRIVERS\e1y5132.sys
2011/04/02 01:22:33.0031 3460 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/02 01:22:33.0062 3460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\drivers\Fdc.sys
2011/04/02 01:22:33.0109 3460 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
2011/04/02 01:22:33.0140 3460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/02 01:22:33.0203 3460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/02 01:22:33.0234 3460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/02 01:22:33.0265 3460 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/02 01:22:33.0375 3460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/02 01:22:33.0437 3460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/02 01:22:33.0484 3460 HBtnKey (407e41ddb2bfece109132aec296e0d98) D:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/04/02 01:22:33.0562 3460 HDAudBus (573c7d0a32852b48f3058cfd8026f511) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/02 01:22:33.0656 3460 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/02 01:22:33.0718 3460 hpdskflt (9f620e11b80b74f4dab50a81a5df357f) D:\WINDOWS\system32\DRIVERS\hpdskflt.sys
2011/04/02 01:22:33.0796 3460 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) D:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/04/02 01:22:33.0875 3460 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/02 01:22:34.0078 3460 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/02 01:22:34.0156 3460 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) D:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/02 01:22:34.0203 3460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/02 01:22:34.0328 3460 intelppm (8c953733d8f36eb2133f5bb58808b66b) D:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/02 01:22:34.0437 3460 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/02 01:22:34.0500 3460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/02 01:22:34.0562 3460 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/02 01:22:34.0656 3460 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/02 01:22:34.0703 3460 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/02 01:22:34.0796 3460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/02 01:22:34.0859 3460 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/02 01:22:34.0921 3460 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/02 01:22:34.0953 3460 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/02 01:22:34.0984 3460 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
2011/04/02 01:22:35.0093 3460 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/02 01:22:35.0218 3460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/02 01:22:35.0281 3460 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
2011/04/02 01:22:35.0328 3460 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/02 01:22:35.0390 3460 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/02 01:22:35.0453 3460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/02 01:22:35.0546 3460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/02 01:22:35.0640 3460 MRxSmb (f3aefb11abc521122b67095044169e98) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/02 01:22:35.0750 3460 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
2011/04/02 01:22:35.0828 3460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/02 01:22:35.0875 3460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/02 01:22:35.0921 3460 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/02 01:22:35.0984 3460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/02 01:22:36.0031 3460 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) D:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/02 01:22:36.0109 3460 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys
2011/04/02 01:22:36.0187 3460 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/02 01:22:36.0296 3460 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
2011/04/02 01:22:36.0343 3460 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) D:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/02 01:22:36.0390 3460 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/02 01:22:36.0468 3460 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/02 01:22:36.0500 3460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/02 01:22:36.0562 3460 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/02 01:22:36.0609 3460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/02 01:22:36.0687 3460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/02 01:22:36.0906 3460 NETw5x32 (0888844230083ce3b47395102bca8207) D:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/04/02 01:22:37.0078 3460 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) D:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/02 01:22:37.0171 3460 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
2011/04/02 01:22:37.0250 3460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/02 01:22:37.0671 3460 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/04/02 01:22:37.0734 3460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/02 01:22:37.0781 3460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/02 01:22:37.0843 3460 ohci1394 (ca33832df41afb202ee7aeb05145922f) D:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/02 01:22:37.0906 3460 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/02 01:22:37.0953 3460 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/02 01:22:38.0015 3460 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/02 01:22:38.0046 3460 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/02 01:22:38.0187 3460 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/02 01:22:38.0531 3460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/02 01:22:38.0578 3460 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/02 01:22:38.0625 3460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/02 01:22:38.0718 3460 PxHelp20 (153d02480a0a2f45785522e814c634b6) D:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/02 01:22:38.0781 3460 QCFilterhp (0cd1962f0577d96a076c499dbf9fee84) D:\WINDOWS\system32\DRIVERS\qcfilterhp.sys
2011/04/02 01:22:38.0796 3460 qcusbnethp (12b5120cba3925d0ba576ae65aede52e) D:\WINDOWS\system32\DRIVERS\qcusbnethp.sys
2011/04/02 01:22:38.0828 3460 qcusbserhp (18bf66df8c4b00d1853edcfde907bc5b) D:\WINDOWS\system32\DRIVERS\qcusbserhp.sys
2011/04/02 01:22:38.0968 3460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/02 01:22:39.0000 3460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/02 01:22:39.0031 3460 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/02 01:22:39.0078 3460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/02 01:22:39.0125 3460 RCFOX (5c72bbc9ca332847e0913168d917d2ee) D:\WINDOWS\system32\Drivers\RCFOX.sys
2011/04/02 01:22:39.0187 3460 rcvpn (808b237c0b31327be1dbd72f14787f7e) D:\WINDOWS\system32\DRIVERS\rcvpn.sys
2011/04/02 01:22:39.0218 3460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/02 01:22:39.0281 3460 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/02 01:22:39.0343 3460 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/02 01:22:39.0437 3460 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/02 01:22:39.0515 3460 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/02 01:22:39.0562 3460 rimmptsk (ded01a389926a89540b82373e4c550ee) D:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/04/02 01:22:39.0578 3460 rimsptsk (c398bca91216755b098679a8da8a2300) D:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/04/02 01:22:39.0609 3460 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) D:\WINDOWS\system32\DRIVERS\rismc32.sys
2011/04/02 01:22:39.0671 3460 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) D:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/04/02 01:22:39.0765 3460 RRNetCap (43110c2a2c5ed32ead96c440718e4452) D:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2011/04/02 01:22:39.0796 3460 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) D:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2011/04/02 01:22:39.0906 3460 RsvLock (c40fe954538778bb067968f4ef90ffae) D:\WINDOWS\system32\drivers\RsvLock.sys
2011/04/02 01:22:39.0937 3460 SafeBoot (1b1c533025bcc96b60ffe412a982c6bf) D:\WINDOWS\system32\drivers\SafeBoot.sys
2011/04/02 01:22:39.0937 3460 Suspicious file (NoAccess): D:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 1b1c533025bcc96b60ffe412a982c6bf
2011/04/02 01:22:39.0937 3460 SafeBoot - detected Locked file (1)
2011/04/02 01:22:39.0984 3460 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/02 01:22:40.0031 3460 SASKUTIL (61db0d0756a99506207fd724e3692b25) D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/02 01:22:40.0046 3460 SbAlg (c0094aad6bc8a2d933eca2102d58c021) D:\WINDOWS\system32\drivers\SbAlg.sys
2011/04/02 01:22:40.0093 3460 SbFsLock (5eb7979b149a2619ae97b0b91a187634) D:\WINDOWS\system32\drivers\SbFsLock.sys
2011/04/02 01:22:40.0171 3460 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) D:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/02 01:22:40.0250 3460 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/02 01:22:40.0296 3460 Serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/02 01:22:40.0343 3460 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/02 01:22:40.0390 3460 SFAUDIO (b6401608579b6431994425ba7653f774) D:\WINDOWS\system32\drivers\sfaudio.sys
2011/04/02 01:22:40.0468 3460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/02 01:22:40.0578 3460 SLIP (866d538ebe33709a5c9f5c62b73b7d14) D:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/02 01:22:40.0640 3460 snapman (ffd9b64db2cd7b74b766c3a8452a5816) D:\WINDOWS\system32\DRIVERS\snapman.sys
2011/04/02 01:22:40.0703 3460 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/02 01:22:40.0812 3460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
2011/04/02 01:22:40.0859 3460 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/02 01:22:40.0953 3460 Srv (0f6aefad3641a657e18081f52d0c15af) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/02 01:22:41.0078 3460 streamip (77813007ba6265c4b6098187e6ed79d2) D:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/02 01:22:41.0140 3460 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/02 01:22:41.0203 3460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
2011/04/02 01:22:41.0437 3460 SynTP (32e37efc1fcab0f31513666e0c9e31bc) D:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/02 01:22:41.0484 3460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/02 01:22:41.0593 3460 tbhsd (4d46f63f7ddc2442941d63327c360b90) D:\WINDOWS\system32\drivers\tbhsd.sys
2011/04/02 01:22:41.0687 3460 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/02 01:22:41.0765 3460 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/02 01:22:41.0843 3460 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) D:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2011/04/02 01:22:42.0000 3460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/02 01:22:42.0031 3460 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/02 01:22:42.0078 3460 timounter (c820bfc70feb25ec877c49e81cd477c1) D:\WINDOWS\system32\DRIVERS\timntr.sys
2011/04/02 01:22:42.0187 3460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
2011/04/02 01:22:42.0343 3460 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
2011/04/02 01:22:42.0453 3460 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) D:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/02 01:22:42.0531 3460 usbaudio (e919708db44ed8543a7c017953148330) D:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/02 01:22:42.0578 3460 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/02 01:22:42.0671 3460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/02 01:22:42.0718 3460 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/02 01:22:42.0796 3460 usbprint (a717c8721046828520c9edf31288fc00) D:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/02 01:22:42.0859 3460 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/02 01:22:42.0921 3460 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/02 01:22:42.0984 3460 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/02 01:22:43.0046 3460 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) D:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/02 01:22:43.0093 3460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
2011/04/02 01:22:43.0203 3460 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/02 01:22:43.0265 3460 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/02 01:22:43.0343 3460 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) D:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/02 01:22:43.0437 3460 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/02 01:22:43.0625 3460 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) D:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/02 01:22:43.0734 3460 WSTCODEC (c98b39829c2bbd34e454150633c62c78) D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/02 01:22:43.0781 3460 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/02 01:22:43.0781 3460 ================================================================================
2011/04/02 01:22:43.0781 3460 Scan finished
2011/04/02 01:22:43.0781 3460 ================================================================================
2011/04/02 01:22:43.0812 2228 Detected object count: 2
2011/04/02 01:23:01.0218 2228 Locked file(SafeBoot) - User select action: Skip
2011/04/02 01:23:01.0281 2228 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/02 01:23:01.0281 2228 \HardDisk0 - ok
2011/04/02 01:23:01.0281 2228 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/02 01:23:08.0375 5700 Deinitialize success

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 02 April 2011 - 03:46 PM.

BC AdBot (Login to Remove)

 

#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:47 PM

Posted 06 April 2011 - 09:22 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 dzobrist

dzobrist
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:10:47 AM

Posted 06 April 2011 - 09:28 PM

Thank you for you help. I was able to removin the redirect before I posted the first round of reports. Laptop still boots slowly. TDSS told me me that d:\Windows\system32\drivers\safeboot.sys is a suspicious file and suggested I skip removal.I have not applied any other removal tools since I posted the logs.

Thanks for the help

Duane


OTL logfile created on: 4/6/2011 10:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Dzobrist\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 1.00 Gb Total Space | 0.21 Gb Free Space | 21.34% Space Free | Partition Type: FAT32
Drive D: | 231.87 Gb Total Space | 91.48 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
Drive P: | 232.75 Gb Total Space | 36.89 Gb Free Space | 15.85% Space Free | Partition Type: NTFS
Drive T: | 232.75 Gb Total Space | 36.89 Gb Free Space | 15.85% Space Free | Partition Type: NTFS

Computer Name: GBO-9957B789BAC | User Name: dzobrist | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 22:07:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Dzobrist\My Documents\Downloads\OTL.exe
PRC - [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Dzobrist\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/12/03 14:18:12 | 008,133,120 | ---- | M] () -- D:\xampp\mysql\bin\mysqld.exe
PRC - [2010/11/30 16:00:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- D:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/10/17 20:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- D:\xampp\apache\bin\httpd.exe
PRC - [2010/10/15 18:38:13 | 000,134,808 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Dzobrist\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/28 17:17:12 | 001,406,248 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/12 19:27:18 | 000,082,760 | ---- | M] (Smith Micro Software, Inc.) -- D:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
PRC - [2010/03/12 19:27:12 | 001,119,048 | ---- | M] (Smith Micro Software, Inc) -- D:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- D:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/09/09 10:38:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/07/11 14:49:40 | 000,256,512 | ---- | M] (SafeBoot International) -- D:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/07/08 18:18:32 | 000,019,968 | ---- | M] (Hewlett-Packard Development Company, L.P) -- D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/06/20 11:37:30 | 000,354,840 | R--- | M] (Intel Corporation) -- D:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
PRC - [2008/06/18 08:10:02 | 000,065,808 | ---- | M] (Bioscrypt Inc.) -- D:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- D:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/06/09 04:06:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/05/15 16:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- D:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2004/10/15 10:16:22 | 001,105,920 | ---- | M] (SonicWALL, Inc.) -- D:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
PRC - [2004/10/15 10:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) -- D:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/04/06 22:07:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Dzobrist\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/06/18 08:05:38 | 000,080,656 | ---- | M] (Bioscrypt Inc.) -- D:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll
MOD - [2008/06/18 08:05:18 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- D:\WINDOWS\system32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - [2010/12/03 14:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- D:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010/10/17 20:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/12 19:27:18 | 000,082,760 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- D:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/10/26 09:33:40 | 002,326,920 | ---- | M] (Acronis) [Disabled | Stopped] -- D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- D:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Disabled | Stopped] -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/09/09 10:38:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Auto | Running] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/30 17:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- D:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/07/11 14:49:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- D:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/07/08 18:18:32 | 000,019,968 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- D:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/06/20 11:37:30 | 000,354,840 | R--- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel®
SRV - [2008/06/18 08:05:28 | 000,126,736 | ---- | M] (Bioscrypt Inc.) [Disabled | Stopped] -- D:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/06/18 08:05:24 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- D:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- D:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/06/09 04:06:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2008/04/08 08:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- D:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Disabled | Stopped] -- D:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2004/10/15 10:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand | Running] -- D:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/19 15:27:09 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/04/19 15:27:02 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/04/19 15:27:02 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/26 09:33:42 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/10/26 09:33:33 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2009/10/26 09:33:30 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/10/26 09:33:00 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/07/11 14:50:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/07/11 14:50:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- D:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/07/11 14:50:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/07/11 14:50:18 | 000,109,184 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/06/27 16:26:58 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/24 15:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/12 14:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/06/09 04:06:42 | 000,112,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\qcusbnethp.sys -- (qcusbnethp)
DRV - [2008/06/09 04:06:42 | 000,103,680 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\qcusbserhp.sys -- (qcusbserhp)
DRV - [2008/06/09 04:06:42 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\qcfilterhp.sys -- (QCFilterhp)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/05/20 15:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/28 02:14:54 | 003,626,112 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/03/28 06:14:02 | 000,024,064 | R--- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/27 12:42:00 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/02/29 16:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/12/20 01:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2004/10/15 10:46:12 | 000,091,136 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2004/05/14 17:15:22 | 000,147,236 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/08/20 14:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn)
DRV - [2003/07/21 18:01:04 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: D:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/02/15 12:23:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/15 17:45:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/03/08 12:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/04/01 00:44:59 | 000,000,000 | ---D | M]

[2009/09/09 09:09:36 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Dzobrist\Application Data\Mozilla\Extensions
[2011/04/01 01:03:24 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Dzobrist\Application Data\Mozilla\Firefox\Profiles\gwe66ykb.default\extensions
[2010/05/20 09:04:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Dzobrist\Application Data\Mozilla\Firefox\Profiles\gwe66ykb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 21:03:56 | 000,000,000 | ---D | M] (Pixlr Grabber) -- D:\Documents and Settings\Dzobrist\Application Data\Mozilla\Firefox\Profiles\gwe66ykb.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/03/29 22:47:39 | 000,002,569 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Application Data\Mozilla\Firefox\Profiles\gwe66ykb.default\searchplugins\askcom.xml
[2011/02/17 12:04:45 | 000,001,840 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Application Data\Mozilla\Firefox\Profiles\gwe66ykb.default\searchplugins\bing.xml
[2011/04/01 00:45:00 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/04/01 00:45:00 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/12/10 10:44:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/02 01:05:36 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - D:\Program Files\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - D:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [HP Connection Manager.exe] D:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe (Smith Micro Software, Inc)
O4 - HKLM..\Run: [NBAgent] D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: D:\Documents and Settings\Dzobrist\Start Menu\Programs\Startup\Dropbox.lnk = D:\Documents and Settings\Dzobrist\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append the content of the link to existing PDF file - D:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - D:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - D:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - D:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - D:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - D:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - D:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - D:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - D:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll ()
O8 - Extra context menu item: Open with PDF Professional 6 - D:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6A6F4B83-45C5-4CA9-BDD9-0D81C12295E4} https://exch.greenbrieroutfitters.com/Remote/msrdp.cab (Microsoft Terminal Services Client Control (redist))
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256921200812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.11 10.10.10.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GBO.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (D:\WINDOWS\system32\APSHook.dll) - D:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) - D:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (D:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll) - D:\Program Files\Hewlett-Packard\IAM\Bin\OCGina.dll (Bioscrypt Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ackpbsc: DllName - D:\WINDOWS\system32\ackpbsc.dll - D:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - D:\Program Files\ActivIdentity\ActivClient\acunlock.dll - D:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - D:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - D:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/20 09:30:26 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "ASBroker"
MsConfig - Services: "AppMgmt"
MsConfig - Services: "afcdpsrv"
MsConfig - Services: "AcrSch2Svc"
MsConfig - Services: "accoca"
MsConfig - Services: "TlntSvr"
MsConfig - Services: "Themes"
MsConfig - Services: "PDFProFiltSrv"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "FlipShare Service"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "ClipSrv"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "AgereModemAudio"
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: OrderReminder - hkey= - key= - D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
MsConfig - StartUpReg: Skype - hkey= - key= - D:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - D:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - D:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TomcatStartup 2.5 - hkey= - key= - D:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "D:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {52612C14-73DF-1F16-FF71-6A0832BC38CF} - Browser Customizations
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - D:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C458146E-EC97-8793-8ABD-FC908E0F2669} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F0266B12-66C1-7F61-966B-6B3B145B9FBE} - Vector Graphics Rendering (VML)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - D:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - D:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 17:41:17 | 000,000,000 | ---D | C] -- D:\xampp
[2011/04/03 15:36:29 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/04/02 20:19:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\Desktop\temp photos
[2011/04/02 18:05:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Picture Resize
[2011/04/02 18:05:25 | 000,212,240 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\richtx32.ocx
[2011/04/02 18:05:25 | 000,137,000 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msmapi32.ocx
[2011/04/02 18:05:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\Application Data\Bidgood Svcs
[2011/04/01 08:31:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/01 01:24:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/01 00:45:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2011/04/01 00:45:10 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2011/04/01 00:44:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2011/04/01 00:44:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2011/04/01 00:44:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2011/04/01 00:44:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2011/03/31 17:11:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\Desktop\sample photos
[2011/03/24 16:41:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\My Documents\yeptext_flyers
[2011/03/21 10:32:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\Start Menu\Programs\Google Chrome
[2011/03/15 12:49:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/03/15 10:41:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\.netbeans
[2011/03/15 10:41:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\Application Data\.maltego
[2011/03/15 10:40:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Paterva
[2011/03/15 10:40:12 | 000,000,000 | ---D | C] -- D:\Program Files\Paterva
[2011/03/15 09:21:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/15 09:21:01 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2011/03/15 09:20:58 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2011/03/11 13:25:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard
[2011/03/11 13:24:58 | 000,143,360 | R--- | C] (Zenographics) -- D:\WINDOWS\apptune1020.exe
[2011/03/11 13:24:54 | 000,102,400 | R--- | C] (Zenographics, Inc.) -- D:\WINDOWS\System32\ZLhp1020.dll
[2011/03/11 13:24:54 | 000,086,016 | R--- | C] (Zenographics, Inc.) -- D:\WINDOWS\System32\ZSPOOL.DLL
[2011/03/11 13:24:54 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- D:\WINDOWS\System32\zlm.dll
[2011/03/11 13:24:54 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- D:\WINDOWS\System32\IMF32.DLL
[2011/03/11 13:24:54 | 000,024,576 | R--- | C] (Zenographics, Inc.) -- D:\WINDOWS\System32\ZTAG32.DLL
[2011/03/11 13:24:52 | 000,000,000 | -H-D | C] -- D:\Program Files\Zenographics
[2011/03/11 13:21:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\lj1020
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- D:\Documents and Settings\Dzobrist\My Documents\TDSSKiller.exe
[2011/03/10 10:56:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\ljdriver
[2011/03/09 11:02:20 | 000,040,960 | ---- | C] (Hewlett-Packard) -- D:\WINDOWS\System32\d4channel.dll
[2011/03/09 11:02:20 | 000,036,864 | ---- | C] (Hewlett-Packard) -- D:\WINDOWS\System32\hpbmmjno.dll
[2011/03/09 11:01:51 | 000,000,000 | -H-D | C] -- D:\Program Files\Zero G Registry
[2011/03/09 10:59:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\Start Menu\Programs\hp LaserJet 4250 4350 4240
[2011/03/09 10:57:35 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\SWF Studio
[2011/03/09 10:56:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dzobrist\lj4250
[2011/03/09 10:47:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/03/09 10:47:01 | 000,023,808 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/03/09 10:47:00 | 000,206,976 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dot4.sys
[6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 22:04:07 | 000,456,872 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/04/06 22:04:07 | 000,075,612 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/04/06 22:02:35 | 000,000,470 | ---- | M] () -- D:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/04/06 22:01:04 | 000,000,240 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/04/06 22:00:16 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/04/06 22:00:15 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/06 21:57:54 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/04/06 18:43:00 | 000,000,890 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/06 18:36:00 | 000,000,990 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-105084233-1653460812-1584667637-1137UA.job
[2011/04/06 18:16:23 | 000,004,746 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2011/04/06 17:52:07 | 000,000,522 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Desktop\XAMPP Control Panel.lnk
[2011/04/06 17:24:07 | 000,000,590 | ---- | M] () -- D:\WINDOWS\tasks\dzobrist Local Autobackup 5 4.job
[2011/04/06 10:36:00 | 000,000,938 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-105084233-1653460812-1584667637-1137Core.job
[2011/04/05 12:36:08 | 000,025,088 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 21:42:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/04 09:45:58 | 000,001,324 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 18:05:27 | 000,000,533 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Desktop\Picture Resize.lnk
[2011/04/02 01:05:36 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2011/04/01 15:41:16 | 000,024,276 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\Verification Form - GBR Outfitters.pdf
[2011/04/01 15:17:15 | 000,000,120 | ---- | M] () -- D:\WINDOWS\Hjumilarejucowoz.dat
[2011/04/01 08:45:04 | 000,075,196 | -H-- | M] () -- D:\WINDOWS\System32\mlfcache.dat
[2011/04/01 08:44:04 | 000,002,205 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/01 00:58:50 | 000,000,000 | ---- | M] () -- D:\WINDOWS\Rrusoyul.bin
[2011/03/31 14:26:35 | 001,017,445 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\Release_coversheet.pdf
[2011/03/31 14:12:55 | 000,001,538 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\yes-no.png
[2011/03/31 14:04:27 | 000,025,682 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\box3.png
[2011/03/31 14:01:51 | 000,006,170 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\box2.png
[2011/03/31 13:50:24 | 000,010,741 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\namebox.png
[2011/03/28 12:36:58 | 000,002,309 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Desktop\Google Chrome.lnk
[2011/03/28 12:36:58 | 000,002,287 | ---- | M] () -- D:\Documents and Settings\Dzobrist\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/24 23:43:56 | 000,001,852 | -H-- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\Default.rdp
[2011/03/24 16:52:44 | 006,431,466 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\YepText_2-28_049_TT.pdf
[2011/03/24 16:23:39 | 000,130,333 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\demma_propurchase memo.pdf
[2011/03/24 16:12:19 | 000,088,075 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\demma_proform_letter.pdf
[2011/03/24 16:11:54 | 000,088,074 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\_proform_letter.pdf
[2011/03/24 16:11:17 | 000,088,203 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\kurts_proform_letter.pdf
[2011/03/23 10:16:02 | 000,035,929 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\Repair an .ost or .pdf
[2011/03/18 16:06:47 | 001,220,608 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\PVTA_coverletter_final.indd
[2011/03/18 10:59:06 | 000,238,670 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\PVTA_coverletter_final.pdf
[2011/03/18 10:57:27 | 001,191,936 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\PVTA_coverlatter copy.indd
[2011/03/18 09:26:36 | 000,001,243 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\rf.mtgx
[2011/03/16 09:14:24 | 000,408,843 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\pvlogo3.psd
[2011/03/15 19:22:51 | 000,114,677 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\pvlogo3.jpg
[2011/03/15 19:09:40 | 000,658,551 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\pvlogo2.psd
[2011/03/15 19:03:04 | 000,040,142 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\pvelement3.png
[2011/03/15 18:59:30 | 000,007,381 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\pvelement2.png
[2011/03/15 18:57:29 | 000,428,813 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\pvlogo1.psd
[2011/03/15 18:49:25 | 000,007,499 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\shell1.png
[2011/03/15 16:29:34 | 033,339,589 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\M3GuideGUI.pdf
[2011/03/15 10:40:23 | 000,000,999 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\MaltegoCE v3.0.lnk
[2011/03/15 10:11:05 | 000,015,861 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\siglineeditor.png
[2011/03/15 09:21:31 | 000,001,542 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/15 09:16:35 | 000,017,141 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\associate_editor_MCT.pdf
[2011/03/15 09:15:38 | 000,001,854 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/03/10 17:16:16 | 000,552,999 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\Calendar Details Style.pdf
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- D:\Documents and Settings\Dzobrist\My Documents\TDSSKiller.exe
[2011/03/10 11:49:47 | 000,011,709 | ---- | M] () -- D:\WINDOWS\mariner.his
[2011/03/10 11:49:47 | 000,004,229 | ---- | M] () -- D:\WINDOWS\mariner.ini
[2011/03/10 11:49:37 | 000,050,794 | ---- | M] () -- D:\WINDOWS\hplj42504350.his
[2011/03/10 11:49:37 | 000,006,916 | ---- | M] () -- D:\WINDOWS\hplj42504350.ini
[2011/03/09 11:51:47 | 000,016,721 | ---- | M] () -- D:\WINDOWS\mariner.hi1
[2011/03/09 11:51:47 | 000,005,478 | ---- | M] () -- D:\WINDOWS\mariner.bu1
[2011/03/09 11:51:06 | 000,695,518 | ---- | M] () -- D:\WINDOWS\hplj42504350.hi1
[2011/03/09 11:51:06 | 000,020,715 | ---- | M] () -- D:\WINDOWS\hplj42504350.bu1
[2011/03/09 11:29:19 | 000,044,054 | ---- | M] () -- D:\WINDOWS\mariner.hi2
[2011/03/09 11:29:19 | 000,004,158 | ---- | M] () -- D:\WINDOWS\mariner.bu2
[2011/03/09 11:29:08 | 000,050,147 | ---- | M] () -- D:\WINDOWS\hplj42504350.hi2
[2011/03/09 11:29:08 | 000,006,937 | ---- | M] () -- D:\WINDOWS\hplj42504350.bu2
[2011/03/08 13:47:50 | 000,013,333 | ---- | M] () -- D:\Documents and Settings\Dzobrist\My Documents\tulsa_reciept.png
[6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/06 17:52:07 | 000,000,522 | ---- | C] () -- D:\Documents and Settings\Dzobrist\Desktop\XAMPP Control Panel.lnk
[2011/04/02 18:05:27 | 000,000,533 | ---- | C] () -- D:\Documents and Settings\Dzobrist\Desktop\Picture Resize.lnk
[2011/04/01 15:41:16 | 000,024,276 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\Verification Form - GBR Outfitters.pdf
[2011/04/01 00:58:50 | 000,000,120 | ---- | C] () -- D:\WINDOWS\Hjumilarejucowoz.dat
[2011/04/01 00:58:50 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Rrusoyul.bin
[2011/03/31 14:26:21 | 001,017,445 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\Release_coversheet.pdf
[2011/03/31 14:12:44 | 000,001,538 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\yes-no.png
[2011/03/31 14:04:11 | 000,025,682 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\box3.png
[2011/03/31 14:01:39 | 000,006,170 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\box2.png
[2011/03/31 13:50:03 | 000,010,741 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\namebox.png
[2011/03/24 16:51:13 | 006,431,466 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\YepText_2-28_049_TT.pdf
[2011/03/24 16:23:39 | 000,130,333 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\demma_propurchase memo.pdf
[2011/03/24 16:12:19 | 000,088,075 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\demma_proform_letter.pdf
[2011/03/24 16:11:54 | 000,088,074 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\_proform_letter.pdf
[2011/03/24 16:11:17 | 000,088,203 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\kurts_proform_letter.pdf
[2011/03/23 10:16:02 | 000,035,929 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\Repair an .ost or .pdf
[2011/03/21 10:32:51 | 000,002,309 | ---- | C] () -- D:\Documents and Settings\Dzobrist\Desktop\Google Chrome.lnk
[2011/03/21 10:32:51 | 000,002,287 | ---- | C] () -- D:\Documents and Settings\Dzobrist\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/21 10:31:35 | 000,000,990 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-105084233-1653460812-1584667637-1137UA.job
[2011/03/21 10:31:35 | 000,000,938 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-105084233-1653460812-1584667637-1137Core.job
[2011/03/18 10:59:01 | 000,238,670 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\PVTA_coverletter_final.pdf
[2011/03/18 10:58:21 | 001,220,608 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\PVTA_coverletter_final.indd
[2011/03/18 10:57:27 | 001,191,936 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\PVTA_coverlatter copy.indd
[2011/03/18 09:26:35 | 000,001,243 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\rf.mtgx
[2011/03/15 19:12:14 | 000,114,677 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\pvlogo3.jpg
[2011/03/15 19:11:56 | 000,408,843 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\pvlogo3.psd
[2011/03/15 19:09:39 | 000,658,551 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\pvlogo2.psd
[2011/03/15 19:02:46 | 000,040,142 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\pvelement3.png
[2011/03/15 18:59:14 | 000,007,381 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\pvelement2.png
[2011/03/15 18:57:27 | 000,428,813 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\pvlogo1.psd
[2011/03/15 18:48:50 | 000,007,499 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\shell1.png
[2011/03/15 16:27:52 | 033,339,589 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\M3GuideGUI.pdf
[2011/03/15 10:40:23 | 000,000,999 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\MaltegoCE v3.0.lnk
[2011/03/15 10:10:15 | 000,015,861 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\siglineeditor.png
[2011/03/15 09:21:31 | 000,001,542 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/15 09:16:35 | 000,017,141 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\associate_editor_MCT.pdf
[2011/03/11 13:24:54 | 000,206,768 | R--- | C] () -- D:\WINDOWS\System32\hp1022.img
[2011/03/11 13:24:54 | 000,128,820 | R--- | C] () -- D:\WINDOWS\System32\hp1020.img
[2011/03/11 13:24:53 | 000,574,100 | R--- | C] () -- D:\WINDOWS\System32\hp1022n.img
[2011/03/11 13:24:53 | 000,442,368 | R--- | C] () -- D:\WINDOWS\System32\zshp1020.exe
[2011/03/11 13:24:53 | 000,106,496 | R--- | C] () -- D:\WINDOWS\System32\vshp1020.dll
[2011/03/10 17:16:16 | 000,552,999 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\Calendar Details Style.pdf
[2011/03/09 11:47:22 | 000,050,147 | ---- | C] () -- D:\WINDOWS\hplj42504350.hi2
[2011/03/09 11:47:22 | 000,006,937 | ---- | C] () -- D:\WINDOWS\hplj42504350.bu2
[2011/03/09 11:47:14 | 000,044,054 | ---- | C] () -- D:\WINDOWS\mariner.hi2
[2011/03/09 11:47:14 | 000,004,158 | ---- | C] () -- D:\WINDOWS\mariner.bu2
[2011/03/09 11:28:47 | 000,695,518 | ---- | C] () -- D:\WINDOWS\hplj42504350.hi1
[2011/03/09 11:28:47 | 000,020,715 | ---- | C] () -- D:\WINDOWS\hplj42504350.bu1
[2011/03/09 11:28:43 | 000,016,721 | ---- | C] () -- D:\WINDOWS\mariner.hi1
[2011/03/09 11:28:43 | 000,005,478 | ---- | C] () -- D:\WINDOWS\mariner.bu1
[2011/03/09 11:02:20 | 000,131,072 | ---- | C] () -- D:\WINDOWS\System32\PMLJNI.dll
[2011/03/09 11:02:20 | 000,074,752 | ---- | C] () -- D:\WINDOWS\System32\jst.dll
[2011/03/09 10:58:23 | 000,050,794 | ---- | C] () -- D:\WINDOWS\hplj42504350.his
[2011/03/09 10:58:23 | 000,006,916 | ---- | C] () -- D:\WINDOWS\hplj42504350.ini
[2011/03/09 10:58:18 | 000,011,709 | ---- | C] () -- D:\WINDOWS\mariner.his
[2011/03/09 10:58:18 | 000,004,229 | ---- | C] () -- D:\WINDOWS\mariner.ini
[2011/03/08 13:47:26 | 000,013,333 | ---- | C] () -- D:\Documents and Settings\Dzobrist\My Documents\tulsa_reciept.png
[2010/12/11 18:29:44 | 000,000,410 | ---- | C] () -- D:\WINDOWS\BRWMARK.INI
[2010/12/11 18:29:44 | 000,000,034 | ---- | C] () -- D:\WINDOWS\System32\BD2040.DAT
[2010/10/21 15:30:47 | 000,000,069 | ---- | C] () -- D:\WINDOWS\iltwain.ini
[2010/08/23 09:37:44 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2010/08/23 09:37:44 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2010/08/23 09:37:44 | 000,089,088 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2010/08/23 09:37:44 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2010/08/23 09:37:44 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2010/08/19 09:17:23 | 000,001,324 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/07/22 17:43:50 | 001,794,936 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/20 13:56:39 | 000,000,119 | ---- | C] () -- D:\WINDOWS\Podcasts.INI
[2010/04/12 10:10:16 | 000,000,469 | ---- | C] () -- D:\WINDOWS\System32\gmsblist.dll
[2010/02/15 13:09:31 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2010/02/15 12:50:48 | 000,075,196 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2010/02/04 16:46:50 | 000,000,254 | ---- | C] () -- D:\Documents and Settings\Dzobrist\Application Data\default.rss
[2010/02/04 16:26:42 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2009/10/30 15:39:22 | 000,000,161 | ---- | C] () -- D:\WINDOWS\DISPARAM.INI
[2009/09/09 16:12:08 | 000,025,088 | ---- | C] () -- D:\Documents and Settings\Dzobrist\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/09 09:09:05 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2009/09/08 23:16:25 | 000,028,510 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini
[2009/09/08 23:14:55 | 000,204,800 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeW7.dll
[2009/09/08 23:14:55 | 000,200,704 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeA6.dll
[2009/09/08 23:14:55 | 000,192,512 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeP6.dll
[2009/09/08 23:14:55 | 000,192,512 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeM6.dll
[2009/09/08 23:14:55 | 000,188,416 | ---- | C] () -- D:\WINDOWS\System32\IVIresizePX.dll
[2009/09/08 23:14:55 | 000,020,480 | ---- | C] () -- D:\WINDOWS\System32\IVIresize.dll
[2009/09/08 23:11:12 | 000,000,000 | ---- | C] () -- D:\WINDOWS\ativpsrm.bin
[2009/09/08 22:56:32 | 000,887,724 | R--- | C] () -- D:\WINDOWS\System32\ativva6x.dat
[2009/09/08 22:56:31 | 003,107,788 | R--- | C] () -- D:\WINDOWS\System32\ativvaxx.dat
[2009/09/08 22:56:31 | 003,107,788 | R--- | C] () -- D:\WINDOWS\System32\ativva5x.dat
[2009/09/08 22:56:31 | 000,172,033 | R--- | C] () -- D:\WINDOWS\System32\atiicdxx.dat
[2009/09/08 22:15:58 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2009/09/08 22:10:37 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2009/09/08 17:55:59 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2009/09/08 17:55:05 | 001,635,808 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/11 14:50:18 | 000,109,184 | ---- | C] () -- D:\WINDOWS\System32\drivers\SafeBoot.sys
[2008/06/04 07:02:28 | 000,090,112 | ---- | C] () -- D:\WINDOWS\System32\Atibrtmon.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- D:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2007/08/21 13:51:16 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ATIODE.exe
[2007/08/21 11:36:12 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\ATIODCLI.exe
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,456,872 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,075,612 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2005/04/03 18:30:00 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\scardsyn.dll
[2003/02/25 06:49:56 | 000,094,274 | ---- | C] () -- D:\WINDOWS\System32\HPBHEALR.DLL
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[1998/05/06 23:10:00 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\ODMA32.dll
[1617/11/11 08:37:06 | 000,003,120 | ---- | C] () -- D:\WINDOWS\TMN211G.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2006/02/28 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:8E55808C
@Alternate Data Stream - 229 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:527B6DAD

< End of report >

OTL Extras logfile created on: 4/6/2011 10:08:15 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Dzobrist\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 1.00 Gb Total Space | 0.21 Gb Free Space | 21.34% Space Free | Partition Type: FAT32
Drive D: | 231.87 Gb Total Space | 91.48 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
Drive P: | 232.75 Gb Total Space | 36.89 Gb Free Space | 15.85% Space Free | Partition Type: NTFS
Drive T: | 232.75 Gb Total Space | 36.89 Gb Free Space | 15.85% Space Free | Partition Type: NTFS

Computer Name: GBO-9957B789BAC | User Name: dzobrist | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
"5191:TCP" = 5191:TCP:*:Enabled:The Browser Highlighter XCOM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Documents and Settings\Dzobrist\Application Data\Facebook\facebook.exe" = D:\Documents and Settings\Dzobrist\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook -- ()
"D:\Program Files\tbh\base\bin\tbhDaemon.exe" = D:\Program Files\tbh\base\bin\tbhDaemon.exe:*:Enabled:The Browser Highlighter - Daemon -- ()
"D:\Program Files\tbh\monitor\bin\tbhMonitor.exe" = D:\Program Files\tbh\monitor\bin\tbhMonitor.exe:*:Enabled:The Browser Highlighter - Monitor -- ()
"D:\Program Files\SmartFTP Client\SmartFTP.exe" = D:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client -- (SmartSoft Ltd.)
"D:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = D:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\SmartFTP Client\SmartFTP.exe" = D:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"D:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = D:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"D:\Documents and Settings\Dzobrist\Application Data\Dropbox\bin\Dropbox.exe" = D:\Documents and Settings\Dzobrist\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"D:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe" = D:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{017A2CD2-5D78-63D7-5171-8403E6125B7A}" = Catalyst Control Center Localization Dutch
"{0421FEFC-2091-903D-99AB-9AF3FBAEDDFC}" = CCC Help Finnish
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09482611-8E5A-D316-59DF-1211B2308EC2}" = Catalyst Control Center Localization Russian
"{0BF6C303-2123-6240-2ECA-CAEC1522FF9D}" = CCC Help Turkish
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{14A1EA15-5C54-F2B1-4198-47733D19D46B}" = Catalyst Control Center Graphics Full Existing
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{15FA2BD4-E062-DA33-30CC-48EC6A1E4D95}" = Catalyst Control Center Localization Finnish
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1956987A-D0FE-01AB-611A-067BC4A3234D}" = CCC Help Portuguese
"{1B99FFC8-B898-406D-9A67-14F8A833A200}" = Drive Encryption for HP ProtectTools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{221F6B84-E377-4B1D-B20C-C46F6883B5ED}" = HP 3D DriveGuard
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{253CD4D0-594C-7BCF-5A13-B844CA1BFD37}" = CCC Help Japanese
"{255E8EA7-B38E-F1A8-E303-3B0D820590C6}" = Prezi Desktop
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{27A49D47-ED7A-485E-9EF7-E606273EE816}" = Qualcomm Gobi Driver Package for HP
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30233F27-979E-DD9E-129A-DB4ACABDC406}" = CCC Help Thai
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31343601-8930-7040-0633-6D4D272B3318}" = ccc-core-preinstall
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DB0396-E23C-F32A-0113-E353422A0DC1}" = Catalyst Control Center Core Implementation
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3F26967B-E703-6411-6A36-5CBCD014D4EF}" = Catalyst Control Center Localization Italian
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{429D5F75-1AB5-68F2-B0A9-B961EFB55644}" = CCC Help Polish
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{472D4854-D741-0410-0B55-2B81CB81A26A}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F93C88-F700-C297-2258-D7AB1AE2480E}" = CCC Help Italian
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51DFDC79-2546-3602-D3C7-EC29855FAE9F}" = CCC Help Norwegian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5242D29E-3655-25A8-1FD7-2DD10234639E}" = CCC Help Greek
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59B13FD3-AD00-4E2C-AE30-0556451EC0DE}" = ScanSnap Organizer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Media Driver Ver.1.02.00.09
"{5C32A8E9-8614-576A-967E-8DB5201C50A1}" = Catalyst Control Center Graphics Full New
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{60110DD1-B2EA-0E83-CAEB-EC3ABF2F6F9D}" = CCC Help Dutch
"{60F76797-278A-2260-FEB5-FC93FB2F9A6D}" = Catalyst Control Center Localization Korean
"{61F5A810-0D0A-FED5-B935-48BFDFFAA228}" = Catalyst Control Center Localization Danish
"{6393CEC4-0E70-4E2E-1AD9-E999E821C745}" = CCC Help Spanish
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6862C881-2E48-EB59-73DD-0375B822A4F4}" = Catalyst Control Center Localization Greek
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71EC91AF-279E-440A-BB0C-AD2C6598F601}" = CardMinder V3.1
"{71F9AC30-2643-A517-873F-B52B712145C6}" = CCC Help Danish
"{72544AF9-76CC-7E7C-7F14-A996AF133C79}" = Catalyst Control Center Localization Czech
"{73315D83-F211-6468-17AD-FB20D779B188}" = CCC Help Hungarian
"{7380A2BA-74F5-53EA-C02B-EFDA20FDB83A}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{760B91FA-C3AF-C768-8055-585F214041A4}" = Catalyst Control Center Localization Chinese Traditional
"{76FCAB85-EEA9-A8B9-F0DB-B66D63A1F9D0}" = Catalyst Control Center Localization Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77754C72-743C-47E6-9F72-85265BEFF493}" = Qualcomm Gobi Images for HP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{805194C0-642F-F377-E46E-0E2EDF663688}" = Catalyst Control Center Localization Japanese
"{82C6AF1B-C3B2-68AB-7270-D035051E6ECF}" = CCC Help Korean
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{830D1F3B-F57E-13D6-6E97-5D6BA045AA01}" = Catalyst Control Center Localization Chinese Standard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84BF2E9C-16D9-11D8-BE69-00B0D0852669}" = ESP Online
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87BB348D-8A24-8C6E-098D-8A0F87A85799}" = Catalyst Control Center Localization Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8ADED2-890A-DD14-869A-69B0D48D4FC0}" = CCC Help Russian
"{8B3E6604-B33C-4717-A4EB-217707E7DEEE}" = SmartFTP Client
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90AC08E7-FC26-463D-868F-A199143B32F6}" = Altova StyleVision® 2010 Enterprise Edition
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97D5D5E8-2272-2D2D-6724-854D09D2F024}" = Catalyst Control Center Localization Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F5BCAA5-E78B-4C01-B6D3-F3EA9B3E3DC1}" = HP JavaCard for HP ProtectTools
"{9F8CE783-F4EA-FA64-BF5A-47CC83EFC0BB}" = CCC Help Czech
"{9FE06DD0-C1DB-4E0E-A8B9-D3224261A4F3}" = HP ProtectTools Security Manager
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6B21BBA-2669-02D9-4715-8350F741B9D6}" = Catalyst Control Center Localization Spanish
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.1.71
"{A89A8608-4F0A-6D42-78F5-C06BEA470EB8}" = ccc-core-static
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AD724943-5448-46FC-9814-54FEB1EC7871}" = AudialsOne
"{ADE3CCD1-CE98-B051-0C8E-A20D09E664C8}" = Catalyst Control Center Localization French
"{AFD2ECCE-6E90-261C-7FEC-ABD90EEAEB15}" = CCC Help Swedish
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B85314C0-E9D4-910D-FF99-62F3876BC8F5}" = CCC Help English
"{B900C377-0043-654A-4F95-0E009273F97B}" = Catalyst Control Center Localization Norwegian
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA80850B-1145-CB11-1B3D-9CF64AF36222}" = CCC Help Chinese Standard
"{BC60CBFD-F6A3-6449-7A11-01B1D5F31B0A}" = Catalyst Control Center Localization Thai
"{BC717C2E-23E3-DF00-71EF-678F54D78747}" = Catalyst Control Center Localization Swedish
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C349C10C-1474-4000-9073-9299856C8A70}" = Catalyst Control Center - Branding
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FireGL driver for 3D Studio MAX/VIZ
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C8D215E1-A83B-4469-9270-6730D1CAC824}" = Nero BackItUp and Burn 1.4
"{CA79F873-BBFC-DD13-E10C-605FC01BBD4F}" = CCC Help French
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CDC78BA1-5FEF-E9BC-610C-A9E52CD8EAE4}" = ccc-utility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D086EFDA-CEEA-0F5B-6E73-458477DF06F3}" = Skins
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.1
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DC50BA34-6F73-2C04-921F-317044F2FC7E}" = Catalyst Control Center Localization German
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}" = HP Connection Manager
"{E063B3E2-6641-4375-9F09-ADA9E589EB90}" = hp LaserJet 4250/4350/4240
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E41A9B94-AC5F-5BC0-2DBE-CE702C538550}" = Catalyst Control Center Graphics Light
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAF89827-208D-4439-51AF-1F377F3FA5D9}" = CCC Help Chinese Traditional
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE1AE5E9-6ECE-4ADF-A28A-56A981E138D4}" = Credential Manager for HP ProtectTools
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"{F7F0DECF-E464-43BF-8DA5-3028564A4588}" = Nuance PDF Professional 6
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}" = AuthenTec Fingerprint System
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Backgammon Snowie_is1" = Backgammon Snowie 4.7.1
"CCleaner" = CCleaner
"com.prezi.PreziDesktop" = Prezi Desktop
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"EditPad Pro 6" = Just Great Software EditPad Pro 6 DEMO 6.6.3
"GrandPrix Race Manager v10_is1" = GrandPrix Race Manager v10
"GSAK_is1" = GSAK 7.7.0.109 (Final)
"hp LaserJet 4250 4350 4240" = hp LaserJet 4250/4350/4240
"HP-LaserJet 1020 series" = LaserJet 1020 series
"Loki Browser Plugin" = Loki Browser Plugin
"MaltegoCE 3.0" = Maltego Community Edition 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"Picture Resize_is1" = Free Picture Resize Starter 4.5
"PROSet" = Intel® Network Connections Drivers
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Hat_is1" = The Hat 2.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
"Word Password Recovery Master_is1" = Word Password Recovery Master 3.5
"xampp" = XAMPP 1.7.4
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Xilisoft Video Converter Platinum 6" = Xilisoft Video Converter Platinum 6
"Xilisoft YouTube Video Converter" = Xilisoft YouTube Video Converter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2011 11:24:06 AM | Computer Name = GBO-9957B789BAC | Source = BackItUp5 | ID = 3374
Description = Backup process failed.

Error - 4/6/2011 1:24:06 PM | Computer Name = GBO-9957B789BAC | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.

Error - 4/6/2011 1:24:06 PM | Computer Name = GBO-9957B789BAC | Source = BackItUp5 | ID = 3374
Description = Backup process failed.

Error - 4/6/2011 3:24:10 PM | Computer Name = GBO-9957B789BAC | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.

Error - 4/6/2011 3:24:10 PM | Computer Name = GBO-9957B789BAC | Source = BackItUp5 | ID = 3374
Description = Backup process failed.

Error - 4/6/2011 5:24:06 PM | Computer Name = GBO-9957B789BAC | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.

Error - 4/6/2011 5:24:06 PM | Computer Name = GBO-9957B789BAC | Source = BackItUp5 | ID = 3374
Description = Backup process failed.

Error - 4/6/2011 9:59:54 PM | Computer Name = GBO-9957B789BAC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2011 9:59:55 PM | Computer Name = GBO-9957B789BAC | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/6/2011 10:00:08 PM | Computer Name = GBO-9957B789BAC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ Credential Manager Events ]
Error - 12/11/2010 8:42:35 PM | Computer Name = GBO-9957B789BAC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: dzobrist@GBO Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 12/11/2010 8:42:35 PM | Computer Name = GBO-9957B789BAC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
dzobrist@GBO Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 12/11/2010 8:42:37 PM | Computer Name = GBO-9957B789BAC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
dzobrist@GBO Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 12/11/2010 8:42:37 PM | Computer Name = GBO-9957B789BAC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: dzobrist@GBO Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 1/19/2011 10:02:50 AM | Computer Name = GBO-9957B789BAC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: dzobrist@GBO Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 1/19/2011 10:02:50 AM | Computer Name = GBO-9957B789BAC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
dzobrist@GBO Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 1/21/2011 11:31:15 AM | Computer Name = GBO-9957B789BAC | Source = AuthWiz | ID = 100796070
Description = The submitted user identity was rejected. User: dzobrist@GBO Error:
(0xC5160102) The system could not perform the requested operation. Verify that
Credential Manager for HP ProtectTools is properly installed on your computer. If
the problem persists, please contact your system administrator.

Error - 1/28/2011 7:03:58 PM | Computer Name = GBO-9957B789BAC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: dzobrist@GBO Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 1/28/2011 7:03:58 PM | Computer Name = GBO-9957B789BAC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
dzobrist@GBO Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 2/15/2011 12:35:41 PM | Computer Name = GBO-9957B789BAC | Source = AuthWiz | ID = 100796070
Description = The submitted user identity was rejected. User: dzobrist@GBO Error:
(0xC5160102) The system could not perform the requested operation. Verify that
Credential Manager for HP ProtectTools is properly installed on your computer. If
the problem persists, please contact your system administrator.

[ OSession Events ]
Error - 9/9/2009 12:17:05 PM | Computer Name = GBO-9957B789BAC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1842
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 10/18/2009 7:24:25 PM | Computer Name = GBO-9957B789BAC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1505
seconds with 360 seconds of active time. This session ended with a crash.

Error - 10/27/2010 3:35:59 PM | Computer Name = GBO-9957B789BAC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2824
seconds with 1620 seconds of active time. This session ended with a crash.

Error - 11/18/2010 9:53:52 AM | Computer Name = GBO-9957B789BAC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 238503
seconds with 360 seconds of active time. This session ended with a crash.

Error - 1/14/2011 5:11:09 PM | Computer Name = GBO-9957B789BAC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 74110
seconds with 3180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/3/2011 11:54:52 PM | Computer Name = GBO-9957B789BAC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/4/2011 9:46:05 AM | Computer Name = GBO-9957B789BAC | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 4/6/2011 9:59:26 PM | Computer Name = GBO-9957B789BAC | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain GBO due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/6/2011 9:59:29 PM | Computer Name = GBO-9957B789BAC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2011 9:59:29 PM | Computer Name = GBO-9957B789BAC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2011 9:59:33 PM | Computer Name = GBO-9957B789BAC | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 4/6/2011 10:01:52 PM | Computer Name = GBO-9957B789BAC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2011 10:02:35 PM | Computer Name = GBO-9957B789BAC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2011 10:04:35 PM | Computer Name = GBO-9957B789BAC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/6/2011 10:04:58 PM | Computer Name = GBO-9957B789BAC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:47 PM

Posted 07 April 2011 - 04:30 AM

Hi,

the logs are looking good. Safeboot should be a legit file, there's no need to remove it. How is the PC slow?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 dzobrist

dzobrist
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:10:47 AM

Posted 07 April 2011 - 10:49 AM

the overall start up boot is very slow, it could be the HP identity management software. If there is nothing that I can do and my logs look clean, we can close the topic. If there are any suggestions, I am happy to try and implement.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:47 PM

Posted 07 April 2011 - 10:57 AM

Hi,

I would like to run an additional scan with Eset:
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 dzobrist

dzobrist
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:10:47 AM

Posted 07 April 2011 - 03:22 PM

Here is the log from the ESET scan.

Thanks,

Duane


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=ceeebef952af1c4fa042e71281129d99
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-07 05:23:33
# local_time=2011-04-07 01:23:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=185004
# found=12
# cleaned=0
# scan_time=4938
D:\Documents and Settings\Dzobrist\Desktop\files\Programs\SDFix.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
D:\Documents and Settings\Dzobrist\My Documents\Downloads\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
D:\Documents and Settings\Dzobrist\My Documents\Downloads\SDFix(2).exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
D:\Documents and Settings\Dzobrist\My Documents\Downloads\SDFix.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
D:\Documents and Settings\Dzobrist\My Documents\Downloads\Trivia_Board_Pro_4_setup.exe a variant of Win32/Packed.MoleboxVS.B application (unable to clean) 00000000000000000000000000000000 I
D:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\68990180-17239c7e Java/TrojanDownloader.OpenStream.NBL trojan (unable to clean) 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\Documents and Settings\Dzobrist\Application Data\Sun\qqtjltpy85.dll.vir Win32/AutoRun.Spy.Ambler.CR worm (unable to clean) 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\ixayoxaj.dll.vir a variant of Win32/Kryptik.MHG trojan (unable to clean) 00000000000000000000000000000000 I
D:\SDFix\apps\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D3D573A7-D01F-4BE7-8E1B-043C0E16B8A2}\RP153\A0657413.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D3D573A7-D01F-4BE7-8E1B-043C0E16B8A2}\RP153\A0685669.dll Win32/AutoRun.Spy.Ambler.CR worm (unable to clean) 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D3D573A7-D01F-4BE7-8E1B-043C0E16B8A2}\RP153\A0685671.dll a variant of Win32/Kryptik.MHG trojan (unable to clean) 00000000000000000000000000000000 I

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:47 PM

Posted 07 April 2011 - 03:30 PM

Hi,

the files identified by Eset are not part of active infections. I believe your logs are clean. Could you try booting into safe mode and let me know if the PC is still as slow there?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:05:47 PM

Posted 01 May 2011 - 08:20 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·