Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit infection?


  • This topic is locked This topic is locked
3 replies to this topic

#1 sokol

sokol

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 10 October 2011 - 12:58 PM

The original post was here http://www.bleepingcomputer.com/forums/topic422793.html/page__pid__2436013#entry2436013

I tried to folow Prep Guide, but I was not able to runn DDS on my computer and was told to run OTL which I did successfully. Here's the log:

OTL logfile created on: 10/10/2011 1:40:47 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 81.57% Memory free
6.68 Gb Paging File | 6.33 Gb Available in Paging File | 94.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688.57 Gb Total Space | 466.79 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.51 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
Drive F: | 152.66 Gb Total Space | 147.87 Gb Free Space | 96.86% Space Free | Partition Type: NTFS
Drive I: | 930.86 Gb Total Space | 655.75 Gb Free Space | 70.45% Space Free | Partition Type: NTFS
Drive Z: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MAMA | User Name: Mama | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 13:37:52 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 22:24:02 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (QBCFMonitorService)
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2011/01/18 18:03:47 | 000,116,536 | ---- | M] (Cisco WebEx LLC) [Auto | Stopped] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Users\Mama\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/09/29 16:41:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Stopped] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/12/03 11:24:52 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2009/04/11 00:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2008/10/17 06:24:48 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/10/17 06:24:48 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/09/08 17:26:22 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/25 23:41:02 | 000,042,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/15 07:16:22 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/15 07:16:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/09 09:09:02 | 000,032,280 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/10/09 09:09:00 | 000,032,152 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/20 11:30:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/23 15:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/22 13:38:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 16:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 16:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/27 17:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 12:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/27 17:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/18 12:51:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/22 13:38:30 | 000,000,000 | ---D | M]

[2010/08/27 06:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\Mozilla\Extensions
[2010/08/27 06:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/08/23 22:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/10/05 20:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\b2whdftq.default\extensions
[2009/10/05 20:07:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\b2whdftq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/27 13:30:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\b2whdftq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/18 07:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/21 09:53:27 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/23 15:59:30 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/07/02 14:29:06 | 000,410,689 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14217 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll File not found
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O3 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe File not found
O4 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\Mama\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://ritzpix.lifepics.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{332A431B-DC85-49DB-AC75-7A7CE5F6ED3B}: DhcpNameServer = 207.69.188.185 207.69.188.186
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1868329044-366293990-1701874703-1003 Winlogon: Shell - (C:\Users\Mama\AppData\Local\3ca7e7ec\X) -C:\Users\Mama\AppData\Local\3ca7e7ec\X ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - Z:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{4d602a76-d779-11de-93cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4d602a76-d779-11de-93cc-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\WD SmartWare.exe -- [2009/08/17 13:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{5e1aded3-c989-11e0-8dcb-000761c9423a}\Shell - "" = AutoRun
O33 - MountPoints2\{5e1aded3-c989-11e0-8dcb-000761c9423a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{acb01c4b-bd4a-11df-aeb8-000761c9423a}\Shell - "" = AutoRun
O33 - MountPoints2\{acb01c4b-bd4a-11df-aeb8-000761c9423a}\Shell\AutoRun\command - "" = L:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/10/10 13:39:57 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2011/10/10 10:46:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/09 23:29:12 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.svs
[2011/10/09 23:23:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/09 23:20:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/09 23:20:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/09 23:20:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/09 23:20:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/09 23:20:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 21:27:33 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/10/09 17:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Mama\AppData\Local\3ca7e7ec
[2011/10/03 16:31:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Adobe
[2011/09/16 17:24:33 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011/10/10 13:37:52 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2011/10/10 13:33:51 | 000,000,680 | ---- | M] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2011/10/10 11:53:09 | 000,000,000 | ---- | M] () -- C:\Users\Mama\defogger_reenable
[2011/10/10 11:27:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 07:27:08 | 002,228,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/10 07:20:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 07:20:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 23:20:40 | 000,637,630 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/09 23:20:40 | 000,120,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/09 23:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26FB40CD-3C4D-423A-AA7D-5AAFA048B379}.job
[2011/10/09 23:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 19:42:28 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BBE3BA4B-D815-41D9-94FB-97AF2AF44EE6}.job
[2011/10/09 17:12:06 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/09 09:42:32 | 000,005,604 | ---- | M] () -- C:\Windows\mozy.blk
[2011/10/09 09:42:32 | 000,004,856 | ---- | M] () -- C:\Windows\mozy.flt
[2011/10/07 15:38:59 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/10/06 11:00:20 | 000,002,321 | ---- | M] () -- C:\Users\Mama\Desktop\FileZilla 2.2.32.lnk
[2011/10/03 16:52:41 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.5.lnk
[2011/09/23 18:54:56 | 000,035,840 | ---- | M] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/23 15:31:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/20 13:30:52 | 000,000,541 | ---- | M] () -- C:\Users\Mama\.fotki-uploader300-settings.xml
[2011/09/20 13:26:25 | 000,000,208 | ---- | M] () -- C:\Users\Mama\.lastFolder
[2011/09/19 18:00:24 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p08].bmp
[2011/09/19 18:00:24 | 000,456,390 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p09].bmp
[2011/09/19 18:00:22 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p07].bmp
[2011/09/19 18:00:20 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p06].bmp
[2011/09/19 18:00:18 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p05].bmp
[2011/09/19 18:00:16 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p04].bmp
[2011/09/19 18:00:14 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p03].bmp
[2011/09/19 18:00:12 | 002,440,206 | ---- | M] () -- C:\Users\Mama\AppData\Local\[j0027]-[p02].bmp
[2011/09/17 12:26:20 | 000,007,070 | ---- | M] () -- C:\Users\Mama\Documents\Pass.kdbx
[2011/09/15 20:13:46 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/15 07:29:30 | 404,618,022 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/10/10 11:53:09 | 000,000,000 | ---- | C] () -- C:\Users\Mama\defogger_reenable
[2011/10/09 23:20:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/09 23:20:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/09 23:20:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/09 23:20:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/09 23:20:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/09 17:12:06 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/03 16:52:41 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.5.lnk
[2011/10/03 16:52:41 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.5.lnk
[2011/09/19 18:00:24 | 000,456,390 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p09].bmp
[2011/09/19 18:00:22 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p08].bmp
[2011/09/19 18:00:20 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p07].bmp
[2011/09/19 18:00:18 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p06].bmp
[2011/09/19 18:00:16 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p05].bmp
[2011/09/19 18:00:14 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p04].bmp
[2011/09/19 18:00:12 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p03].bmp
[2011/09/19 18:00:10 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0027]-[p02].bmp
[2011/09/15 07:29:30 | 404,618,022 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/02 21:01:38 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0002]-[p02].bmp
[2011/07/02 20:27:45 | 000,219,934 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/07/02 20:27:45 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2011/06/18 21:48:41 | 000,220,708 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2011/05/17 22:16:27 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/04/07 13:25:07 | 000,000,036 | ---- | C] () -- C:\Users\Mama\AppData\Local\housecall.guid.cache
[2011/01/29 11:57:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/14 11:11:28 | 000,065,536 | ---- | C] () -- C:\Users\Mama\AppData\Local\ie_runner_app.exe
[2010/12/07 22:19:16 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0055]-[p06].bmp
[2010/12/07 22:19:15 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0055]-[p05].bmp
[2010/12/07 22:19:14 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0055]-[p04].bmp
[2010/12/07 22:19:13 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0055]-[p03].bmp
[2010/11/09 22:31:39 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/10/18 15:24:46 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0034]-[p04].bmp
[2010/10/18 15:24:42 | 002,440,206 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0034]-[p03].bmp
[2010/09/13 19:34:07 | 000,000,175 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2010/07/01 08:46:25 | 000,000,680 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2010/04/03 00:00:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/31 14:45:17 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/12/01 21:05:59 | 002,447,334 | ---- | C] () -- C:\Users\Mama\AppData\Local\[j0040]-[p08].bmp
[2009/09/13 14:02:10 | 000,000,495 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/12 20:27:30 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/16 20:47:48 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2009/05/26 16:51:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/26 16:51:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/25 21:09:05 | 000,117,811 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/05/02 14:48:17 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/04/24 21:53:53 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/24 21:53:53 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/21 22:04:02 | 000,035,840 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 15:53:21 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/04/13 15:53:21 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/04/13 15:53:21 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/04/13 15:53:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/04/13 15:53:21 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/04/13 15:53:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/04/13 15:50:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/13 07:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/06 17:51:40 | 000,001,751 | ---- | C] () -- C:\Windows\PAW170.ini
[2008/09/08 17:26:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\Spyder3.sys
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,228,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,637,630 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,732 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

BC AdBot (Login to Remove)

 


#2 sokol

sokol
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 10 October 2011 - 01:01 PM

Here's the content of Extras.txt

OTL Extras logfile created on: 10/10/2011 1:40:47 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 81.57% Memory free
6.68 Gb Paging File | 6.33 Gb Available in Paging File | 94.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688.57 Gb Total Space | 466.79 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.51 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
Drive F: | 152.66 Gb Total Space | 147.87 Gb Free Space | 96.86% Space Free | Partition Type: NTFS
Drive I: | 930.86 Gb Total Space | 655.75 Gb Free Space | 70.45% Space Free | Partition Type: NTFS
Drive Z: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MAMA | User Name: Mama | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AAE6D0A-DF47-415C-8DB9-23A6F1D602B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{339A44C6-04FA-4696-BE41-5179DDA5C650}" = lport=139 | protocol=6 | dir=in | app=system |
"{39251A73-3300-4E69-B491-6E877E4ED05F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{403739C7-5DF4-4E9D-9B8B-5D492126960C}" = lport=445 | protocol=6 | dir=in | app=system |
"{60166E3D-CD64-45CB-A3BB-601117AB7F81}" = rport=138 | protocol=17 | dir=out | app=system |
"{748E1CE0-4B46-4C87-A93B-98AE580F64F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E711329-EC0D-499D-B34E-4DDF1045BA8D}" = rport=137 | protocol=17 | dir=out | app=system |
"{8FC754F0-CA01-4A68-852A-55FA1B7949C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{A87CED74-5543-4233-9CC5-6A7075E28184}" = lport=137 | protocol=17 | dir=in | app=system |
"{B153320A-8678-4588-B180-E6063144798D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D1C8C4EF-A0D6-4BB1-94FA-10CB739A4F46}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DDD5C6CA-802F-43A0-B880-AE3A718C6F0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EEAF6C9F-2AB9-4C18-B074-1BD11F79CF60}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{F937DA58-6A83-4B8D-9D47-FE286189368D}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF7CE5BA-4B3B-4EC4-B6DD-5E72F1577547}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FD523C-AD3B-4049-BC4D-C25AEBB8A4E2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{059683E9-6774-465B-B20F-95779A2FBC22}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{086DE24D-046A-4B46-A8E6-5026BA4B60F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B2CEB6C-A80B-4014-9998-45802D276BDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{19517C71-BBFD-46D7-9959-575884C24F6F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1F9B7D42-6BF4-4EE2-874D-D828642DE501}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{268851B1-C45A-425D-BBD8-93F5C5A4DD21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{270BDCE5-7BED-4851-995D-859482D4C43C}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{32589928-A70A-4547-AB55-219CE778396A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{335F424B-B2FE-4296-B785-FA478B14D3E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{3B8B2557-68FF-425A-86AB-6BBD316599AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{415A05F6-DC3F-4E09-A84C-D075532FE7BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{4A4C8548-70C9-4481-8B12-5BD39136FFF7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{56DA1A9A-9AD9-4FE1-BC99-82EFFB1E28A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C9D783B-0A7B-4DEE-9232-1B53865F5AE3}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5DA21DDE-4D34-4BBD-B719-3EAC3F07B8DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{705F62A9-5082-43C0-AED8-4C10E76D53B7}" = dir=in | app=e:\setup\hpznui01.exe |
"{724567E5-D0FB-4C11-BEA0-AC2E57145CB1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7306A71B-CA37-4295-BD10-28DB1919B767}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{772E6148-3B01-4B5D-83BD-BAB0003B0F97}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{79973986-0ABB-4FA3-B549-C70E8EEC01DE}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8C31AA0F-48DA-4008-A4B4-0510648BD06A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{98382E80-92F3-429A-9D8C-3068710BCBC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{9A515136-35F2-4F45-8557-CDB44AB1E872}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A4962D59-DB24-41D1-A20A-8F3B76C763FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{B09A00FE-C7C2-48DD-BEE3-7ACFD852AAF5}" = protocol=17 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"{B6FEAC1B-6144-497A-B48B-A35E3815BB16}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{BF805325-A8C6-43D1-B48C-FCE6114DDD5D}" = protocol=6 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"{C01D17EE-6E52-400D-9465-E5DBE357F97A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{C201E8F9-B6AF-438A-97AC-A43AD04F71C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{C3D19602-B87F-4584-B6F6-DCFBFF99DD2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{CAB823DB-5706-4C0E-8FD3-FDF2C5C71751}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CB06CA93-E293-47A6-93AA-0CD17EBC27D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{CD2C44E9-2273-40D7-A1F4-5EA54CADA134}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E3E9DBC0-D9AE-4537-84CE-23618A80BB03}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{EC7B61AA-74CB-43C0-A472-29F45930B848}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EECD6355-C0E7-46EC-926A-84EFEE84FDA2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F709B0CC-A872-4DFA-B973-0CE3BA283B7E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F7FDB19D-8543-4917-A735-E0DDFA84FB98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{F8379FEF-7634-46FB-970E-123F988F0DC5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FE3A0A24-9A17-46DD-9353-02D8BE3DA8F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"TCP Query User{0048576B-CAEB-4787-BE93-0E087D45499D}C:\program files\divx\divx update\divxupdate.exe" = protocol=6 | dir=in | app=c:\program files\divx\divx update\divxupdate.exe |
"TCP Query User{10332C8B-0299-43F9-A467-3A904CBBD259}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{14DE7501-6801-44CA-BE10-6E984D3DADD4}C:\windows\system32\msfeedssync.exe" = protocol=6 | dir=in | app=c:\windows\system32\msfeedssync.exe |
"TCP Query User{19F86A66-14C6-43AC-80F0-03FB40A3BED9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{213D5D66-BE98-4AD7-B375-98BA392E43EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{348F3AE3-EA44-43CF-A6B9-10DA39A53462}F:\emule\emule.exe" = protocol=6 | dir=in | app=f:\emule\emule.exe |
"TCP Query User{3817ABB8-3A02-414E-AB07-7F870B634CEC}C:\windows\system32\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"TCP Query User{3CC72650-8024-443D-B797-8A7A57918A6C}C:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe" = protocol=6 | dir=in | app=c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe |
"TCP Query User{45BAA100-F1BF-4143-A900-79F1890DF0E3}C:\program files\divx\divx update\divxupdate.exe" = protocol=6 | dir=in | app=c:\program files\divx\divx update\divxupdate.exe |
"TCP Query User{4DC651FC-74E8-4A5D-8998-21AE10DB83C6}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"TCP Query User{557819AE-714E-48ED-834F-C30B0B6EF67F}C:\users\mama\appdata\local\temp\7zs8556.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\local\temp\7zs8556.tmp\setup.exe |
"TCP Query User{764413BC-FE31-402C-92E3-4706F898A0CE}C:\users\mama\appdata\local\temp\7zs4c0d.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\local\temp\7zs4c0d.tmp\setup.exe |
"TCP Query User{77EB6BD5-45CB-45E3-ACCC-6609A46C77AB}C:\program files\freexer\cygwin\usr\x11r6\bin\xwin.exe" = protocol=6 | dir=in | app=c:\program files\freexer\cygwin\usr\x11r6\bin\xwin.exe |
"TCP Query User{79D71589-E664-4924-A504-E81BA3E42049}C:\users\mama\appdata\local\temp\7zsb348.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\local\temp\7zsb348.tmp\setup.exe |
"TCP Query User{88A16869-C5D4-4AAF-B4BF-B2776F62FF3B}C:\users\mama\appdata\local\temp\7zs22bc.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\local\temp\7zs22bc.tmp\setup.exe |
"TCP Query User{9FF255E6-D832-44FE-96A7-05048F617D8A}C:\program files\common files\installshield\updateservice\agent.exe" = protocol=6 | dir=in | app=c:\program files\common files\installshield\updateservice\agent.exe |
"TCP Query User{B89C4FFC-606F-49B6-A4B6-CA2C86BAAFD7}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{C11C9874-20AC-41B1-9B8F-AB073224684B}C:\users\mama\appdata\local\temp\housecall\housecall.bin" = protocol=6 | dir=in | app=c:\users\mama\appdata\local\temp\housecall\housecall.bin |
"TCP Query User{C14137D4-70A9-4268-A6EE-A70CBF157266}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{FC5B6FDC-A8A9-41A9-8793-9917653912B8}C:\users\mama\appdata\local\temp\7zscf5f.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\local\temp\7zscf5f.tmp\setup.exe |
"UDP Query User{004E74A9-4732-45B9-A664-F2FB718E6DC0}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"UDP Query User{0870D68E-7430-4F86-AC2D-0D1A00730F01}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{29A615A9-4CE7-4B8F-B2EE-C4172064511B}C:\program files\divx\divx update\divxupdate.exe" = protocol=17 | dir=in | app=c:\program files\divx\divx update\divxupdate.exe |
"UDP Query User{2D011151-53FD-4ED6-9D8E-B3C0A4B3CCB1}C:\program files\common files\installshield\updateservice\agent.exe" = protocol=17 | dir=in | app=c:\program files\common files\installshield\updateservice\agent.exe |
"UDP Query User{45A4A90E-47E1-4400-9271-B989C05A9A93}C:\users\mama\appdata\local\temp\housecall\housecall.bin" = protocol=17 | dir=in | app=c:\users\mama\appdata\local\temp\housecall\housecall.bin |
"UDP Query User{497A468B-7E75-44B9-9252-E08E9719BB0A}C:\windows\system32\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"UDP Query User{4ED726ED-5AE3-441E-B890-0BB787A95B36}C:\users\mama\appdata\local\temp\7zsb348.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\local\temp\7zsb348.tmp\setup.exe |
"UDP Query User{50CC7A92-30A4-4671-B516-0BB8333A956D}C:\users\mama\appdata\local\temp\7zs4c0d.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\local\temp\7zs4c0d.tmp\setup.exe |
"UDP Query User{6153611A-0535-4210-B925-39D4158BA3A4}C:\program files\divx\divx update\divxupdate.exe" = protocol=17 | dir=in | app=c:\program files\divx\divx update\divxupdate.exe |
"UDP Query User{6B57A760-3B66-42C9-A27E-C9C4067CDFEF}F:\emule\emule.exe" = protocol=17 | dir=in | app=f:\emule\emule.exe |
"UDP Query User{742D06FE-0CA1-45BA-99EA-AD96EE8D158B}C:\users\mama\appdata\local\temp\7zs22bc.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\local\temp\7zs22bc.tmp\setup.exe |
"UDP Query User{789342FE-81C6-4C6C-8AE2-1CFD4E7A781C}C:\windows\system32\msfeedssync.exe" = protocol=17 | dir=in | app=c:\windows\system32\msfeedssync.exe |
"UDP Query User{7F46D020-8DEE-4529-93A7-7B4E27A52B0A}C:\users\mama\appdata\local\temp\7zs8556.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\local\temp\7zs8556.tmp\setup.exe |
"UDP Query User{83635066-66D7-4D3B-82DE-87DE4CB465AE}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{94F3DFC2-BD63-47A6-9DC0-725AD909C42D}C:\program files\freexer\cygwin\usr\x11r6\bin\xwin.exe" = protocol=17 | dir=in | app=c:\program files\freexer\cygwin\usr\x11r6\bin\xwin.exe |
"UDP Query User{B61BC6AE-E128-4741-9853-C3EE1EF77E83}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DE1B6DC3-5770-45BC-8112-4EE99BCDBA0C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E11750E6-0475-4F22-A07A-0AD83F14C9BF}C:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe" = protocol=17 | dir=in | app=c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe |
"UDP Query User{EF3F6A6F-FC4E-4035-8F23-83DB3942F0F5}C:\users\mama\appdata\local\temp\7zscf5f.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\local\temp\7zscf5f.tmp\setup.exe |
"UDP Query User{F34AF88C-8C50-448E-BBDE-15AD3BD110E7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054C3038-FFAC-446D-9682-E25891DC2E05}" = QuickBooks Product Listing Service
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{0764694E-4C2E-1A05-B6A2-3C0B4F061AB5}" = CCC Help Hungarian
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Workgroup (32-bit)
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C2D2976-6F6B-EB9A-57CB-0F479510E29D}" = Catalyst Control Center Localization Portuguese
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1833C9AB-38B3-2B52-6A66-46B366327FE8}" = Catalyst Control Center Localization French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27BB12C3-1292-4204-8997-427CF78B5A92}" = Free Image Converter
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292E1FC7-C42A-5ED5-0904-94C1A0A1538A}" = Catalyst Control Center InstallProxy
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AF983E8-983E-AEAD-BB41-D7CAED800C03}" = CCC Help Chinese Traditional
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2D250E57-9890-44a6-B08F-5C02C991EF24}" = HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{319397B7-88C3-FF5E-788E-6EC3D9C7F10F}" = Catalyst Control Center Localization Chinese Standard
"{33303B83-3081-5C68-EBD9-9140DD374B5A}" = Catalyst Control Center Core Implementation
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{364F416C-CA2E-20FA-193C-267192F339A7}" = CCC Help Japanese
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4250568D-A456-7DF3-4832-21CC15E7D0B1}" = CCC Help Korean
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F668F8E-56FC-6DFF-4F2F-603542D7413B}" = Catalyst Control Center Graphics Full Existing
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5070E761-C5ED-A868-CE4E-B3C7B4674E06}" = Catalyst Control Center Localization Hungarian
"{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Accounting 2010
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"{59B8EE7B-A449-A1F5-45A2-6F58C305925E}" = Catalyst Control Center Graphics Light
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AED8F22-D3F2-C924-4F2A-1D6C80162C78}" = CCC Help Italian
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63A7AA0B-6EDC-40F0-B14E-5289599EE2A3}" = Catalyst Control Center - Branding
"{63B00B99-BFDE-4384-B9F1-398C02E6D0FC}" = Mozilla Thunderbird 2.0.0.x
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68C4E31C-E2C6-4D00-8235-EE3063E3568C}" = Eudora
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69A01F5F-EF07-C3C6-3B94-E895E931FCF1}" = Catalyst Control Center Graphics Full New
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7CF115FC-BA7C-E81A-631A-B9545D446AF0}" = Catalyst Control Center Graphics Previews Common
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80250615-2FF1-0AAE-9C71-375BA6E5CF7E}" = ccc-core-static
"{80F0EB59-D25F-2A39-92E9-B1D593255E64}" = Skins
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B5A3788-7DE7-668B-437A-2EDF278F8324}" = CCC Help English
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2007
"{90120000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2007
"{90120000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.ru-ru_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.ru-ru_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2007
"{90120000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2007
"{90120000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2007
"{90120000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2007
"{90120000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE79FD8-90DD-AA27-06FA-0DF8A0FFCE88}" = CCC Help French
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B947CCE-D5B2-1AE4-D3EE-B073D5D5D4D7}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E40475C-B6C4-73A4-0A6E-63172AC69F6A}" = ccc-utility
"{A2233F8C-B7AC-0E77-0DF3-57678388A816}" = Catalyst Control Center Localization Japanese
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E24CA6-5254-7E2D-F1FC-B01881AD4556}" = Catalyst Control Center Localization Italian
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD7CDE8F-3376-4D66-A16D-DF608D0C7290}" = FileZilla 2.2.32
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C4A40111-4DD6-C90E-27E7-CA8F3E647DF0}" = CCC Help Chinese Standard
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C61798EC-C148-DCAF-0BBB-983E3F2A358A}" = CCC Help German
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0B7DE9F-D63D-57DD-1872-3F0207A437AC}" = CCC Help Turkish
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDEE3690-E766-135E-39F9-1069E44364FF}" = Catalyst Control Center Localization Turkish
"{DE6D0FDB-3B65-48B9-6F71-A61D5A7B576F}" = CCC Help Portuguese
"{E071691D-20E6-4C2B-9A04-FE41C0FDC367}" = Adobe Photoshop Lightroom 3.5
"{E14D7E83-C764-F6D9-FA7E-DA50596C8B02}" = Catalyst Control Center Localization Spanish
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EB020347-354D-A1AF-F265-84B5427C96BA}" = MozyHome
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F39A1538-F97D-702B-AD48-F8FD2A01D0B2}" = Catalyst Control Center Localization Korean
"{F569D2CB-5BB9-B8A1-9B1D-AA813D974372}" = CCC Help Spanish
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB997B37-623B-E151-6AC5-5EEA34FE4178}" = Catalyst Control Center Localization Chinese Traditional
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCDDA9CC-10DC-F720-53DE-D23A96EA8792}" = Catalyst Control Center Localization German
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"AC3Filter" = AC3Filter (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Video Chat" = Dell Video Chat
"DivX Setup.divx.com" = DivX Setup
"eMule" = eMule
"freeXer" = freeXer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Index.dat Analyzer_is1" = Index.dat Analyzer v2.5
"InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Pro Accounting 2010
"InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Money2007b" = Microsoft Money 2007
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.ru-ru" = Microsoft Office Language Pack 2007 - Russian/русский
"OUTLOOKR" = Microsoft Office Outlook 2007
"Peachtree Pro Accounting" = Peachtree Pro Accounting 2010
"Pervasive PSQL v10.10 Workgroup (32-bit)" = Pervasive PSQL v10.10 Workgroup (32-bit)
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Spyder3Express" = Spyder3Express
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"XnView_is1" = XnView 1.97
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1868329044-366293990-1701874703-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2011 7:05:21 PM | Computer Name = Mama | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6550.5003 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14cc Start Time: 01cbf4acc69d134c Termination Time: 0

Error - 4/7/2011 12:11:35 AM | Computer Name = Mama | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 4/7/2011 8:07:20 AM | Computer Name = Mama | Source = WinMgmt | ID = 10
Description =

Error - 4/7/2011 8:08:32 AM | Computer Name = Mama | Source = Perflib | ID = 1008
Description =

Error - 4/7/2011 8:08:33 AM | Computer Name = Mama | Source = Perflib | ID = 1010
Description =

Error - 4/7/2011 8:08:35 AM | Computer Name = Mama | Source = Perflib | ID = 1008
Description =

Error - 4/7/2011 8:08:35 AM | Computer Name = Mama | Source = Perflib | ID = 1008
Description =

Error - 4/7/2011 8:08:50 AM | Computer Name = Mama | Source = Perflib | ID = 1008
Description =

Error - 4/7/2011 8:09:07 AM | Computer Name = Mama | Source = Perflib | ID = 1008
Description =

Error - 4/7/2011 9:13:44 AM | Computer Name = Mama | Source = EventSystem | ID = 4621
Description =

[ OSession Events ]
Error - 4/6/2011 5:30:42 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/19/2011 8:25:54 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/4/2011 12:42:23 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/4/2011 12:42:24 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/4/2011 12:50:26 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/7/2011 10:32:56 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/8/2011 7:10:53 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 92545
seconds with 8280 seconds of active time. This session ended with a crash.

Error - 7/21/2011 3:40:00 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/27/2011 3:13:53 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/2/2011 10:06:43 PM | Computer Name = Mama | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 564
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7026
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2011 11:28:51 AM | Computer Name = Mama | Source = Service Control Manager | ID = 7001
Description =


< End of report >

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:54 PM

Posted 15 October 2011 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#4 sokol

sokol
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 16 October 2011 - 05:30 PM

Thanks for your suggestions, but I went radical - I bought a new internal disc and am reinstalling the system.
You can close this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users