Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC infected with find-fast-answers redirect & random pop-ups


  • This topic is locked This topic is locked
21 replies to this topic

#1 fairhaven73

fairhaven73

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 13 December 2011 - 12:17 PM

I got infected with find-fast-answers redirect couple days ago.
Since then I've tried to remove it using Malwarebytes, SuperAntiSpyware & Search & Destroy.
Those didn't help. Then I ran the ESET online scanner. It found 16 items and was able to remove 15 of those.

But I still get those redirects. Plus I'm also getting some random pop-ups like chinaontv.com etc.
I'm not sure what's causing these pop-ups.

Here are the DDS Logs

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_26
Run by avee at 20:46:14 on 2011-12-12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2492 [GMT -8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [852714285] rundll32.exe "c:\users\avee\appdata\local\temp\nsm1802.tmp\twb9lbl.4wq",DllRegisterServer
uRun: [JavaServiceBackup] rundll32.exe "c:\programdata\JavaServiceBackup.dll",DllRegisterServer
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avp] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
StartupFolder: c:\users\avee\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rippro~1.lnk - c:\dtgripprov04\Launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{B5334A07-E3F8-4CDD-AFD3-42F706A5B784} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - c:\windows\system32\QBPOSProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\avee\appdata\roaming\mozilla\firefox\profiles\apjbponv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\avee\appdata\roaming\mozilla\firefox\profiles\apjbponv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\avee\appdata\roaming\mozilla\firefox\profiles\apjbponv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\avee\appdata\roaming\mozilla\firefox\profiles\apjbponv.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\anbar5.dll
FF - component: c:\users\avee\appdata\roaming\mozilla\firefox\profiles\apjbponv.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\bnbar6.dll
FF - component: c:\users\avee\appdata\roaming\mozilla\firefox\profiles\apjbponv.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\bnbar7.dll
FF - component: c:\users\avee\appdata\roaming\mozilla\firefox\profiles\apjbponv.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\bnbar8.dll
FF - component: c:\users\avee\appdata\roaming\mozilla\firefox\profiles\apjbponv.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: XUL Cache: {8797bab4-d681-4a92-bc76-38b7f4e2ad6e} - %profile%\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 intelusb3;Intel USB3 Device Service;c:\windows\system32\svchost.exe -k intelusbs3 [2008-1-20 21504]
S2 Intuit Entitlement Service v5.3;Intuit Entitlement Service v5.3;c:\program files\common files\intuit\entitlement client\v5.3\server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2008-7-29 20480]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-5-8 66560]
S2 QBPOSDBServiceV8;QBPOS Database Manager v8;c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\QBPOSDBService.exe [2008-9-4 2833736]
S2 RSDBServerService;RoboSoft Database Server;c:\program files\robosoft4\RSDBServer.exe [2011-6-9 1794048]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-11 41272]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2011-12-13 03:51:21 -------- d-s---w- C:\sweet
2011-12-13 01:29:14 98816 ----a-w- c:\windows\sed.exe
2011-12-13 01:29:14 518144 ----a-w- c:\windows\SWREG.exe
2011-12-13 01:29:14 256000 ----a-w- c:\windows\PEV.exe
2011-12-13 01:29:14 208896 ----a-w- c:\windows\MBR.exe
2011-12-12 03:16:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-06 04:43:31 -------- d-----w- c:\users\avee\appdata\local\Evernote
2011-12-06 04:43:04 -------- d-----w- c:\program files\Evernote
2011-11-29 22:49:17 -------- d-----w- c:\users\avee\appdata\roaming\ZennoPoster3
2011-11-29 02:14:06 -------- d-----w- c:\program files\Article Rewriter Wizard
2011-11-28 02:52:36 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-28 02:51:53 14336 ----a-w- c:\program files\msbuild\phalanger\2.0\PHP.VisualStudio.PhalangerTasks.dll
2011-11-28 02:50:32 -------- d-----w- c:\program files\Phalanger 2.0
2011-11-28 02:50:06 -------- d-----w- c:\program files\ZennoLab
2011-11-26 06:25:26 -------- d-----w- c:\program files\3632D
2011-11-26 06:23:53 -------- d-----w- c:\program files\LP
2011-11-26 06:21:37 -------- d-----w- c:\users\avee\appdata\roaming\3632D
2011-11-26 06:21:01 -------- d-----w- c:\users\avee\appdata\roaming\32D36
2011-11-26 06:20:44 -------- d-----w- c:\users\avee\appdata\roaming\qcSS22ibD3pn4aH
2011-11-26 06:20:44 -------- d-----w- c:\users\avee\appdata\roaming\cYYYCeekIVrzNtA
2011-11-26 06:20:36 -------- d-----w- c:\users\avee\appdata\roaming\G4aammH5sWJ7dLg
2011-11-26 06:20:35 -------- d-----w- c:\users\avee\appdata\roaming\U444aamH6sW
2011-11-26 06:20:35 -------- d-----w- c:\users\avee\appdata\roaming\NYYCCwkkIVr
2011-11-23 01:10:17 -------- d-----w- c:\program files\Market Samurai
2011-11-22 07:32:55 -------- d-----w- c:\program files\common files\Digidesign
2011-11-22 07:32:54 -------- d-----w- c:\program files\Antares Audio Technologies
2011-11-22 07:30:24 225280 ----a-w- c:\windows\system32\rewire.dll
2011-11-22 07:30:24 -------- d-----w- c:\program files\VstPlugins
2011-11-22 07:30:13 1294336 ----a-w- c:\windows\system32\vorbis.acm
2011-11-22 07:30:02 -------- d-----w- c:\program files\Outsim
2011-11-22 07:27:52 -------- d-----w- c:\program files\Image-Line
2011-11-15 07:34:35 -------- d-----w- c:\program files\WinHTTrack
2011-11-13 07:10:14 -------- d-----w- c:\users\avee\appdata\roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
.
==================== Find3M ====================
.
2011-11-16 19:39:26 60304 ----a-w- c:\users\avee\g2mdlhlpx.exe
.
============= FINISH: 20:47:35.00 ===============

Here are the Ark.txt Logs

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-13 04:03:28
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.8909
Running: krytdneq.exe; Driver: C:\Users\avee\AppData\Local\Temp\kxldrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB35305$\2850824197 0 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\bckfg.tmp 998 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\cfg.ini 198 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\keywords 251 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\L 0 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\L\qnbwvoto 273920 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\U 0 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB35305$\2850824197\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB35305$\3157850576 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 PM

Posted 15 December 2011 - 03:03 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

It looks like we maybe dealing with an infection known as ZeroAccess.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:




Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 fairhaven73

fairhaven73
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 15 December 2011 - 10:50 AM

Here are the TDS logs:


07:34:55.0396 1100 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
07:34:55.0411 1100 ============================================================
07:34:55.0411 1100 Current date / time: 2011/12/15 07:34:55.0411
07:34:55.0411 1100 SystemInfo:
07:34:55.0411 1100
07:34:55.0411 1100 OS Version: 6.0.6001 ServicePack: 1.0
07:34:55.0411 1100 Product type: Workstation
07:34:55.0411 1100 ComputerName: AVEE-PC
07:34:55.0411 1100 UserName: avee
07:34:55.0411 1100 Windows directory: C:\Windows
07:34:55.0411 1100 System windows directory: C:\Windows
07:34:55.0411 1100 Processor architecture: Intel x86
07:34:55.0411 1100 Number of processors: 2
07:34:55.0411 1100 Page size: 0x1000
07:34:55.0411 1100 Boot type: Safe boot with network
07:34:55.0411 1100 ============================================================
07:34:56.0456 1100 Initialize success
07:35:03.0648 2020 ============================================================
07:35:03.0648 2020 Scan started
07:35:03.0648 2020 Mode: Manual;
07:35:03.0648 2020 ============================================================
07:35:04.0709 2020 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
07:35:04.0724 2020 ACPI - ok
07:35:04.0818 2020 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
07:35:04.0818 2020 adp94xx - ok
07:35:04.0880 2020 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
07:35:04.0880 2020 adpahci - ok
07:35:04.0990 2020 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
07:35:04.0990 2020 adpu160m - ok
07:35:05.0068 2020 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
07:35:05.0083 2020 adpu320 - ok
07:35:05.0146 2020 AFD - ok
07:35:05.0177 2020 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
07:35:05.0177 2020 agp440 - ok
07:35:05.0177 2020 Scan interrupted by user!
07:35:05.0177 2020 Scan interrupted by user!
07:35:05.0177 2020 Scan interrupted by user!
07:35:05.0177 2020 ============================================================
07:35:05.0177 2020 Scan finished
07:35:05.0177 2020 ============================================================
07:35:05.0192 1992 Detected object count: 0
07:35:05.0192 1992 Actual detected object count: 0
07:35:42.0991 0404 ============================================================
07:35:42.0991 0404 Scan started
07:35:42.0991 0404 Mode: Manual; SigCheck; TDLFS;
07:35:42.0991 0404 ============================================================
07:35:43.0537 0404 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
07:35:43.0709 0404 ACPI - ok
07:35:43.0771 0404 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
07:35:43.0787 0404 adp94xx - ok
07:35:43.0896 0404 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
07:35:43.0912 0404 adpahci - ok
07:35:43.0958 0404 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
07:35:43.0974 0404 adpu160m - ok
07:35:44.0021 0404 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
07:35:44.0036 0404 adpu320 - ok
07:35:44.0052 0404 AFD - ok
07:35:44.0083 0404 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
07:35:44.0099 0404 agp440 - ok
07:35:44.0192 0404 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:35:44.0208 0404 aic78xx - ok
07:35:44.0255 0404 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\Windows\system32\DRIVERS\aksfridge.sys
07:35:44.0348 0404 aksfridge - ok
07:35:44.0442 0404 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\Windows\system32\DRIVERS\akshasp.sys
07:35:44.0458 0404 akshasp - ok
07:35:44.0567 0404 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\Windows\system32\DRIVERS\akshhl.sys
07:35:44.0598 0404 akshhl - ok
07:35:44.0660 0404 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\Windows\system32\DRIVERS\aksusb.sys
07:35:44.0707 0404 aksusb - ok
07:35:44.0754 0404 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:35:44.0754 0404 aliide - ok
07:35:44.0863 0404 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
07:35:44.0863 0404 amdagp - ok
07:35:44.0941 0404 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
07:35:44.0941 0404 amdide - ok
07:35:44.0988 0404 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
07:35:45.0128 0404 AmdK7 - ok
07:35:45.0222 0404 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
07:35:45.0253 0404 AmdK8 - ok
07:35:45.0331 0404 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
07:35:45.0347 0404 arc - ok
07:35:45.0394 0404 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
07:35:45.0409 0404 arcsas - ok
07:35:45.0550 0404 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:35:45.0596 0404 AsyncMac - ok
07:35:45.0643 0404 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
07:35:45.0643 0404 atapi - ok
07:35:45.0752 0404 BCM43XV (eb62b7d979bc0ce1825a81f0c5eb2d43) C:\Windows\system32\DRIVERS\bcmwl6.sys
07:35:46.0236 0404 BCM43XV - ok
07:35:46.0298 0404 BCM43XX (eb62b7d979bc0ce1825a81f0c5eb2d43) C:\Windows\system32\DRIVERS\bcmwl6.sys
07:35:46.0361 0404 BCM43XX - ok
07:35:46.0454 0404 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:35:46.0501 0404 Beep - ok
07:35:46.0579 0404 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
07:35:46.0626 0404 blbdrive - ok
07:35:46.0704 0404 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
07:35:46.0751 0404 bowser - ok
07:35:46.0844 0404 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:35:46.0938 0404 BrFiltLo - ok
07:35:46.0985 0404 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:35:47.0016 0404 BrFiltUp - ok
07:35:47.0156 0404 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:35:47.0312 0404 Brserid - ok
07:35:47.0359 0404 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:35:47.0422 0404 BrSerWdm - ok
07:35:47.0515 0404 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:35:47.0578 0404 BrUsbMdm - ok
07:35:47.0624 0404 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:35:47.0687 0404 BrUsbSer - ok
07:35:47.0749 0404 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:35:47.0796 0404 BTHMODEM - ok
07:35:47.0858 0404 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:35:47.0905 0404 cdfs - ok
07:35:47.0983 0404 cdrom - ok
07:35:48.0046 0404 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
07:35:48.0077 0404 circlass - ok
07:35:48.0170 0404 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
07:35:48.0342 0404 CLFS - ok
07:35:48.0467 0404 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:35:48.0498 0404 CmBatt - ok
07:35:48.0545 0404 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
07:35:48.0560 0404 cmdide - ok
07:35:48.0607 0404 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:35:48.0607 0404 Compbatt - ok
07:35:48.0638 0404 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
07:35:48.0654 0404 crcdisk - ok
07:35:48.0701 0404 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
07:35:48.0732 0404 Crusoe - ok
07:35:48.0857 0404 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
07:35:48.0904 0404 DfsC - ok
07:35:48.0966 0404 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
07:35:48.0982 0404 disk - ok
07:35:49.0091 0404 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:35:49.0122 0404 drmkaud - ok
07:35:49.0231 0404 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
07:35:49.0309 0404 DXGKrnl - ok
07:35:49.0356 0404 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:35:49.0387 0404 E1G60 - ok
07:35:49.0434 0404 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
07:35:49.0450 0404 Ecache - ok
07:35:49.0528 0404 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
07:35:49.0543 0404 elxstor - ok
07:35:49.0606 0404 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
07:35:49.0652 0404 ErrDev - ok
07:35:49.0762 0404 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
07:35:49.0793 0404 exfat - ok
07:35:49.0886 0404 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
07:35:49.0933 0404 fastfat - ok
07:35:50.0011 0404 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
07:35:50.0042 0404 fdc - ok
07:35:50.0105 0404 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:35:50.0105 0404 FileInfo - ok
07:35:50.0183 0404 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:35:50.0214 0404 Filetrace - ok
07:35:50.0276 0404 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
07:35:50.0308 0404 flpydisk - ok
07:35:50.0354 0404 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
07:35:50.0370 0404 FltMgr - ok
07:35:50.0417 0404 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
07:35:50.0464 0404 Fs_Rec - ok
07:35:50.0542 0404 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
07:35:50.0557 0404 gagp30kx - ok
07:35:50.0620 0404 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:35:50.0620 0404 GEARAspiWDM - ok
07:35:50.0744 0404 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\Windows\system32\drivers\hardlock.sys
07:35:50.0807 0404 Hardlock - ok
07:35:50.0932 0404 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
07:35:50.0947 0404 Haspnt ( UnsignedFile.Multi.Generic ) - warning
07:35:50.0947 0404 Haspnt - detected UnsignedFile.Multi.Generic (1)
07:35:51.0025 0404 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
07:35:51.0072 0404 HdAudAddService - ok
07:35:51.0103 0404 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:35:51.0134 0404 HDAudBus - ok
07:35:51.0181 0404 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:35:51.0244 0404 HidBth - ok
07:35:51.0337 0404 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
07:35:51.0384 0404 HidIr - ok
07:35:51.0462 0404 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
07:35:51.0540 0404 HidUsb - ok
07:35:51.0587 0404 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
07:35:51.0587 0404 HpCISSs - ok
07:35:51.0649 0404 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
07:35:51.0696 0404 HpqKbFiltr - ok
07:35:51.0774 0404 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
07:35:51.0805 0404 HpqRemHid - ok
07:35:51.0852 0404 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:35:51.0899 0404 HSFHWAZL - ok
07:35:51.0977 0404 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
07:35:52.0039 0404 HSF_DPV - ok
07:35:52.0180 0404 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
07:35:52.0226 0404 HTTP - ok
07:35:52.0289 0404 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
07:35:52.0304 0404 i2omp - ok
07:35:52.0367 0404 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:35:52.0398 0404 i8042prt - ok
07:35:52.0523 0404 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
07:35:52.0523 0404 iaStor - ok
07:35:52.0570 0404 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
07:35:52.0585 0404 iaStorV - ok
07:35:52.0772 0404 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:35:53.0053 0404 igfx - ok
07:35:53.0147 0404 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:35:53.0162 0404 iirsp - ok
07:35:53.0272 0404 IntcAzAudAddService (2967e9c168cb5e0108a8a243ae179bad) C:\Windows\system32\drivers\RTKVHDA.sys
07:35:53.0443 0404 IntcAzAudAddService - ok
07:35:53.0568 0404 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:35:53.0568 0404 intelide - ok
07:35:53.0615 0404 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:35:53.0646 0404 intelppm - ok
07:35:53.0708 0404 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:35:53.0740 0404 IpFilterDriver - ok
07:35:53.0786 0404 IpInIp - ok
07:35:53.0833 0404 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
07:35:53.0864 0404 IPMIDRV - ok
07:35:53.0958 0404 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:35:53.0989 0404 IPNAT - ok
07:35:54.0067 0404 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:35:54.0114 0404 IRENUM - ok
07:35:54.0176 0404 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
07:35:54.0192 0404 isapnp - ok
07:35:54.0239 0404 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
07:35:54.0254 0404 iScsiPrt - ok
07:35:54.0348 0404 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:35:54.0348 0404 iteatapi - ok
07:35:54.0395 0404 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:35:54.0395 0404 iteraid - ok
07:35:54.0442 0404 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:35:54.0457 0404 kbdclass - ok
07:35:54.0504 0404 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
07:35:54.0551 0404 kbdhid - ok
07:35:54.0660 0404 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
07:35:54.0676 0404 kl1 - ok
07:35:54.0722 0404 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys
07:35:54.0722 0404 klbg - ok
07:35:54.0785 0404 KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys
07:35:54.0800 0404 KLIF - ok
07:35:54.0878 0404 KLIM6 (00d1a61b38982ef12f0cbbfe98648f83) C:\Windows\system32\DRIVERS\klim6.sys
07:35:54.0878 0404 KLIM6 - ok
07:35:55.0019 0404 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
07:35:55.0019 0404 klmouflt - ok
07:35:55.0066 0404 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
07:35:55.0097 0404 KSecDD - ok
07:35:55.0175 0404 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:35:55.0222 0404 lltdio - ok
07:35:55.0331 0404 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
07:35:55.0346 0404 LSI_FC - ok
07:35:55.0409 0404 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
07:35:55.0440 0404 LSI_SAS - ok
07:35:55.0487 0404 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
07:35:55.0502 0404 LSI_SCSI - ok
07:35:55.0565 0404 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:35:55.0612 0404 luafv - ok
07:35:55.0721 0404 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys
07:35:55.0736 0404 MBAMSwissArmy - ok
07:35:55.0783 0404 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
07:35:55.0799 0404 megasas - ok
07:35:55.0846 0404 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
07:35:55.0877 0404 MegaSR - ok
07:35:55.0924 0404 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:35:55.0955 0404 Modem - ok
07:35:56.0064 0404 mohsccxr - ok
07:35:56.0111 0404 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:35:56.0158 0404 monitor - ok
07:35:56.0204 0404 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:35:56.0204 0404 mouclass - ok
07:35:56.0251 0404 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
07:35:56.0282 0404 mouhid - ok
07:35:56.0345 0404 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:35:56.0345 0404 MountMgr - ok
07:35:56.0438 0404 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
07:35:56.0454 0404 mpio - ok
07:35:56.0501 0404 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:35:56.0548 0404 mpsdrv - ok
07:35:56.0594 0404 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:35:56.0594 0404 Mraid35x - ok
07:35:56.0657 0404 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
07:35:56.0688 0404 MRxDAV - ok
07:35:56.0782 0404 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:35:56.0813 0404 mrxsmb - ok
07:35:56.0860 0404 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:35:56.0891 0404 mrxsmb10 - ok
07:35:56.0938 0404 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:35:56.0969 0404 mrxsmb20 - ok
07:35:57.0031 0404 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
07:35:57.0047 0404 msahci - ok
07:35:57.0125 0404 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
07:35:57.0140 0404 msdsm - ok
07:35:57.0203 0404 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:35:57.0234 0404 Msfs - ok
07:35:57.0265 0404 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:35:57.0281 0404 msisadrv - ok
07:35:57.0374 0404 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:35:57.0406 0404 MSKSSRV - ok
07:35:57.0515 0404 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:35:57.0546 0404 MSPCLOCK - ok
07:35:57.0593 0404 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:35:57.0608 0404 MSPQM - ok
07:35:57.0655 0404 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
07:35:57.0671 0404 MsRPC - ok
07:35:57.0733 0404 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:35:57.0733 0404 mssmbios - ok
07:35:57.0780 0404 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:35:57.0827 0404 MSTEE - ok
07:35:57.0905 0404 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
07:35:57.0920 0404 Mup - ok
07:35:57.0998 0404 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
07:35:58.0045 0404 NativeWifiP - ok
07:35:58.0154 0404 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
07:35:58.0186 0404 NDIS - ok
07:35:58.0248 0404 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:35:58.0295 0404 NdisTapi - ok
07:35:58.0342 0404 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:35:58.0373 0404 Ndisuio - ok
07:35:58.0404 0404 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
07:35:58.0435 0404 NdisWan - ok
07:35:58.0498 0404 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:35:58.0529 0404 NDProxy - ok
07:35:58.0622 0404 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:35:58.0654 0404 NetBIOS - ok
07:35:58.0716 0404 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
07:35:58.0763 0404 netbt - ok
07:35:58.0903 0404 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:35:58.0919 0404 nfrd960 - ok
07:35:58.0997 0404 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
07:35:59.0028 0404 Npfs - ok
07:35:59.0090 0404 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:35:59.0137 0404 nsiproxy - ok
07:35:59.0215 0404 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
07:35:59.0262 0404 Ntfs - ok
07:35:59.0356 0404 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:35:59.0418 0404 ntrigdigi - ok
07:35:59.0496 0404 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:35:59.0527 0404 Null - ok
07:35:59.0590 0404 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
07:35:59.0668 0404 NVENETFD - ok
07:35:59.0730 0404 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
07:35:59.0730 0404 nvraid - ok
07:35:59.0808 0404 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
07:35:59.0824 0404 nvstor - ok
07:35:59.0917 0404 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
07:35:59.0933 0404 nv_agp - ok
07:35:59.0964 0404 NwlnkFlt - ok
07:35:59.0995 0404 NwlnkFwd - ok
07:36:00.0026 0404 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
07:36:00.0073 0404 ohci1394 - ok
07:36:00.0167 0404 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:36:00.0229 0404 Parport - ok
07:36:00.0307 0404 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
07:36:00.0323 0404 partmgr - ok
07:36:00.0354 0404 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:36:00.0416 0404 Parvdm - ok
07:36:00.0463 0404 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
07:36:00.0479 0404 pci - ok
07:36:00.0557 0404 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
07:36:00.0557 0404 pciide - ok
07:36:00.0635 0404 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:36:00.0650 0404 pcmcia - ok
07:36:00.0728 0404 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:36:00.0806 0404 PEAUTH - ok
07:36:00.0931 0404 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:36:00.0978 0404 PptpMiniport - ok
07:36:01.0056 0404 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
07:36:01.0087 0404 Processor - ok
07:36:01.0150 0404 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
07:36:01.0196 0404 PSched - ok
07:36:01.0306 0404 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
07:36:01.0368 0404 ql2300 - ok
07:36:01.0493 0404 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:36:01.0508 0404 ql40xx - ok
07:36:01.0602 0404 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:36:01.0618 0404 QWAVEdrv - ok
07:36:01.0680 0404 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:36:01.0711 0404 RasAcd - ok
07:36:01.0742 0404 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:36:01.0789 0404 Rasl2tp - ok
07:36:01.0867 0404 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
07:36:01.0883 0404 RasPppoe - ok
07:36:01.0945 0404 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
07:36:01.0976 0404 RasSstp - ok
07:36:02.0086 0404 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
07:36:02.0132 0404 rdbss - ok
07:36:02.0210 0404 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:36:02.0257 0404 RDPCDD - ok
07:36:02.0320 0404 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
07:36:02.0351 0404 rdpdr - ok
07:36:02.0429 0404 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:36:02.0460 0404 RDPENCDD - ok
07:36:02.0522 0404 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
07:36:02.0554 0404 RDPWD - ok
07:36:02.0647 0404 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
07:36:02.0694 0404 rimmptsk - ok
07:36:02.0772 0404 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
07:36:02.0819 0404 rimsptsk - ok
07:36:02.0897 0404 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
07:36:02.0912 0404 rismxdp - ok
07:36:02.0975 0404 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:36:03.0006 0404 rspndr - ok
07:36:03.0131 0404 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
07:36:03.0162 0404 RTL8169 - ok
07:36:03.0209 0404 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:36:03.0224 0404 SASDIFSV - ok
07:36:03.0256 0404 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:36:03.0256 0404 SASKUTIL - ok
07:36:03.0349 0404 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:36:03.0365 0404 sbp2port - ok
07:36:03.0458 0404 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
07:36:03.0505 0404 sdbus - ok
07:36:03.0552 0404 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:36:03.0614 0404 secdrv - ok
07:36:03.0708 0404 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:36:03.0755 0404 Serenum - ok
07:36:03.0817 0404 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:36:03.0864 0404 Serial - ok
07:36:03.0926 0404 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:36:03.0973 0404 sermouse - ok
07:36:04.0082 0404 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
07:36:04.0098 0404 sffdisk - ok
07:36:04.0176 0404 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
07:36:04.0192 0404 sffp_mmc - ok
07:36:04.0254 0404 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:36:04.0285 0404 sffp_sd - ok
07:36:04.0316 0404 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:36:04.0379 0404 sfloppy - ok
07:36:04.0519 0404 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
07:36:04.0535 0404 sisagp - ok
07:36:04.0628 0404 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
07:36:04.0644 0404 SiSRaid2 - ok
07:36:04.0691 0404 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
07:36:04.0706 0404 SiSRaid4 - ok
07:36:04.0738 0404 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
07:36:04.0784 0404 Smb - ok
07:36:04.0894 0404 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
07:36:04.0987 0404 smserial - ok
07:36:05.0112 0404 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:36:05.0112 0404 spldr - ok
07:36:05.0221 0404 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
07:36:05.0252 0404 srv - ok
07:36:05.0284 0404 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
07:36:05.0315 0404 srv2 - ok
07:36:05.0408 0404 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
07:36:05.0440 0404 srvnet - ok
07:36:05.0549 0404 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:36:05.0549 0404 swenum - ok
07:36:05.0596 0404 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:36:05.0596 0404 Symc8xx - ok
07:36:05.0689 0404 SymIM - ok
07:36:05.0720 0404 SymIMMP - ok
07:36:05.0767 0404 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:36:05.0767 0404 Sym_hi - ok
07:36:05.0876 0404 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:36:05.0876 0404 Sym_u3 - ok
07:36:05.0939 0404 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
07:36:05.0954 0404 SynTP - ok
07:36:06.0079 0404 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
07:36:06.0126 0404 Tcpip - ok
07:36:06.0235 0404 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
07:36:06.0266 0404 Tcpip6 - ok
07:36:06.0360 0404 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
07:36:06.0391 0404 tcpipreg - ok
07:36:06.0485 0404 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:36:06.0516 0404 TDPIPE - ok
07:36:06.0594 0404 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:36:06.0610 0404 TDTCP - ok
07:36:06.0672 0404 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
07:36:06.0719 0404 tdx - ok
07:36:06.0766 0404 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
07:36:06.0781 0404 TermDD - ok
07:36:06.0844 0404 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:36:06.0890 0404 tssecsrv - ok
07:36:07.0000 0404 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:36:07.0031 0404 tunmp - ok
07:36:07.0078 0404 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
07:36:07.0093 0404 tunnel - ok
07:36:07.0156 0404 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
07:36:07.0171 0404 uagp35 - ok
07:36:07.0265 0404 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
07:36:07.0296 0404 udfs - ok
07:36:07.0358 0404 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
07:36:07.0358 0404 uliagpkx - ok
07:36:07.0405 0404 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
07:36:07.0421 0404 uliahci - ok
07:36:07.0499 0404 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:36:07.0499 0404 UlSata - ok
07:36:07.0608 0404 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:36:07.0608 0404 ulsata2 - ok
07:36:07.0655 0404 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:36:07.0702 0404 umbus - ok
07:36:07.0795 0404 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
07:36:07.0826 0404 USBAAPL - ok
07:36:07.0920 0404 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:36:07.0967 0404 usbccgp - ok
07:36:08.0014 0404 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:36:08.0092 0404 usbcir - ok
07:36:08.0154 0404 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
07:36:08.0185 0404 usbehci - ok
07:36:08.0263 0404 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
07:36:08.0294 0404 usbhub - ok
07:36:08.0341 0404 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
07:36:08.0357 0404 usbohci - ok
07:36:08.0435 0404 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
07:36:08.0466 0404 usbprint - ok
07:36:08.0544 0404 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:36:08.0591 0404 USBSTOR - ok
07:36:08.0716 0404 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:36:08.0747 0404 usbuhci - ok
07:36:08.0825 0404 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
07:36:08.0856 0404 usbvideo - ok
07:36:08.0965 0404 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
07:36:08.0996 0404 vga - ok
07:36:09.0074 0404 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:36:09.0121 0404 VgaSave - ok
07:36:09.0199 0404 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
07:36:09.0199 0404 viaagp - ok
07:36:09.0262 0404 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
07:36:09.0308 0404 ViaC7 - ok
07:36:09.0386 0404 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
07:36:09.0402 0404 viaide - ok
07:36:09.0464 0404 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:36:09.0464 0404 volmgr - ok
07:36:09.0527 0404 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
07:36:09.0542 0404 volmgrx - ok
07:36:09.0589 0404 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
07:36:09.0605 0404 volsnap - ok
07:36:09.0683 0404 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
07:36:09.0698 0404 vsmraid - ok
07:36:09.0761 0404 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:36:09.0808 0404 WacomPen - ok
07:36:09.0854 0404 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:36:09.0901 0404 Wanarp - ok
07:36:09.0901 0404 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:36:09.0917 0404 Wanarpv6 - ok
07:36:09.0995 0404 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
07:36:10.0010 0404 Wd - ok
07:36:10.0104 0404 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:36:10.0135 0404 Wdf01000 - ok
07:36:10.0276 0404 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
07:36:10.0354 0404 winachsf - ok
07:36:10.0478 0404 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:36:10.0494 0404 WmiAcpi - ok
07:36:10.0619 0404 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
07:36:10.0666 0404 WpdUsb - ok
07:36:10.0728 0404 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:36:10.0775 0404 ws2ifsl - ok
07:36:10.0900 0404 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:36:10.0946 0404 WUDFRd - ok
07:36:10.0978 0404 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
07:36:11.0071 0404 \Device\Harddisk0\DR0 - ok
07:36:11.0071 0404 Boot (0x1200) (e92ad985b9ae26bc57d4671c5224417c) \Device\Harddisk0\DR0\Partition0
07:36:11.0087 0404 \Device\Harddisk0\DR0\Partition0 - ok
07:36:11.0087 0404 Boot (0x1200) (02ae5c66999975532d619493468777f6) \Device\Harddisk0\DR0\Partition1
07:36:11.0087 0404 \Device\Harddisk0\DR0\Partition1 - ok
07:36:11.0087 0404 ============================================================
07:36:11.0087 0404 Scan finished
07:36:11.0087 0404 ============================================================
07:36:11.0102 1980 Detected object count: 1
07:36:11.0102 1980 Actual detected object count: 1
07:36:38.0418 1980 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
07:36:38.0418 1980 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:38:48.0054 1976 Deinitialize success

Here are the OTL logs:

OTL logfile created on: 12/15/2011 7:39:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\avee\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 82.74% Memory free
6.18 Gb Paging File | 5.88 Gb Available in Paging File | 95.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.18 Gb Total Space | 61.55 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS

Computer Name: AVEE-PC | User Name: avee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 07:31:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\avee\Desktop\OTL.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/21 06:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (intelusb3)
SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/04 14:09:34 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/03 15:47:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/10/08 15:40:20 | 001,794,048 | ---- | M] (Rudenko Software) [Auto | Stopped] -- C:\Program Files\RoboSoft4\RSDBServer.exe -- (RSDBServerService)
SRV - [2010/08/18 09:55:45 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/07/23 11:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/16 18:02:16 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/09/04 15:50:54 | 002,833,736 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV8)
SRV - [2008/08/18 17:55:56 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/07/29 10:26:38 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v5.3)
SRV - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/10/24 02:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/12/11 19:17:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/01/05 16:52:44 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/08/09 20:42:51 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/03 15:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/10/14 19:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 17:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/01 13:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/27 18:50:00 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/09/17 15:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/23 15:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 05:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 09 71 8A 01 EE 8B 3C 45 A2 AD D4 53 21 D8 D3 74 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 09 71 8A 01 EE 8B 3C 45 A2 AD D4 53 21 D8 D3 74 [binary data]

IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 09 71 8A 01 EE 8B 3C 45 A2 AD D4 53 21 D8 D3 74 [binary data]
IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/14 22:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 12:52:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 12:52:31 | 000,000,000 | ---D | M]

[2011/09/12 21:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avee\AppData\Roaming\Mozilla\Extensions
[2011/09/12 21:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avee\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/01/23 14:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avee\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/12/12 20:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions
[2010/08/15 21:00:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/29 22:06:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/14 19:50:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/02/06 21:33:44 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/12/11 22:22:57 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}
[2011/11/29 21:42:02 | 000,000,000 | ---D | M] (Google Global) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
[2011/12/08 11:19:04 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/12/05 21:39:31 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/10/02 15:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/31 11:59:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/29 13:47:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/08/10 05:50:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [852714285] C:\Users\avee\AppData\Local\Temp\nsm1802.tmp\twb9lbl.4wq (Microsoft Corporation)
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [JavaServiceBackup] rundll32.exe "C:\ProgramData\JavaServiceBackup.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5334A07-E3F8-4CDD-AFD3-42F706A5B784}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\System32\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 22:28:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 07:31:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\avee\Desktop\OTL.exe
[2011/12/15 07:29:08 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\avee\Desktop\tdsskiller.exe
[2011/12/13 16:20:01 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\olivia
[2011/12/12 19:51:21 | 000,000,000 | --SD | C] -- C:\sweet
[2011/12/12 17:29:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/12 17:29:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/12 17:29:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/12 17:28:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/11 19:16:24 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/05 20:43:31 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Local\Evernote
[2011/12/05 20:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2011/12/05 20:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2011/11/30 14:30:43 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\Optimization
[2011/11/29 14:49:17 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\ZennoPoster3
[2011/11/29 14:17:53 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\Web 2.0 list
[2011/11/28 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Article Rewriter Wizard
[2011/11/28 18:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Article Rewriter Wizard
[2011/11/28 18:13:10 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\Article Rewriter
[2011/11/27 18:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/11/27 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZennoLab
[2011/11/27 18:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phalanger 2.0
[2011/11/27 18:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\Phalanger 2.0
[2011/11/27 18:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ZennoLab
[2011/11/27 18:49:17 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\ZennoPosterDemoEN
[2011/11/27 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoogleSuggestor
[2011/11/25 22:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\3632D
[2011/11/25 22:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/25 22:21:37 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\3632D
[2011/11/25 22:21:01 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\32D36
[2011/11/25 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\qcSS22ibD3pn4aH
[2011/11/25 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\cYYYCeekIVrzNtA
[2011/11/25 22:20:36 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\G4aammH5sWJ7dLg
[2011/11/25 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\U444aamH6sW
[2011/11/25 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\NYYCCwkkIVr
[2011/11/22 17:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2011/11/21 23:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2011/11/21 23:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Antares Audio Technologies
[2011/11/21 23:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/11/21 23:31:12 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/11/21 23:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/11/21 23:30:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2011/11/21 23:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011/11/21 23:30:13 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011/11/21 23:30:06 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/11/21 23:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/11/21 23:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

========== Files - Modified Within 30 Days ==========

[2011/12/15 07:35:09 | 000,666,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/15 07:35:09 | 000,129,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/15 07:31:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\avee\Desktop\OTL.exe
[2011/12/15 07:30:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/15 07:29:22 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\avee\Desktop\tdsskiller.exe
[2011/12/13 16:56:12 | 000,001,456 | ---- | M] () -- C:\Users\avee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/13 13:38:18 | 240,465,197 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/13 12:59:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 12:59:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 19:22:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/11 19:57:27 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/11 19:48:43 | 000,054,272 | ---- | M] () -- C:\Users\avee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 19:17:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/11 19:06:21 | 000,000,680 | ---- | M] () -- C:\Users\avee\AppData\Local\d3d9caps.dat
[2011/12/10 18:57:38 | 000,001,508 | -HS- | M] () -- C:\Users\avee\AppData\Local\h2um14s4lg2ckn
[2011/12/10 18:57:38 | 000,001,508 | -HS- | M] () -- C:\ProgramData\h2um14s4lg2ckn
[2011/12/09 22:21:50 | 000,001,304 | -HS- | M] () -- C:\ProgramData\t6le76k8mp5pca
[2011/12/09 22:21:49 | 000,001,304 | -HS- | M] () -- C:\Users\avee\AppData\Local\t6le76k8mp5pca
[2011/12/06 10:14:51 | 000,000,725 | ---- | M] () -- C:\Users\avee\Application Data\Microsoft\Internet Explorer\Quick Launch\Evernote.lnk
[2011/12/05 20:49:18 | 000,000,892 | ---- | M] () -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/05 20:43:02 | 000,000,725 | ---- | M] () -- C:\Users\avee\Desktop\Evernote.lnk
[2011/12/02 14:23:22 | 000,004,353 | ---- | M] () -- C:\Users\avee\AppData\Roaming\SAS7_000.DAT
[2011/11/30 10:36:47 | 000,245,424 | ---- | M] () -- C:\Users\avee\Desktop\Rafael Alvarado Quote.PDF
[2011/11/29 20:39:11 | 000,003,072 | ---- | M] () -- C:\Users\avee\AppData\Roaming\ARW.settings
[2011/11/19 20:22:47 | 000,000,132 | ---- | M] () -- C:\Users\avee\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/16 11:39:26 | 000,060,304 | ---- | M] () -- C:\Users\avee\g2mdlhlpx.exe
[2011/11/16 09:05:43 | 000,100,702 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/11/16 09:05:43 | 000,000,195 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/11/16 08:51:16 | 005,626,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/12/13 16:56:12 | 000,001,456 | ---- | C] () -- C:\Users\avee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/12 17:29:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/12 17:29:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/12 17:29:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/12 17:29:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/12 17:29:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/11 19:06:21 | 000,000,680 | ---- | C] () -- C:\Users\avee\AppData\Local\d3d9caps.dat
[2011/12/10 18:56:38 | 000,001,508 | -HS- | C] () -- C:\Users\avee\AppData\Local\h2um14s4lg2ckn
[2011/12/10 18:56:38 | 000,001,508 | -HS- | C] () -- C:\ProgramData\h2um14s4lg2ckn
[2011/12/09 22:21:42 | 000,001,304 | -HS- | C] () -- C:\Users\avee\AppData\Local\t6le76k8mp5pca
[2011/12/09 22:21:42 | 000,001,304 | -HS- | C] () -- C:\ProgramData\t6le76k8mp5pca
[2011/12/06 10:14:51 | 000,000,725 | ---- | C] () -- C:\Users\avee\Application Data\Microsoft\Internet Explorer\Quick Launch\Evernote.lnk
[2011/12/05 20:49:18 | 000,000,892 | ---- | C] () -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/05 20:43:02 | 000,000,725 | ---- | C] () -- C:\Users\avee\Desktop\Evernote.lnk
[2011/11/30 10:36:46 | 000,245,424 | ---- | C] () -- C:\Users\avee\Desktop\Rafael Alvarado Quote.PDF
[2011/11/28 18:14:18 | 000,003,072 | ---- | C] () -- C:\Users\avee\AppData\Roaming\ARW.settings
[2011/11/22 17:10:23 | 000,000,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/11/16 09:05:43 | 000,100,702 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/11/16 09:05:43 | 000,000,195 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/10/13 15:49:12 | 000,014,458 | ---- | C] () -- C:\ProgramData\temp.xml
[2011/10/12 10:57:42 | 000,004,353 | ---- | C] () -- C:\Users\avee\AppData\Roaming\SAS7_000.DAT
[2011/08/18 12:35:23 | 000,000,132 | ---- | C] () -- C:\Users\avee\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/15 21:32:32 | 000,006,618 | -HS- | C] () -- C:\Users\avee\AppData\Local\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x
[2011/08/15 21:32:32 | 000,006,618 | -HS- | C] () -- C:\ProgramData\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x
[2011/08/15 11:37:53 | 000,000,021 | ---- | C] () -- C:\ProgramData\6253642a
[2011/08/04 14:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/07/23 23:00:12 | 000,001,476 | -HS- | C] () -- C:\Users\avee\AppData\Local\4275p655013i
[2011/07/23 23:00:12 | 000,001,476 | -HS- | C] () -- C:\ProgramData\4275p655013i
[2011/07/20 21:08:42 | 000,001,510 | -HS- | C] () -- C:\Users\avee\AppData\Local\2gj51l062541ns
[2011/07/20 21:08:42 | 000,001,510 | -HS- | C] () -- C:\ProgramData\2gj51l062541ns
[2011/07/20 21:08:15 | 000,002,148 | ---- | C] () -- C:\Users\avee\AppData\Roaming\FF2C.80F
[2011/05/28 18:24:47 | 000,001,592 | -HS- | C] () -- C:\Users\avee\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/28 18:24:47 | 000,001,592 | -HS- | C] () -- C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/24 09:35:47 | 000,139,264 | ---- | C] () -- C:\Windows\System32\VsPPG7.dll
[2011/05/24 09:35:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\Carcla40.dll
[2011/05/24 09:35:23 | 000,135,168 | ---- | C] () -- C:\Windows\System32\CT7pcg.dll
[2011/05/13 08:53:08 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/05/12 12:12:04 | 000,000,088 | -HS- | C] () -- C:\Users\avee\AppData\Roaming\ZPUQPMQDC8BKG5QST7A9QKXGJU
[2011/05/12 11:53:06 | 000,167,936 | ---- | C] () -- C:\Windows\System32\GBInf.dll
[2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\Users\avee\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/04/02 16:15:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\phpc.exe
[2011/03/10 09:40:26 | 000,089,796 | ---- | C] () -- C:\Windows\System32\prservermon.dll
[2011/02/14 11:29:09 | 000,000,136 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/05 16:52:44 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/01/05 16:01:23 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdduinst.exe
[2011/01/04 22:21:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/01/04 22:20:55 | 000,120,320 | ---- | C] () -- C:\Windows\System32\Ltpnt13n.dll
[2011/01/04 22:20:54 | 001,684,480 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll
[2010/12/16 12:14:19 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/10 23:01:11 | 006,814,952 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/11/10 23:01:11 | 000,017,771 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/11/04 22:04:47 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/08/19 07:16:12 | 000,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/08/15 21:33:27 | 000,024,575 | ---- | C] () -- C:\Windows\System32\Pwinapppiobas79.dat
[2010/08/15 21:30:21 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2010/08/15 21:30:20 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2010/08/15 21:30:19 | 000,113,556 | ---- | C] () -- C:\Windows\System32\winobj92v.dat
[2010/08/10 09:36:52 | 000,054,272 | ---- | C] () -- C:\Users\avee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 08:42:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/10 08:42:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/09 22:46:18 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/09 20:44:00 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/08/09 20:43:59 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/08/09 18:41:50 | 000,979,964 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/02/26 11:38:40 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2008/05/14 22:26:48 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/05/14 22:26:48 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/05/14 22:26:19 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/17 22:42:51 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/02/10 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/10 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/10 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/10 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/09/13 07:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 07:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 07:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/21 19:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 005,626,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,666,194 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,129,484 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/03/09 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E4A69413

< End of report >

Here are the Extras logs:

OTL Extras logfile created on: 12/15/2011 7:39:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\avee\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 82.74% Memory free
6.18 Gb Paging File | 5.88 Gb Available in Paging File | 95.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.18 Gb Total Space | 61.55 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS

Computer Name: AVEE-PC | User Name: avee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Common Files\Agilix\GoBinder\Binder.exe" = C:\Program Files\Common Files\Agilix\GoBinder\Binder.exe:127.0.0.1/255.255.255.255:Enabled:Agilix GoBinder -- (Agilix Labs, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EEC5C3-6767-4316-99C7-9198E38B89CA}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{1EAFEFA6-9DD0-461D-B44B-E7C1370DB67A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2A68392F-FAD8-48BF-9A18-B5EE2544D5AD}" = lport=8033 | protocol=17 | dir=in | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{83141FEC-667C-4C53-A97F-CFA5D8BF6A7A}" = rport=8034 | protocol=6 | dir=out | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{9057068E-A2B2-43B0-B556-E236B1AA7FD7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{97E13EA6-09B4-4C22-8C44-8FB9B3F1F895}" = lport=8033 | protocol=6 | dir=in | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{A4DA137A-4F0F-476D-8782-A377073EB796}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBFD5EDC-D4CA-45E2-A4CB-9043D9D23C94}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{F125BBD4-5930-43AC-AC04-1EA928D76BEE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9D58F6-A9EC-47ED-844B-0D6229DF993A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{24127E3C-363B-4F59-BA77-2D220175BFFC}" = protocol=6 | dir=in | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{39AF7455-015A-48F2-BA9F-33AB89B04836}" = dir=in | app=c:\program files\robosoft4\asbmworker.exe |
"{40F7CF35-0BCC-45BF-A48D-CBE5383E0F40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{467FB6F6-3963-43B9-8C8A-E7980C43A61B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{4730B7E6-61F5-4EC2-96F3-CF07E23D18BA}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4A96B39F-3C5E-4ED3-B4D9-912029DF5F71}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{50479435-E629-4ADD-A540-BFA8431481A3}" = dir=in | app=c:\program files\robosoft4\rsdbserver.exe |
"{50E85B62-97D2-4CB1-89E3-E9E26263F4C2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5659EA4D-D88E-4DE4-880A-6F8854BF2068}" = dir=out | app=c:\program files\robosoft4\robosoft.exe |
"{6D34922C-DE16-4212-AA71-76C6CC5A375B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7156BB90-59F8-4258-8140-31B906130DC0}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgrn10.exe |
"{73FA7F3E-2AF3-4E5C-9CCB-29AA33A39B6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{750F4831-CFD0-48EB-966A-31F4D4A6793B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{768A537A-972D-49F4-8207-3912CB0FBD6C}" = dir=out | app=c:\program files\robosoft4\rsdbserver.exe |
"{7DFF0B28-34DC-410E-AB6C-FEFFED43CABC}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe |
"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{825C22ED-844B-483E-9D15-B959D2165432}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8BC111A6-41B6-4DD6-A979-DF03620B7FE4}" = protocol=17 | dir=in | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{8CF86932-1B02-40F6-9C4D-BEDD9194FC73}" = dir=out | app=c:\program files\robosoft4\asbmworker.exe |
"{901D3557-0CF7-4C58-B51A-496B37B7B616}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{942BEC9E-0BFB-4547-8250-70063D9AB60C}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe |
"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A91C4F27-BD6C-4674-8847-A68274199BD1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BC7E47B6-9E6D-4DA7-A0D3-B8CCC6D51506}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbposdbservice.exe |
"{BE20D424-B869-437A-A9BC-6A7086DB705E}" = dir=in | app=c:\program files\robosoft4\robosoft.exe |
"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BEB2285F-5A71-4531-8301-3FD7537AE287}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C43B89FB-672D-414B-AA5E-5A4CAB9028B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CA752312-56AB-4CCF-AAD2-A7DE2EE31F25}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbposdbservice.exe |
"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D2E54EE8-2E1D-4D5C-A6BB-BD2695711679}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D76E86C4-E16B-450F-97EF-491BCFA27AC0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DBB8FEFD-B5B4-433B-97F3-3D0D045DA6AF}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgrn10.exe |
"{DDAD39B8-6CF8-4CBE-8632-0B41BEF906E2}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgr10.exe |
"{F24B2ECE-6F39-4C66-9131-ED39F024ADB4}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgr10.exe |
"{F4D54EC0-0B31-4D41-B702-F01D23D62E7D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FBE1E849-CC35-456D-A921-EEF67E251462}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD70B73F-1FD2-4086-887E-17DB85C7E509}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{47B08BBE-84F0-4F3C-B180-81397CEBCCA1}C:\program files\zennolab\zennoposter demo\progs\projectmaker.exe" = protocol=6 | dir=in | app=c:\program files\zennolab\zennoposter demo\progs\projectmaker.exe |
"TCP Query User{7A8188E6-39A3-4564-A832-030B1F375FDA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7DB38859-5463-44CC-BF5D-D567754CA6DC}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{84255516-EE4D-4DF0-B8F7-241FD9E61DB9}C:\users\avee\desktop\tinyumbrella-5.00.06.exe" = protocol=6 | dir=in | app=c:\users\avee\desktop\tinyumbrella-5.00.06.exe |
"TCP Query User{9E239B52-5BB7-464F-B824-5FE638535518}C:\program files\zennolab\zennoposter demo\progs\instance.exe" = protocol=6 | dir=in | app=c:\program files\zennolab\zennoposter demo\progs\instance.exe |
"TCP Query User{AE6F52BC-7063-47F2-8D10-688E18A723CB}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{EB34A0AB-E8F4-4CA9-9CD9-12E7811A6410}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{FE6C5E85-F280-4DDF-8E5E-B934342FCC95}C:\program files\clicpic\clicpic.exe" = protocol=6 | dir=in | app=c:\program files\clicpic\clicpic.exe |
"UDP Query User{090C9E11-953E-413F-9B0F-DB19C7F7C9CE}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{25057D16-44B8-430B-8F89-97F3BFE3F466}C:\program files\zennolab\zennoposter demo\progs\projectmaker.exe" = protocol=17 | dir=in | app=c:\program files\zennolab\zennoposter demo\progs\projectmaker.exe |
"UDP Query User{33E217A4-4259-4D87-B9D9-32BB621477FB}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{570DE626-2FC2-4A0D-91EA-271519F3539A}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{5D5486F5-7A57-40A9-9701-7E859B85BCD9}C:\users\avee\desktop\tinyumbrella-5.00.06.exe" = protocol=17 | dir=in | app=c:\users\avee\desktop\tinyumbrella-5.00.06.exe |
"UDP Query User{612CECE6-AE4B-4848-85E8-D8AE71AFBF05}C:\program files\zennolab\zennoposter demo\progs\instance.exe" = protocol=17 | dir=in | app=c:\program files\zennolab\zennoposter demo\progs\instance.exe |
"UDP Query User{7393A05E-998F-4964-AE3A-34165626155F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EF9DE9FC-5C66-47FF-9D26-C91D46E58DC1}C:\program files\clicpic\clicpic.exe" = protocol=17 | dir=in | app=c:\program files\clicpic\clicpic.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00626135-E60A-4550-9503-4F50C6C9B8BB}" = Google AdWords Editor
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A425-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Retail Edition 2010
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12320CFA-B512-4385-0E4C-9B209F5EC9E6}" = Domain Samurai
"{1453ED8B-A6BD-4CC1-8497-2F53EE82ED5B}" = QuickBooks Point of Sale 8.0
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178C213C-FAB7-4B35-A7A7-7787CD181092}" = SEO Link Builder
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A0F2A6-4DAF-4FE4-9A64-4DAE0D9287B1}" = Phalanger 2.0 (April 2011)
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{27040F24-7260-4BCE-B45F-E19B40970EEE}" = PE-DESIGN Ver.7
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 5.5.1
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EA3BC74-FF7B-41B2-B7C2-2C57DC3E6746}" = Simply Invoice V2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{756003A6-9141-8951-A89F-1B0D41BFD710}" = Market Samurai
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8C66D6A0-5882-4C93-AADF-6B85EE8E0B81}" = Article Rewriter Wizard
"{8C9324D7-F37F-C4E4-8FAE-E9C99EB95EC4}" = Easy Lead Finder
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9629C88B-66A7-4EB3-84E4-D2847F683DDA}_is1" = Magic Submitter version 1.33
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A531FA0F-D3BC-4DB9-ACF9-8BE647FE39D2}" = Sick Submitter
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB84E88F-89CA-4002-A6F4-422C2C8CB1F8}" = CutStudio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C438FF68-F2F2-4322-A8C4-A66721795B73}" = One-click FLAC to MP3 Converter
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C7ED6550-4A80-49FF-B2E5-D541BD14819A}" = DTG RIP Pro V04
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D71D57E0-11FB-4D6F-9930-95214AF70DBB}" = CT-S300 x32 v157
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.1.47
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F909ABFA-D0BF-4B9F-881C-518D7DF039E5}" = FranklinCovey PlanPlus for Windows
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"AIM_6" = AIM 6
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"BitTorrent" = BitTorrent
"Bokeh" = Alien Skin Bokeh
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Setup" = DivX Setup
"DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
"EasyLeadFinder" = Easy Lead Finder
"Efficient To-Do List_is1" = Efficient To-Do List 1.05
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"FastManager Q" = FastManager Q
"FileZilla Client" = FileZilla Client 3.3.5.1
"FL Studio 8" = FL Studio 8
"Google Updater" = Google Updater
"Graphics Converter Pro 2009 for Vector" = Graphics Converter Pro 2009 for Vector
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"Inspiration 9" = Inspiration 9
"Inspiration 9 PDF Driver_is1" = Inspiration 9 PDF Driver (novaPDF 7.0 printer)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"InstantInvoice 3_is1" = InstantInvoice 3
"Jigs@w Puzzle Promo Creator_is1" = Jigs@w Puzzle Promo Creator 2.1
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"MemoriesOnWeb_is1" = MemoriesOnWeb 3.1.7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"NVIDIA Drivers" = NVIDIA Drivers
"PAD Submit Worker_is1" = PAD SubmitWorker 1.1
"PIXresizer_is1" = PIXresizer 2.0.4
"PoiZone" = PoiZone
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"QuickArticlePro 3 .0" = QuickArticlePro 3 .0
"Replay Video Capture3.1B" = Replay Video Capture
"RoboSoft 4_is1" = RoboSoft 4.0
"SENuke_is1" = 6.89
"seopowersuite" = Rank Tracker
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Stealth Keyword Competition Analyzer_is1" = Stealth Keyword Competition Analyzer 2.0
"Swiff Player_is1" = Swiff Player 1.7.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TheBestSpinner3" = TheBestSpinner3
"Toxic Biohazard" = Toxic Biohazard
"Traffic Travis_is1" = Traffic Travis 3.3.8
"TVWiz" = Intel® TV Wizard
"VLC media player" = VLC media player 1.1.7
"Windows Grep_is1" = Windows Grep 2.3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"065b42c809538e1c" = SENukeUpdate
"8b70d735ffaad424" = GoogleSuggestor
"GoToMeeting" = GoToMeeting 5.0.0.799
"ZennoPoster Demo" = ZennoPoster Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2011 11:51:20 PM | Computer Name = avee-pc | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2011 11:51:26 PM | Computer Name = avee-pc | Source = System Restore | ID = 8193
Description =

Error - 12/12/2011 11:51:49 PM | Computer Name = avee-pc | Source = WinMgmt | ID = 10
Description =

Error - 12/13/2011 12:14:42 AM | Computer Name = avee-pc | Source = EventSystem | ID = 4609
Description =

Error - 12/13/2011 12:15:19 AM | Computer Name = avee-pc | Source = WinMgmt | ID = 10
Description =

Error - 12/13/2011 2:22:39 AM | Computer Name = avee-pc | Source = EventSystem | ID = 4609
Description =

Error - 12/13/2011 2:23:27 AM | Computer Name = avee-pc | Source = WinMgmt | ID = 10
Description =

Error - 12/13/2011 2:54:30 AM | Computer Name = avee-pc | Source = Perflib | ID = 1008
Description =

Error - 12/13/2011 2:54:30 AM | Computer Name = avee-pc | Source = Perflib | ID = 1010
Description =

Error - 12/13/2011 2:54:31 AM | Computer Name = avee-pc | Source = PerfNet | ID = 2004
Description =

[ System Events ]
Error - 3/11/2011 2:46:22 PM | Computer Name = avee-pc | Source = DCOM | ID = 10000
Description =

Error - 3/11/2011 2:48:32 PM | Computer Name = avee-pc | Source = HTTP | ID = 15016
Description =

Error - 3/11/2011 2:50:05 PM | Computer Name = avee-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 3/11/2011 2:50:05 PM | Computer Name = avee-pc | Source = Service Control Manager | ID = 7034
Description =

Error - 3/11/2011 3:59:24 PM | Computer Name = avee-pc | Source = Service Control Manager | ID = 7011
Description =

Error - 3/11/2011 7:45:06 PM | Computer Name = avee-pc | Source = Application Popup | ID = 262200
Description = Driver USB returned invalid ID for a child device (GUWOGJWOA671M1GQ6P3G).

Error - 3/12/2011 1:39:48 AM | Computer Name = avee-pc | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.127 for the Network Card with network
address 00210018DE57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/14/2011 9:31:02 PM | Computer Name = avee-pc | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.198 for the Network Card with network
address 00210018DE57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/18/2011 2:50:59 PM | Computer Name = avee-pc | Source = HTTP | ID = 15016
Description =

Error - 3/19/2011 12:57:49 PM | Computer Name = avee-pc | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.198 for the Network Card with network
address 00210018DE57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 PM

Posted 16 December 2011 - 02:03 AM

Hi fairhaven73!

Looks like we have some work to do.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2011/12/11 22:22:57 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [852714285] C:\Users\avee\AppData\Local\Temp\nsm1802.tmp\twb9lbl.4wq (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [JavaServiceBackup] rundll32.exe "C:\ProgramData\JavaServiceBackup.dll",DllRegisterServer File not found
    [2011/11/25 22:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\3632D
    [2011/11/25 22:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\LP
    [2011/11/25 22:21:37 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\3632D
    [2011/11/25 22:21:01 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\32D36
    [2011/11/25 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\qcSS22ibD3pn4aH
    [2011/11/25 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\cYYYCeekIVrzNtA
    [2011/11/25 22:20:36 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\G4aammH5sWJ7dLg
    [2011/11/25 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\U444aamH6sW
    [2011/11/25 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\NYYCCwkkIVr
    [2011/12/10 18:57:38 | 000,001,508 | -HS- | M] () -- C:\Users\avee\AppData\Local\h2um14s4lg2ckn
    [2011/12/10 18:57:38 | 000,001,508 | -HS- | M] () -- C:\ProgramData\h2um14s4lg2ckn
    [2011/12/09 22:21:50 | 000,001,304 | -HS- | M] () -- C:\ProgramData\t6le76k8mp5pca
    [2011/12/09 22:21:49 | 000,001,304 | -HS- | M] () -- C:\Users\avee\AppData\Local\t6le76k8mp5pca
    [2011/11/16 09:05:43 | 000,100,702 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
    [2011/11/16 09:05:43 | 000,000,195 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
    [2011/12/10 18:56:38 | 000,001,508 | -HS- | C] () -- C:\Users\avee\AppData\Local\h2um14s4lg2ckn
    [2011/12/10 18:56:38 | 000,001,508 | -HS- | C] () -- C:\ProgramData\h2um14s4lg2ckn
    [2011/12/09 22:21:42 | 000,001,304 | -HS- | C] () -- C:\Users\avee\AppData\Local\t6le76k8mp5pca
    [2011/12/09 22:21:42 | 000,001,304 | -HS- | C] () -- C:\ProgramData\t6le76k8mp5pca
    [2011/11/16 09:05:43 | 000,100,702 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
    [2011/11/16 09:05:43 | 000,000,195 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
    [2011/10/13 15:49:12 | 000,014,458 | ---- | C] () -- C:\ProgramData\temp.xml
    [2011/07/23 23:00:12 | 000,001,476 | -HS- | C] () -- C:\Users\avee\AppData\Local\4275p655013i
    [2011/07/23 23:00:12 | 000,001,476 | -HS- | C] () -- C:\ProgramData\4275p655013i
    [2011/07/20 21:08:42 | 000,001,510 | -HS- | C] () -- C:\Users\avee\AppData\Local\2gj51l062541ns
    [2011/07/20 21:08:42 | 000,001,510 | -HS- | C] () -- C:\ProgramData\2gj51l062541ns
    [2011/07/20 21:08:15 | 000,002,148 | ---- | C] () -- C:\Users\avee\AppData\Roaming\FF2C.80F
    [2011/05/28 18:24:47 | 000,001,592 | -HS- | C] () -- C:\Users\avee\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u
    [2011/05/28 18:24:47 | 000,001,592 | -HS- | C] () -- C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u
    [2011/08/15 21:32:32 | 000,006,618 | -HS- | C] () -- C:\Users\avee\AppData\Local\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x
    [2011/08/15 21:32:32 | 000,006,618 | -HS- | C] () -- C:\ProgramData\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x
    [2011/08/15 11:37:53 | 000,000,021 | ---- | C] () -- C:\ProgramData\6253642a
    [2011/05/12 12:12:04 | 000,000,088 | -HS- | C] () -- C:\Users\avee\AppData\Roaming\ZPUQPMQDC8BKG5QST7A9QKXGJU
    [2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\Users\avee\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\Users\avee\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    @Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E4A69413
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 fairhaven73

fairhaven73
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 16 December 2011 - 03:24 AM

Here's the new OTL log:

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}\defaults\preferences folder moved successfully.
C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}\defaults folder moved successfully.
C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}\chrome folder moved successfully.
C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Microsoft\Windows\CurrentVersion\Run\\852714285 deleted successfully.
C:\Users\avee\AppData\Local\temp\nsm1802.tmp\twb9lbl.4wq moved successfully.
Registry value HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Microsoft\Windows\CurrentVersion\Run\\JavaServiceBackup deleted successfully.
C:\Program Files\3632D folder moved successfully.
C:\Program Files\LP\5C83 folder moved successfully.
C:\Program Files\LP folder moved successfully.
C:\Users\avee\AppData\Roaming\3632D folder moved successfully.
C:\Users\avee\AppData\Roaming\32D36 folder moved successfully.
C:\Users\avee\AppData\Roaming\qcSS22ibD3pn4aH folder moved successfully.
C:\Users\avee\AppData\Roaming\cYYYCeekIVrzNtA folder moved successfully.
C:\Users\avee\AppData\Roaming\G4aammH5sWJ7dLg folder moved successfully.
C:\Users\avee\AppData\Roaming\U444aamH6sW folder moved successfully.
C:\Users\avee\AppData\Roaming\NYYCCwkkIVr folder moved successfully.
C:\Users\avee\AppData\Local\h2um14s4lg2ckn moved successfully.
C:\ProgramData\h2um14s4lg2ckn moved successfully.
C:\ProgramData\t6le76k8mp5pca moved successfully.
C:\Users\avee\AppData\Local\t6le76k8mp5pca moved successfully.
C:\WINDOWS\System32\itusbcore.dat moved successfully.
C:\WINDOWS\System32\itlsvc.dat moved successfully.
File C:\Users\avee\AppData\Local\h2um14s4lg2ckn not found.
File C:\ProgramData\h2um14s4lg2ckn not found.
File C:\Users\avee\AppData\Local\t6le76k8mp5pca not found.
File C:\ProgramData\t6le76k8mp5pca not found.
File C:\Windows\System32\itusbcore.dat not found.
File C:\Windows\System32\itlsvc.dat not found.
C:\ProgramData\temp.xml moved successfully.
C:\Users\avee\AppData\Local\4275p655013i moved successfully.
C:\ProgramData\4275p655013i moved successfully.
C:\Users\avee\AppData\Local\2gj51l062541ns moved successfully.
C:\ProgramData\2gj51l062541ns moved successfully.
C:\Users\avee\AppData\Roaming\FF2C.80F moved successfully.
C:\Users\avee\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u moved successfully.
C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u moved successfully.
C:\Users\avee\AppData\Local\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x moved successfully.
C:\ProgramData\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x moved successfully.
C:\ProgramData\6253642a moved successfully.
C:\Users\avee\AppData\Roaming\ZPUQPMQDC8BKG5QST7A9QKXGJU moved successfully.
C:\Users\avee\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 moved successfully.
C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 moved successfully.
File C:\Users\avee\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 not found.
File C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 not found.
ADS C:\WINDOWS:nlsPreferences deleted successfully.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:E4A69413 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\avee\Desktop\cmd.bat deleted successfully.
C:\Users\avee\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\avee\Desktop\cmd.bat deleted successfully.
C:\Users\avee\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYFLASH]

User: All Users

User: avee
->Flash cache emptied: 154258 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: QBPOSDBSrvUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12152011_234846


Now for the Second part


I downloaded Combofix. Ran it.
It created Restore point and all that.
And then the blue screen came where it says it may take more than
10 minutes for heavily infected machines. And then nothing happened.
It didn't show any stage completion. Just blue screen with blinking cursor.

So I manually closed it. And when I restarted the computer, I get error message.
And the computer shuts down. I've attached the jpeg of the error message.

Attached Files



#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 PM

Posted 16 December 2011 - 04:55 AM

Is that message still displaying whenever you boot up your computer now?

If so, lets try booting up using Last Known Good Configuration.

Last Known Good Configuration

Start the computer by using the last known good configuration. To start the computer by using the last known good configuration, follow these steps:

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Last Known Good Configuration
  • Then press the Enter Key on your Keyboard
  • Go into your usual account


If you're able to boot up successfully now, please attempt to run a scan with ComboFix again, and see if it will run successfully for you now.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 fairhaven73

fairhaven73
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 16 December 2011 - 12:21 PM

I tried that last known good configuration but the problem exists.
And I also tried to run combofix in Safe mode with networking.
Combofix did the same thing. It froze.

And in the C drive I see the combofix file icon even though it was saved to desktop.

Is there a way to get rid of this error?

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 PM

Posted 17 December 2011 - 02:49 AM

Hi!

Sorry to hear that! So you're able to boot into Safe Mode with Networking without any issues of the BSOD appearing? Would you be able to run a new OTL scan for me and post the contents of the log files? I'll provide instructions below? Also, you wouldn't happen to have a Windows Vista disc, would you?


Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 fairhaven73

fairhaven73
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 17 December 2011 - 03:16 AM

Here are the OTL logs

OTL logfile created on: 12/15/2011 7:39:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\avee\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 82.74% Memory free
6.18 Gb Paging File | 5.88 Gb Available in Paging File | 95.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.18 Gb Total Space | 61.55 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS

Computer Name: AVEE-PC | User Name: avee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 07:31:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\avee\Desktop\OTL.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/21 06:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (intelusb3)
SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/04 14:09:34 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/03 15:47:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/10/08 15:40:20 | 001,794,048 | ---- | M] (Rudenko Software) [Auto | Stopped] -- C:\Program Files\RoboSoft4\RSDBServer.exe -- (RSDBServerService)
SRV - [2010/08/18 09:55:45 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/07/23 11:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/16 18:02:16 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/09/04 15:50:54 | 002,833,736 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV8)
SRV - [2008/08/18 17:55:56 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/07/29 10:26:38 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v5.3)
SRV - [2008/07/17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/10/24 02:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/12/11 19:17:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/01/05 16:52:44 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/08/09 20:42:51 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/03 15:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/10/14 19:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 17:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/01 13:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/27 18:50:00 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/09/17 15:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/23 15:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 05:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 09 71 8A 01 EE 8B 3C 45 A2 AD D4 53 21 D8 D3 74 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 09 71 8A 01 EE 8B 3C 45 A2 AD D4 53 21 D8 D3 74 [binary data]

IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 09 71 8A 01 EE 8B 3C 45 A2 AD D4 53 21 D8 D3 74 [binary data]
IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/14 22:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 12:52:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 12:52:31 | 000,000,000 | ---D | M]

[2011/09/12 21:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avee\AppData\Roaming\Mozilla\Extensions
[2011/09/12 21:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avee\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/01/23 14:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avee\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/12/12 20:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions
[2010/08/15 21:00:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/29 22:06:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/14 19:50:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/02/06 21:33:44 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/12/11 22:22:57 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}
[2011/11/29 21:42:02 | 000,000,000 | ---D | M] (Google Global) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
[2011/12/08 11:19:04 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/12/05 21:39:31 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/10/02 15:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/31 11:59:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/29 13:47:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/08/10 05:50:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [852714285] C:\Users\avee\AppData\Local\Temp\nsm1802.tmp\twb9lbl.4wq (Microsoft Corporation)
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [JavaServiceBackup] rundll32.exe "C:\ProgramData\JavaServiceBackup.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5334A07-E3F8-4CDD-AFD3-42F706A5B784}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\System32\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 22:28:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 07:31:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\avee\Desktop\OTL.exe
[2011/12/15 07:29:08 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\avee\Desktop\tdsskiller.exe
[2011/12/13 16:20:01 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\olivia
[2011/12/12 19:51:21 | 000,000,000 | --SD | C] -- C:\sweet
[2011/12/12 17:29:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/12 17:29:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/12 17:29:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/12 17:28:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/11 19:16:24 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/05 20:43:31 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Local\Evernote
[2011/12/05 20:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2011/12/05 20:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2011/11/30 14:30:43 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\Optimization
[2011/11/29 14:49:17 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\ZennoPoster3
[2011/11/29 14:17:53 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\Web 2.0 list
[2011/11/28 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Article Rewriter Wizard
[2011/11/28 18:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Article Rewriter Wizard
[2011/11/28 18:13:10 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\Article Rewriter
[2011/11/27 18:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/11/27 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZennoLab
[2011/11/27 18:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phalanger 2.0
[2011/11/27 18:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\Phalanger 2.0
[2011/11/27 18:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ZennoLab
[2011/11/27 18:49:17 | 000,000,000 | ---D | C] -- C:\Users\avee\Desktop\ZennoPosterDemoEN
[2011/11/27 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoogleSuggestor
[2011/11/25 22:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\3632D
[2011/11/25 22:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/25 22:21:37 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\3632D
[2011/11/25 22:21:01 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\32D36
[2011/11/25 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\qcSS22ibD3pn4aH
[2011/11/25 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\cYYYCeekIVrzNtA
[2011/11/25 22:20:36 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\G4aammH5sWJ7dLg
[2011/11/25 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\U444aamH6sW
[2011/11/25 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\NYYCCwkkIVr
[2011/11/22 17:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2011/11/21 23:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2011/11/21 23:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Antares Audio Technologies
[2011/11/21 23:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/11/21 23:31:12 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/11/21 23:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/11/21 23:30:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2011/11/21 23:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011/11/21 23:30:13 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011/11/21 23:30:06 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/11/21 23:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/11/21 23:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

========== Files - Modified Within 30 Days ==========

[2011/12/15 07:35:09 | 000,666,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/15 07:35:09 | 000,129,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/15 07:31:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\avee\Desktop\OTL.exe
[2011/12/15 07:30:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/15 07:29:22 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\avee\Desktop\tdsskiller.exe
[2011/12/13 16:56:12 | 000,001,456 | ---- | M] () -- C:\Users\avee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/13 13:38:18 | 240,465,197 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/13 12:59:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 12:59:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 19:22:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/11 19:57:27 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/11 19:48:43 | 000,054,272 | ---- | M] () -- C:\Users\avee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 19:17:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/11 19:06:21 | 000,000,680 | ---- | M] () -- C:\Users\avee\AppData\Local\d3d9caps.dat
[2011/12/10 18:57:38 | 000,001,508 | -HS- | M] () -- C:\Users\avee\AppData\Local\h2um14s4lg2ckn
[2011/12/10 18:57:38 | 000,001,508 | -HS- | M] () -- C:\ProgramData\h2um14s4lg2ckn
[2011/12/09 22:21:50 | 000,001,304 | -HS- | M] () -- C:\ProgramData\t6le76k8mp5pca
[2011/12/09 22:21:49 | 000,001,304 | -HS- | M] () -- C:\Users\avee\AppData\Local\t6le76k8mp5pca
[2011/12/06 10:14:51 | 000,000,725 | ---- | M] () -- C:\Users\avee\Application Data\Microsoft\Internet Explorer\Quick Launch\Evernote.lnk
[2011/12/05 20:49:18 | 000,000,892 | ---- | M] () -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/05 20:43:02 | 000,000,725 | ---- | M] () -- C:\Users\avee\Desktop\Evernote.lnk
[2011/12/02 14:23:22 | 000,004,353 | ---- | M] () -- C:\Users\avee\AppData\Roaming\SAS7_000.DAT
[2011/11/30 10:36:47 | 000,245,424 | ---- | M] () -- C:\Users\avee\Desktop\Rafael Alvarado Quote.PDF
[2011/11/29 20:39:11 | 000,003,072 | ---- | M] () -- C:\Users\avee\AppData\Roaming\ARW.settings
[2011/11/19 20:22:47 | 000,000,132 | ---- | M] () -- C:\Users\avee\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/16 11:39:26 | 000,060,304 | ---- | M] () -- C:\Users\avee\g2mdlhlpx.exe
[2011/11/16 09:05:43 | 000,100,702 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/11/16 09:05:43 | 000,000,195 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/11/16 08:51:16 | 005,626,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/12/13 16:56:12 | 000,001,456 | ---- | C] () -- C:\Users\avee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/12 17:29:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/12 17:29:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/12 17:29:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/12 17:29:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/12 17:29:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/11 19:06:21 | 000,000,680 | ---- | C] () -- C:\Users\avee\AppData\Local\d3d9caps.dat
[2011/12/10 18:56:38 | 000,001,508 | -HS- | C] () -- C:\Users\avee\AppData\Local\h2um14s4lg2ckn
[2011/12/10 18:56:38 | 000,001,508 | -HS- | C] () -- C:\ProgramData\h2um14s4lg2ckn
[2011/12/09 22:21:42 | 000,001,304 | -HS- | C] () -- C:\Users\avee\AppData\Local\t6le76k8mp5pca
[2011/12/09 22:21:42 | 000,001,304 | -HS- | C] () -- C:\ProgramData\t6le76k8mp5pca
[2011/12/06 10:14:51 | 000,000,725 | ---- | C] () -- C:\Users\avee\Application Data\Microsoft\Internet Explorer\Quick Launch\Evernote.lnk
[2011/12/05 20:49:18 | 000,000,892 | ---- | C] () -- C:\Users\avee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/05 20:43:02 | 000,000,725 | ---- | C] () -- C:\Users\avee\Desktop\Evernote.lnk
[2011/11/30 10:36:46 | 000,245,424 | ---- | C] () -- C:\Users\avee\Desktop\Rafael Alvarado Quote.PDF
[2011/11/28 18:14:18 | 000,003,072 | ---- | C] () -- C:\Users\avee\AppData\Roaming\ARW.settings
[2011/11/22 17:10:23 | 000,000,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/11/16 09:05:43 | 000,100,702 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/11/16 09:05:43 | 000,000,195 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/10/13 15:49:12 | 000,014,458 | ---- | C] () -- C:\ProgramData\temp.xml
[2011/10/12 10:57:42 | 000,004,353 | ---- | C] () -- C:\Users\avee\AppData\Roaming\SAS7_000.DAT
[2011/08/18 12:35:23 | 000,000,132 | ---- | C] () -- C:\Users\avee\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/15 21:32:32 | 000,006,618 | -HS- | C] () -- C:\Users\avee\AppData\Local\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x
[2011/08/15 21:32:32 | 000,006,618 | -HS- | C] () -- C:\ProgramData\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x
[2011/08/15 11:37:53 | 000,000,021 | ---- | C] () -- C:\ProgramData\6253642a
[2011/08/04 14:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/07/23 23:00:12 | 000,001,476 | -HS- | C] () -- C:\Users\avee\AppData\Local\4275p655013i
[2011/07/23 23:00:12 | 000,001,476 | -HS- | C] () -- C:\ProgramData\4275p655013i
[2011/07/20 21:08:42 | 000,001,510 | -HS- | C] () -- C:\Users\avee\AppData\Local\2gj51l062541ns
[2011/07/20 21:08:42 | 000,001,510 | -HS- | C] () -- C:\ProgramData\2gj51l062541ns
[2011/07/20 21:08:15 | 000,002,148 | ---- | C] () -- C:\Users\avee\AppData\Roaming\FF2C.80F
[2011/05/28 18:24:47 | 000,001,592 | -HS- | C] () -- C:\Users\avee\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/28 18:24:47 | 000,001,592 | -HS- | C] () -- C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u
[2011/05/24 09:35:47 | 000,139,264 | ---- | C] () -- C:\Windows\System32\VsPPG7.dll
[2011/05/24 09:35:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\Carcla40.dll
[2011/05/24 09:35:23 | 000,135,168 | ---- | C] () -- C:\Windows\System32\CT7pcg.dll
[2011/05/13 08:53:08 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/05/12 12:12:04 | 000,000,088 | -HS- | C] () -- C:\Users\avee\AppData\Roaming\ZPUQPMQDC8BKG5QST7A9QKXGJU
[2011/05/12 11:53:06 | 000,167,936 | ---- | C] () -- C:\Windows\System32\GBInf.dll
[2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\Users\avee\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/04/02 16:15:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\phpc.exe
[2011/03/10 09:40:26 | 000,089,796 | ---- | C] () -- C:\Windows\System32\prservermon.dll
[2011/02/14 11:29:09 | 000,000,136 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/05 16:52:44 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/01/05 16:01:23 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdduinst.exe
[2011/01/04 22:21:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/01/04 22:20:55 | 000,120,320 | ---- | C] () -- C:\Windows\System32\Ltpnt13n.dll
[2011/01/04 22:20:54 | 001,684,480 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll
[2010/12/16 12:14:19 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/10 23:01:11 | 006,814,952 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/11/10 23:01:11 | 000,017,771 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/11/04 22:04:47 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/08/19 07:16:12 | 000,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/08/15 21:33:27 | 000,024,575 | ---- | C] () -- C:\Windows\System32\Pwinapppiobas79.dat
[2010/08/15 21:30:21 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2010/08/15 21:30:20 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2010/08/15 21:30:19 | 000,113,556 | ---- | C] () -- C:\Windows\System32\winobj92v.dat
[2010/08/10 09:36:52 | 000,054,272 | ---- | C] () -- C:\Users\avee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 08:42:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/10 08:42:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/09 22:46:18 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/09 20:44:00 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/08/09 20:43:59 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/08/09 18:41:50 | 000,979,964 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/02/26 11:38:40 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2008/05/14 22:26:48 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/05/14 22:26:48 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/05/14 22:26:19 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/17 22:42:51 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/02/10 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/10 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/10 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/10 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/09/13 07:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 07:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 07:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/21 19:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 005,626,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,666,194 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,129,484 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2006/03/09 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E4A69413

< End of report >

Here are the Extras Logs

OTL Extras logfile created on: 12/15/2011 7:39:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\avee\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 82.74% Memory free
6.18 Gb Paging File | 5.88 Gb Available in Paging File | 95.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.18 Gb Total Space | 61.55 Gb Free Space | 27.83% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS

Computer Name: AVEE-PC | User Name: avee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Common Files\Agilix\GoBinder\Binder.exe" = C:\Program Files\Common Files\Agilix\GoBinder\Binder.exe:127.0.0.1/255.255.255.255:Enabled:Agilix GoBinder -- (Agilix Labs, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EEC5C3-6767-4316-99C7-9198E38B89CA}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{1EAFEFA6-9DD0-461D-B44B-E7C1370DB67A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2A68392F-FAD8-48BF-9A18-B5EE2544D5AD}" = lport=8033 | protocol=17 | dir=in | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{83141FEC-667C-4C53-A97F-CFA5D8BF6A7A}" = rport=8034 | protocol=6 | dir=out | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{9057068E-A2B2-43B0-B556-E236B1AA7FD7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{97E13EA6-09B4-4C22-8C44-8FB9B3F1F895}" = lport=8033 | protocol=6 | dir=in | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{A4DA137A-4F0F-476D-8782-A377073EB796}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBFD5EDC-D4CA-45E2-A4CB-9043D9D23C94}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{F125BBD4-5930-43AC-AC04-1EA928D76BEE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9D58F6-A9EC-47ED-844B-0D6229DF993A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{24127E3C-363B-4F59-BA77-2D220175BFFC}" = protocol=6 | dir=in | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{39AF7455-015A-48F2-BA9F-33AB89B04836}" = dir=in | app=c:\program files\robosoft4\asbmworker.exe |
"{40F7CF35-0BCC-45BF-A48D-CBE5383E0F40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{467FB6F6-3963-43B9-8C8A-E7980C43A61B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{4730B7E6-61F5-4EC2-96F3-CF07E23D18BA}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4A96B39F-3C5E-4ED3-B4D9-912029DF5F71}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{50479435-E629-4ADD-A540-BFA8431481A3}" = dir=in | app=c:\program files\robosoft4\rsdbserver.exe |
"{50E85B62-97D2-4CB1-89E3-E9E26263F4C2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5659EA4D-D88E-4DE4-880A-6F8854BF2068}" = dir=out | app=c:\program files\robosoft4\robosoft.exe |
"{6D34922C-DE16-4212-AA71-76C6CC5A375B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7156BB90-59F8-4258-8140-31B906130DC0}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgrn10.exe |
"{73FA7F3E-2AF3-4E5C-9CCB-29AA33A39B6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{750F4831-CFD0-48EB-966A-31F4D4A6793B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{768A537A-972D-49F4-8207-3912CB0FBD6C}" = dir=out | app=c:\program files\robosoft4\rsdbserver.exe |
"{7DFF0B28-34DC-410E-AB6C-FEFFED43CABC}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe |
"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{825C22ED-844B-483E-9D15-B959D2165432}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8BC111A6-41B6-4DD6-A979-DF03620B7FE4}" = protocol=17 | dir=in | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe |
"{8CF86932-1B02-40F6-9C4D-BEDD9194FC73}" = dir=out | app=c:\program files\robosoft4\asbmworker.exe |
"{901D3557-0CF7-4C58-B51A-496B37B7B616}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{942BEC9E-0BFB-4547-8250-70063D9AB60C}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe |
"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A91C4F27-BD6C-4674-8847-A68274199BD1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BC7E47B6-9E6D-4DA7-A0D3-B8CCC6D51506}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbposdbservice.exe |
"{BE20D424-B869-437A-A9BC-6A7086DB705E}" = dir=in | app=c:\program files\robosoft4\robosoft.exe |
"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BEB2285F-5A71-4531-8301-3FD7537AE287}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C43B89FB-672D-414B-AA5E-5A4CAB9028B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CA752312-56AB-4CCF-AAD2-A7DE2EE31F25}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbposdbservice.exe |
"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D2E54EE8-2E1D-4D5C-A6BB-BD2695711679}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D76E86C4-E16B-450F-97EF-491BCFA27AC0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DBB8FEFD-B5B4-433B-97F3-3D0D045DA6AF}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgrn10.exe |
"{DDAD39B8-6CF8-4CBE-8632-0B41BEF906E2}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgr10.exe |
"{F24B2ECE-6F39-4C66-9131-ED39F024ADB4}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgr10.exe |
"{F4D54EC0-0B31-4D41-B702-F01D23D62E7D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FBE1E849-CC35-456D-A921-EEF67E251462}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD70B73F-1FD2-4086-887E-17DB85C7E509}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{47B08BBE-84F0-4F3C-B180-81397CEBCCA1}C:\program files\zennolab\zennoposter demo\progs\projectmaker.exe" = protocol=6 | dir=in | app=c:\program files\zennolab\zennoposter demo\progs\projectmaker.exe |
"TCP Query User{7A8188E6-39A3-4564-A832-030B1F375FDA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7DB38859-5463-44CC-BF5D-D567754CA6DC}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{84255516-EE4D-4DF0-B8F7-241FD9E61DB9}C:\users\avee\desktop\tinyumbrella-5.00.06.exe" = protocol=6 | dir=in | app=c:\users\avee\desktop\tinyumbrella-5.00.06.exe |
"TCP Query User{9E239B52-5BB7-464F-B824-5FE638535518}C:\program files\zennolab\zennoposter demo\progs\instance.exe" = protocol=6 | dir=in | app=c:\program files\zennolab\zennoposter demo\progs\instance.exe |
"TCP Query User{AE6F52BC-7063-47F2-8D10-688E18A723CB}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{EB34A0AB-E8F4-4CA9-9CD9-12E7811A6410}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{FE6C5E85-F280-4DDF-8E5E-B934342FCC95}C:\program files\clicpic\clicpic.exe" = protocol=6 | dir=in | app=c:\program files\clicpic\clicpic.exe |
"UDP Query User{090C9E11-953E-413F-9B0F-DB19C7F7C9CE}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{25057D16-44B8-430B-8F89-97F3BFE3F466}C:\program files\zennolab\zennoposter demo\progs\projectmaker.exe" = protocol=17 | dir=in | app=c:\program files\zennolab\zennoposter demo\progs\projectmaker.exe |
"UDP Query User{33E217A4-4259-4D87-B9D9-32BB621477FB}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{570DE626-2FC2-4A0D-91EA-271519F3539A}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{5D5486F5-7A57-40A9-9701-7E859B85BCD9}C:\users\avee\desktop\tinyumbrella-5.00.06.exe" = protocol=17 | dir=in | app=c:\users\avee\desktop\tinyumbrella-5.00.06.exe |
"UDP Query User{612CECE6-AE4B-4848-85E8-D8AE71AFBF05}C:\program files\zennolab\zennoposter demo\progs\instance.exe" = protocol=17 | dir=in | app=c:\program files\zennolab\zennoposter demo\progs\instance.exe |
"UDP Query User{7393A05E-998F-4964-AE3A-34165626155F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EF9DE9FC-5C66-47FF-9D26-C91D46E58DC1}C:\program files\clicpic\clicpic.exe" = protocol=17 | dir=in | app=c:\program files\clicpic\clicpic.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00626135-E60A-4550-9503-4F50C6C9B8BB}" = Google AdWords Editor
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A425-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Retail Edition 2010
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12320CFA-B512-4385-0E4C-9B209F5EC9E6}" = Domain Samurai
"{1453ED8B-A6BD-4CC1-8497-2F53EE82ED5B}" = QuickBooks Point of Sale 8.0
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178C213C-FAB7-4B35-A7A7-7787CD181092}" = SEO Link Builder
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A0F2A6-4DAF-4FE4-9A64-4DAE0D9287B1}" = Phalanger 2.0 (April 2011)
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{27040F24-7260-4BCE-B45F-E19B40970EEE}" = PE-DESIGN Ver.7
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 5.5.1
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EA3BC74-FF7B-41B2-B7C2-2C57DC3E6746}" = Simply Invoice V2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{756003A6-9141-8951-A89F-1B0D41BFD710}" = Market Samurai
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8C66D6A0-5882-4C93-AADF-6B85EE8E0B81}" = Article Rewriter Wizard
"{8C9324D7-F37F-C4E4-8FAE-E9C99EB95EC4}" = Easy Lead Finder
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9629C88B-66A7-4EB3-84E4-D2847F683DDA}_is1" = Magic Submitter version 1.33
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A531FA0F-D3BC-4DB9-ACF9-8BE647FE39D2}" = Sick Submitter
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB84E88F-89CA-4002-A6F4-422C2C8CB1F8}" = CutStudio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C438FF68-F2F2-4322-A8C4-A66721795B73}" = One-click FLAC to MP3 Converter
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C7ED6550-4A80-49FF-B2E5-D541BD14819A}" = DTG RIP Pro V04
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D71D57E0-11FB-4D6F-9930-95214AF70DBB}" = CT-S300 x32 v157
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.1.47
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F909ABFA-D0BF-4B9F-881C-518D7DF039E5}" = FranklinCovey PlanPlus for Windows
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"AIM_6" = AIM 6
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"BitTorrent" = BitTorrent
"Bokeh" = Alien Skin Bokeh
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Setup" = DivX Setup
"DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
"EasyLeadFinder" = Easy Lead Finder
"Efficient To-Do List_is1" = Efficient To-Do List 1.05
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"FastManager Q" = FastManager Q
"FileZilla Client" = FileZilla Client 3.3.5.1
"FL Studio 8" = FL Studio 8
"Google Updater" = Google Updater
"Graphics Converter Pro 2009 for Vector" = Graphics Converter Pro 2009 for Vector
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"Inspiration 9" = Inspiration 9
"Inspiration 9 PDF Driver_is1" = Inspiration 9 PDF Driver (novaPDF 7.0 printer)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"InstantInvoice 3_is1" = InstantInvoice 3
"Jigs@w Puzzle Promo Creator_is1" = Jigs@w Puzzle Promo Creator 2.1
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"MemoriesOnWeb_is1" = MemoriesOnWeb 3.1.7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"NVIDIA Drivers" = NVIDIA Drivers
"PAD Submit Worker_is1" = PAD SubmitWorker 1.1
"PIXresizer_is1" = PIXresizer 2.0.4
"PoiZone" = PoiZone
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"QuickArticlePro 3 .0" = QuickArticlePro 3 .0
"Replay Video Capture3.1B" = Replay Video Capture
"RoboSoft 4_is1" = RoboSoft 4.0
"SENuke_is1" = 6.89
"seopowersuite" = Rank Tracker
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Stealth Keyword Competition Analyzer_is1" = Stealth Keyword Competition Analyzer 2.0
"Swiff Player_is1" = Swiff Player 1.7.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TheBestSpinner3" = TheBestSpinner3
"Toxic Biohazard" = Toxic Biohazard
"Traffic Travis_is1" = Traffic Travis 3.3.8
"TVWiz" = Intel® TV Wizard
"VLC media player" = VLC media player 1.1.7
"Windows Grep_is1" = Windows Grep 2.3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"065b42c809538e1c" = SENukeUpdate
"8b70d735ffaad424" = GoogleSuggestor
"GoToMeeting" = GoToMeeting 5.0.0.799
"ZennoPoster Demo" = ZennoPoster Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2011 11:51:20 PM | Computer Name = avee-pc | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2011 11:51:26 PM | Computer Name = avee-pc | Source = System Restore | ID = 8193
Description =

Error - 12/12/2011 11:51:49 PM | Computer Name = avee-pc | Source = WinMgmt | ID = 10
Description =

Error - 12/13/2011 12:14:42 AM | Computer Name = avee-pc | Source = EventSystem | ID = 4609
Description =

Error - 12/13/2011 12:15:19 AM | Computer Name = avee-pc | Source = WinMgmt | ID = 10
Description =

Error - 12/13/2011 2:22:39 AM | Computer Name = avee-pc | Source = EventSystem | ID = 4609
Description =

Error - 12/13/2011 2:23:27 AM | Computer Name = avee-pc | Source = WinMgmt | ID = 10
Description =

Error - 12/13/2011 2:54:30 AM | Computer Name = avee-pc | Source = Perflib | ID = 1008
Description =

Error - 12/13/2011 2:54:30 AM | Computer Name = avee-pc | Source = Perflib | ID = 1010
Description =

Error - 12/13/2011 2:54:31 AM | Computer Name = avee-pc | Source = PerfNet | ID = 2004
Description =

[ System Events ]
Error - 3/11/2011 2:46:22 PM | Computer Name = avee-pc | Source = DCOM | ID = 10000
Description =

Error - 3/11/2011 2:48:32 PM | Computer Name = avee-pc | Source = HTTP | ID = 15016
Description =

Error - 3/11/2011 2:50:05 PM | Computer Name = avee-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 3/11/2011 2:50:05 PM | Computer Name = avee-pc | Source = Service Control Manager | ID = 7034
Description =

Error - 3/11/2011 3:59:24 PM | Computer Name = avee-pc | Source = Service Control Manager | ID = 7011
Description =

Error - 3/11/2011 7:45:06 PM | Computer Name = avee-pc | Source = Application Popup | ID = 262200
Description = Driver USB returned invalid ID for a child device (GUWOGJWOA671M1GQ6P3G).

Error - 3/12/2011 1:39:48 AM | Computer Name = avee-pc | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.127 for the Network Card with network
address 00210018DE57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/14/2011 9:31:02 PM | Computer Name = avee-pc | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.198 for the Network Card with network
address 00210018DE57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/18/2011 2:50:59 PM | Computer Name = avee-pc | Source = HTTP | ID = 15016
Description =

Error - 3/19/2011 12:57:49 PM | Computer Name = avee-pc | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.198 for the Network Card with network
address 00210018DE57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Yes I'm able to run in Safe Mode in Networking. But the wireless isn't working.
So I'm using a different computer to get online.

I don't have Vista CD, but the laptop came with backup on the D drive.
Do I need to reinstall vista? Does that require complete format of C drive?
Or can I just get away with reinstalling vista without having to put all the data back
again from scratch?

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 PM

Posted 17 December 2011 - 03:36 AM

Hi!

Okay, I asked if you had a Windows disc, as I was thinking of having you try something with it, but you don't have the disc, so we probably aren't going to be able to do that.

Could you try and rename ComboFix (click on ComboFix file and press F2) type in svchost and hit enter.

Then try and run it and see if it will run for you.

From what I can see in your logs your infected pretty badly and i'm trying to get ComboFix to run and do it's thing. What about trying to run MBAM and see if that is able to remove anything and enable you to run CF?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 fairhaven73

fairhaven73
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 17 December 2011 - 03:57 AM

Ok I ran MBAM and nothing came up.
And I renamed combofix to svchost.exe.
And then ran it. But still the same issue.
It won't go beyond 10 minutes to scan thing.
Just a blinking cursor.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 PM

Posted 18 December 2011 - 03:06 AM

Hi!

Please run the following OTL fix. Can you also run a scan with Kaspersky and see what that turns up?

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2011/12/11 22:22:57 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}
    [2010/12/31 11:59:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/08/29 13:47:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [852714285] C:\Users\avee\AppData\Local\Temp\nsm1802.tmp\twb9lbl.4wq (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000..\Run: [JavaServiceBackup] rundll32.exe "C:\ProgramData\JavaServiceBackup.dll",DllRegisterServer File not found
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    [2011/11/25 22:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\3632D
    [2011/11/25 22:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\LP
    [2011/11/25 22:21:37 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\3632D
    [2011/11/25 22:21:01 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\32D36
    [2011/11/25 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\qcSS22ibD3pn4aH
    [2011/11/25 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\cYYYCeekIVrzNtA
    [2011/11/25 22:20:36 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\G4aammH5sWJ7dLg
    [2011/11/25 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\U444aamH6sW
    [2011/11/25 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\avee\AppData\Roaming\NYYCCwkkIVr
    [2011/12/10 18:57:38 | 000,001,508 | -HS- | M] () -- C:\Users\avee\AppData\Local\h2um14s4lg2ckn
    [2011/12/10 18:57:38 | 000,001,508 | -HS- | M] () -- C:\ProgramData\h2um14s4lg2ckn
    [2011/12/09 22:21:50 | 000,001,304 | -HS- | M] () -- C:\ProgramData\t6le76k8mp5pca
    [2011/12/09 22:21:49 | 000,001,304 | -HS- | M] () -- C:\Users\avee\AppData\Local\t6le76k8mp5pca
    [2011/11/16 09:05:43 | 000,100,702 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
    [2011/11/16 09:05:43 | 000,000,195 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
    [2011/12/10 18:56:38 | 000,001,508 | -HS- | C] () -- C:\Users\avee\AppData\Local\h2um14s4lg2ckn
    [2011/12/10 18:56:38 | 000,001,508 | -HS- | C] () -- C:\ProgramData\h2um14s4lg2ckn
    [2011/12/09 22:21:42 | 000,001,304 | -HS- | C] () -- C:\Users\avee\AppData\Local\t6le76k8mp5pca
    [2011/12/09 22:21:42 | 000,001,304 | -HS- | C] () -- C:\ProgramData\t6le76k8mp5pca
    [2011/11/16 09:05:43 | 000,100,702 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
    [2011/11/16 09:05:43 | 000,000,195 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
    [2011/10/13 15:49:12 | 000,014,458 | ---- | C] () -- C:\ProgramData\temp.xml
    [2011/08/15 21:32:32 | 000,006,618 | -HS- | C] () -- C:\Users\avee\AppData\Local\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x
    [2011/08/15 21:32:32 | 000,006,618 | -HS- | C] () -- C:\ProgramData\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x
    [2011/08/15 11:37:53 | 000,000,021 | ---- | C] () -- C:\ProgramData\6253642a
    [2011/07/23 23:00:12 | 000,001,476 | -HS- | C] () -- C:\Users\avee\AppData\Local\4275p655013i
    [2011/07/23 23:00:12 | 000,001,476 | -HS- | C] () -- C:\ProgramData\4275p655013i
    [2011/07/20 21:08:42 | 000,001,510 | -HS- | C] () -- C:\Users\avee\AppData\Local\2gj51l062541ns
    [2011/07/20 21:08:42 | 000,001,510 | -HS- | C] () -- C:\ProgramData\2gj51l062541ns
    [2011/07/20 21:08:15 | 000,002,148 | ---- | C] () -- C:\Users\avee\AppData\Roaming\FF2C.80F
    [2011/05/28 18:24:47 | 000,001,592 | -HS- | C] () -- C:\Users\avee\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u
    [2011/05/28 18:24:47 | 000,001,592 | -HS- | C] () -- C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u
    [2011/05/24 09:35:47 | 000,139,264 | ---- | C] () -- C:\Windows\System32\VsPPG7.dll
    [2011/05/24 09:35:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\Carcla40.dll
    [2011/05/24 09:35:23 | 000,135,168 | ---- | C] () -- C:\Windows\System32\CT7pcg.dll
    [2011/05/12 12:12:04 | 000,000,088 | -HS- | C] () -- C:\Users\avee\AppData\Roaming\ZPUQPMQDC8BKG5QST7A9QKXGJU
    [2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\Users\avee\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/11 17:48:20 | 000,011,712 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2010/08/15 21:33:27 | 000,024,575 | ---- | C] () -- C:\Windows\System32\Pwinapppiobas79.dat
    @Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E4A69413
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 fairhaven73

fairhaven73
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 18 December 2011 - 03:59 AM

Here's the log created by OTL fix

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Folder C:\Users\avee\AppData\Roaming\Mozilla\Firefox\Profiles\apjbponv.default\extensions\{8797bab4-d681-4a92-bc76-38b7f4e2ad6e}\ not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Microsoft\Windows\CurrentVersion\Run\\852714285 not found.
File C:\Users\avee\AppData\Local\Temp\nsm1802.tmp\twb9lbl.4wq not found.
Registry value HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Microsoft\Windows\CurrentVersion\Run\\JavaServiceBackup not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2342338095-699275130-3009004412-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files\3632D\ not found.
Folder C:\Program Files\LP\ not found.
Folder C:\Users\avee\AppData\Roaming\3632D\ not found.
Folder C:\Users\avee\AppData\Roaming\32D36\ not found.
Folder C:\Users\avee\AppData\Roaming\qcSS22ibD3pn4aH\ not found.
Folder C:\Users\avee\AppData\Roaming\cYYYCeekIVrzNtA\ not found.
Folder C:\Users\avee\AppData\Roaming\G4aammH5sWJ7dLg\ not found.
Folder C:\Users\avee\AppData\Roaming\U444aamH6sW\ not found.
Folder C:\Users\avee\AppData\Roaming\NYYCCwkkIVr\ not found.
File C:\Users\avee\AppData\Local\h2um14s4lg2ckn not found.
File C:\ProgramData\h2um14s4lg2ckn not found.
File C:\ProgramData\t6le76k8mp5pca not found.
File C:\Users\avee\AppData\Local\t6le76k8mp5pca not found.
File C:\Windows\System32\itusbcore.dat not found.
File C:\Windows\System32\itlsvc.dat not found.
File C:\Users\avee\AppData\Local\h2um14s4lg2ckn not found.
File C:\ProgramData\h2um14s4lg2ckn not found.
File C:\Users\avee\AppData\Local\t6le76k8mp5pca not found.
File C:\ProgramData\t6le76k8mp5pca not found.
File C:\Windows\System32\itusbcore.dat not found.
File C:\Windows\System32\itlsvc.dat not found.
File C:\ProgramData\temp.xml not found.
File C:\Users\avee\AppData\Local\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x not found.
File C:\ProgramData\68gf14dnb87o13iv20c882wt7g78afrt0v70dy4nsmj4x not found.
File C:\ProgramData\6253642a not found.
File C:\Users\avee\AppData\Local\4275p655013i not found.
File C:\ProgramData\4275p655013i not found.
File C:\Users\avee\AppData\Local\2gj51l062541ns not found.
File C:\ProgramData\2gj51l062541ns not found.
File C:\Users\avee\AppData\Roaming\FF2C.80F not found.
File C:\Users\avee\AppData\Local\245337r41f060nm5sc34053da45p08wb8sf13d412u not found.
File C:\ProgramData\245337r41f060nm5sc34053da45p08wb8sf13d412u not found.
C:\WINDOWS\System32\VsPPG7.dll moved successfully.
C:\WINDOWS\System32\Carcla40.dll moved successfully.
C:\WINDOWS\System32\CT7pcg.dll moved successfully.
File C:\Users\avee\AppData\Roaming\ZPUQPMQDC8BKG5QST7A9QKXGJU not found.
File C:\Users\avee\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 not found.
File C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 not found.
C:\WINDOWS\System32\Pwinapppiobas79.dat moved successfully.
ADS C:\WINDOWS:nlsPreferences deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:0FF263E8 .
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:E4A69413 .
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\avee\Desktop\cmd.bat deleted successfully.
C:\Users\avee\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\avee\Desktop\cmd.bat deleted successfully.
C:\Users\avee\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: avee
->Temp folder emptied: 811813567 bytes
->Temporary Internet Files folder emptied: 67451367 bytes
->Java cache emptied: 636355 bytes
->FireFox cache emptied: 39782843 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: QBPOSDBSrvUser
->Temp folder emptied: 139264 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84443504 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 958.00 mb


[EMPTYFLASH]

User: All Users

User: avee
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: QBPOSDBSrvUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12182011_005108

I don't have updated version of Kaspersky. So I cannot run it properly.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 PM

Posted 18 December 2011 - 04:18 AM

Hi!

Please run the following;


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 fairhaven73

fairhaven73
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 19 December 2011 - 03:17 AM

Here are the MBAM logs:
It didn't catch anything.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8354

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.19048

12/18/2011 11:40:17 PM
mbam-log-2011-12-18 (23-40-17).txt

Scan type: Quick scan
Objects scanned: 208238
Time elapsed: 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Is there a way to fix the BSOD.
Is it because of unfinished combofix?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users